Login   |   Secure Purdue > News

Phishing Emails Threatening Internet Service Disconnection Carry Virus

==OVERVIEW==
This email has been reported by numerous users of Purdue email systems. In some cases it has been reported that the .exe file contained in the zip file attachment named "user-EA49943X-activities.zip" has propagated automatically to c:\temp\escan\user-EA49943X-activities.zip\user-EA49943X-activities.exe where a virus scanner had flagged its presence. It is unknown by what mechanism this file was unzipped as none of the users reported clicking on or opening the email.

==SYSTEMS AFFECTED++
Microsoft Windows Machines

==DETAILS==
Micrsoft Outlook seems to flagging the message as Junk by default in most cases. On machines running up-to-date McAfee VirusScan, the malicious content
was purged from the zip file and replaced with a warning message. The body of the email is as follows:

--------
Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights
of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were
originating from

You can check the report of your activities in the past 6 month that we
have attached. We strongly advise you to stop your activities regarding
the illegal downloading of copyrighted material of your internet access
will be suspended.

Sincerely
ICS Monitoring Team
--------

==SOLUTIONS==

Users should immediately delete any emails with a subject similar to "Your internet access is going to get suspended" without opening the email. Users have reported infection by the virus without taking any action to open the attachment in Microsoft Outlook. If opened, the attachment is saved as a temporary file on the user's
machine.

Posted by Brett Davis on September 17, 2008, in Advisory Alerts.