12 Nov Spike in virus infected emails – take extra care
We’ve seen a sharp increase today in new virus variants getting through to email users due to the speed at which they’re evolving to avoid detection.
Identical messages can arrive sometimes minutes apart but already containing different variants of the virus, making it a game of cat and mouse for the security vendors to keep up.
The fake Amazon order confirmation complete with suspicious-looking ZIP file is the one we’ve heard a lot of reports about but I should stress these emails change by the minute so it’s worth just thinking twice before you click links or open anything resembling an attachment.
I think I might have an infected file, what should I do?
I recommend your first step to check whether the file is actually infected, is to check whether it’s known about by any of the leading antivirus vendors.
A good place to do this is on the Virus Total website
If you’re using an Alt-N product, so MDaemon Messaging Server or SecurityGateway for Exchange, you’ll be using either ClamAV or Kaspersky, or perhaps both dependent upon which plug-ins you’ve purchased.
We obviously hope that as a result you won’t be seeing any of these, we think those engines are particularly good, however it is possible given the speed at which these threats change.
In the unlikely event you do suspect you’ve received an infected email or ‘false negative’ as they’re know, please alert Alt-N Technologies by sending a copy of the entire email to email@example.com
We would also recommend that you contact the relevant AV provider directly by using the following procedures:
Visit the ClamAV ‘Submit Malware’ page here, fill in the form and upload a copy of the suspicious file you have received.
Step 1: Put the suspected virus in a new password-protected zip or rar file
(we recommend 7zip to do this)
Step 2: Compose an email message with a short description and attach the zip file.
Step 3: Include the password in the body/subject of the email.
Step 4: Send the zip/rar file to firstname.lastname@example.org
I think my server is probably unprotected, what should I do?
If you don’t currently have adequate security protection for your MDaemon or Exchange server, you may wish to download the free 30-day trials of the SecurityPlus plug-in or SecurityGateway and ProtectionPlus respectively.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –