virus alert

[Clow]

I received an email from fastmail saying they detected a virus but I think it is a virus. It is poorly worded and threatens to close my account. It has a suspicious fastmail. management.net address which i will not click on. Is this from fast mail??

[David]

No It's not. I advise to not click on any links.

[n5bb]

Welcome to the EMD Forums, Clow!

As David says, that's obviously a fake message, and if you follow any links your computer may get infected with malware. A real virus notification message would look similar to the following:

• From: postmaster@messagingengine.com
• Subject: Infected file rejected
• Message body starts with:
  We have just discarded a message because it tested as positive to a virus. The message details are:
• If you examine the full headers (More > Show Raw Message), all Received headers show only Fastmail owned servers. The last Received header in the list (which is actually the first Received which happened, since the headers are added at the top in reverse order) has no from, since the virus notification message was internally generated and so was not received from any external server.

Bill

[dwd]

I too received the following Virus Alert email while at work. Stupidly I opened and acted before checking on here. Although all my systems are Mac's and i have changed my passwords, as well as deleted the offending item, what more can i do to re-protect myself......or is the damage done ?

============

Fastmail Admin
6:25 AM (5 hours ago)
to Hide details
Spam

From:
Fastmail Admin <ratawat@cscoms.com>
To:

Subject:
WARNING: Virus Alert!!!
Date:
Wednesday, January 15, 2014 6:25 AM
Size:
3 KB

Dear Fastmail User,

During our Yearly routine mail service checking a DXVK Virus was detected in
your Fastmail Email ID which might cause damage to your important files in your
Fastmail mailbox, you are to click the link below for Scan


http://www.fastmail.management.net.tf/


and login to enable us terminated the spread of this virus, failure to comply will
led to termination/closing of your Fastmail ID from Database system. To enable
to stop you from spreading the virus to others Fastmail Internet Mail user.

Your Fastmail Email ID will be disable in the next 48hours, failure to comply .


Fastmail Admin

[jdtaylor]

That looks like a SCAM do not visit the website, please delete it but also bring it to the atttention of the Fastmail support team so they can look into shutting the linked website down.

[n5bb]

There are now two EMD Forums threads concerning this latest issue. I have already alerted Fastmail staff. It's 4 AM in Melbourne right now, so it might be a while before they are awake to handle this.

Bill

[William9]

Quote:

Originally Posted by dwd

I too received the following Virus Alert email while at work. Stupidly I opened and acted before checking on here. Although all my systems are Mac's and i have changed my passwords, as well as deleted the offending item, what more can i do to re-protect myself......or is the damage done ?

Since you acted on this, I would say that the least you could do is change your password at the real Fastmail website. Someone may know the name of this virus and whether it can infect Mac's or not.

[n5bb]

You might also want to get antivirus software for your Mac. They are not immune to viruses:
So You Think Macs Don't Have Malware? Think Again

Bill

[webdesign101]

I guess its still making the rounds. I just got this today...

From: onlineservice@fastmail.com
To: undisclosed-recipients: <>
Subject: Attention Fastmail User
Date: Friday, March 21, 2014 9:06 AM
Size: 3 KB

ATTENTION FASTMAIL USER

Virus Notification

A DGTFX Virus has been detected in your Terraworld.net mail folders.
Your email account has to be upgraded to our new Secured DGTFX anti-virus 2014 version to prevent damages to our web mail login and to your important files. Click on the link and Fill the columns below and send back to us the required information for upgrade or your email account will be terminated to avoid spread of the virus.

Click here: https://yeah-right-i-just-fell-off-a-turnip-truck.com

Thank you for your Cooperation
© 2014 Fastmail Web Service.
--------------------

You should always mouse over any link you receive to see where it comes from. I'd recommend fastmail do what I do for my internet clients contact forms, and include the IP address of the sender so that the country code is easy to look up. That way if it originates in Nigeria, you won't feel like some rube that just fell off a turnip truck by clicking on it..

[janusz]

Quote:

Originally Posted by webdesign101

You should always mouse over any link you receive to see where it comes from. I'd recommend fastmail do what I do for my internet clients contact forms, and include the IP address of the sender.

Tell us how hovering over any link shows the IP address....

[n5bb]

Quote:

Originally Posted by webdesign101

... I'd recommend fastmail do what I do for my internet clients contact forms, and include the IP address of the sender so that the country code is easy to look up. That way if it originates in Nigeria, you won't feel like some rube that just fell off a turnip truck by clicking on it..

In the Advanced>Preferences screen you can add Extra headers to the display. You can then click Show details to see the extra headers, or set Settings>Theme to Classic and you will always see those extra headers when reading a message.

The X-Spam-source header shows the following:

• IP address and host name and apparent country of the server which connected to Fastmail.
• From header and envelope From top-level domains (such as 'com' or 'net').

I always look at X-Spam-source in this manner to verify the source. You can also create Sieve rules to filter based on the apparent country of the server connecting to Fastmail.

Another trick is to sign up for services (such as banks and news sources) with custom subdomain addresses. If you used joecitizen @ fastmail.fm as the alias, you can create subdomain addresses such as news @ joecitizen.fastmail.fm or bankname @ joecitizen.fastmail.fm. So if you get an email supposedly from your bank, you can tell that they sent it (or they had a security breach), since you only give that one subdomain address to the online bank website setup screen. This only uses up one of your aliases, no matter how many subdomain addresses you create. If you create a "bankname" folder, the bank messages will be automatically delivered to the bankname folder by default.

Bill

[webdesign101]

Quote:

Originally Posted by janusz

Tell us how hovering over any link shows the IP address....

Nice Catch. I meant, URL of the link not IP address. For example, mouse over the link in my above post and you should see (https://yeah-right-i-just-fell-off-a-turnip-truck.com) the URL in the bottom left corner of your browser. In the case of the virus, the URL was some .php page because as you know the text in the link has nothing to do with where that link is sending you.

[webdesign101]

Quote:

Originally Posted by n5bb

In the Advanced>Preferences screen you can add Extra headers to the display. You can then click Show details to see the extra headers, or set Settings>Theme to Classic and you will always see those extra headers when reading a message....

Bill

Bill, that's good to know, but probably not something the average user is going to do. This is what my contact forms generate ...

name: Reginald Waddleworth
email: rwaddlwworth@comcast.net
callback: yes
method: phone
best_time: morning
client_phone: 501-555-1212
client_address: 901 Razorback Road
Holla, AK 45454
client_comments: Looking to talk to Your Head guy. We have a huge opportunity in the sale of a bridge!

wsp_key: 4c34676ff10410b42587001d0f5053f2

Sender IP: 41.73.128.0

Then I just hit http://ip-lookup.net/ and find out where he really is located.