I have had a couple of clients send on emails they have recieved with what seems to be a reasonably well crafted email describing an upcoming mail system upgrade.

The key thing is there is a link given to click on that in one email was direct to an executable file, assumed by me to be a file carrying either a virus or trojan program.

Another email had a link to a page on a website. (Which could easily redirect to a file download)

As with other emails of simialr technical nature, thsi one tries to talk in enough tech language to try and come across as legitimate.

Here is a transcript

From: System [mailto:System@clientsite.co.nz] Sent: Tuesday, 20 October 2009 12:20 PM
To: validemail@
clientsite.co.nz
Subject: Attention – Mail system upgrade

Attention!

On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.

The changes will concern security, reliability and performance of mail service and the system as a whole.

For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.

This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.clientsite.co.nz.secure.certificates-db.com/ssl/id=7721494943-validemail@clientsite.co.nz-patch6559.exe

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

Another one, similar

—– Original Message —– From: “administrator” <administrator@clientsite.co.nz>
To: <validemail@clientsite.co.nz>
Sent: Tuesday, October 20, 2009 1:56 AM
Subject: Read carefully:Mail System Upgrade

Attention!

On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.clientsite.co.nz.secure.certificates-db.net/ssl/id=798545139-validemail@clientsite.co.nz-patch2066228.aspx

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

(urls changed)

It seems like some anti-spam has already picked this up, but if you see an email like this beware


One thought on “New Email Threat – Mail Upgrade Virus

Leave a Reply

Your email address will not be published. Required fields are marked *