Announcement

Collapse
No announcement yet.

Virus Being Sent on Behalf of homeseer.com, etc.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Virus Being Sent on Behalf of homeseer.com, etc.

    I was wanting to post this a while back and thought I did but I think I only posted as a reply in another topic.

    I am occasionally getting emails on behalf of support@homeseer.com and helpdesk@homeseer.com that have virus' attached. My first clue that these were not legitimate should have been the To address as it was an email address that I must have used in a message text because it was not one in my Message Board profile.

    Also, I have had emails sent to/from other members on the board and have received emails from them letting me know that I sent them a virus. I didn't as I am Norton Antivirus scanning incoming and outgoing email and so far I have no reason to believe that it is not effective.

    Interestingly, I found the first virus when I used my work browser to check email via my HomeSeer web server. I opened what appeared to be a legitimate .zip file and it triggered my work's Corporate Norton Antivirus. That was good but it also notified IT department and I am afraid that they may block access to my home server. Instead, they are now banning .zip file extensions (they must have taken a Microsoft security class ).

    Anyway, keep a heads up and make sure that your virus software is up to date.

    Jim Doolittle
    Jim Doolittle

    My Twitter
    My Hardware & Software
    Tags: None
    #2
    For what it's worth, most of the newer email viruses will spoof the sender address - When a machine is infected they'll search the machine for an address book and send a copy of the virus to everyone in the address book. They'll also randomly select an email address from the address book and use that as the 'from' address. The messages you're getting almost certainly didn't come from homeseer, but someone who has both you and homeseer in their address book. The same thing with the messages you're getting saying that you're infected. Most likely you're not infected, but rather someone else is infected and their machine happened to pick your name from their address book when it sent out the viruses.

    Blocking .ZIP files isn't a really bad idea, actually... one of the newer viruses now comes in an encripted zip file in attempts to thwart virus scanners.

    Brett

    Comment

      #3
      ... and that same virus includes a message which looks like it's from your IT department (or the domain name owner), pretty impressive actually.

      ---
      Do you cocoon?
      http://www.CocoonTech.com
      HSPRO 2.4 (ESXi 4.1) | my.Alert NEW | my.Trigger | HSTouch | ACRF2 | UltraM1G | BLWeather | BLLan | Rover
      (aka xplosiv)
      Do You Cocoon? Home Automation News, Tutorials, Reviews, Forums & Chat

      Comment

        #4
        I suspected spoofing (that was what I meant by "sent on behalf of") and almost mentioned it but figured my post was long already but Brett described it rather concisely.

        I believe Winzip 9.0 (recently released) fixes the .zip virus vulnerability but I you would need to have it on all machines recieving the .zip. I now have Winzip 9.0 installed on all my PCs.

        Jim Doolittle
        Jim Doolittle

        My Twitter
        My Hardware & Software

        Comment

          #5
          Like the rest of you I have been recieving quite a few emails with virus attachments, mostly Netsky, although none have orginated from the people on this board as far as I can tell, or from Homeseer

          I take the standard precautions with the antivirus automatically updating etc on each machine, but I have recently purchased a Gatelock X200 Router By Trend. Apart from all the usual router facilities, logging port forwarding,etc, it also scans all incoming email and web mail for virus's, identifies port scans and back orifice et, gives you logs and email notifications. The virus definitions and scan engine are automaticaly updated from the trend web site

          At 50 UK pounds including a free copy of their standard PC antivirus software its a snip

          And its working pretty well so far

          Kevin

          Comment

            #6
            Thanks

            Comment

              #7
              www.antivirus.co.uk

              then look at personal products

              This is Trend Micros UK web site and the shop is run by digital river

              Comment

                #8
                At work we process inbound email through multiple processes on multiple servers. In addition to anti-virus scanning of all attachments, we remove all executable attachments including exe's, scripts, etc. and we remove such files from zip files. Because of the recent encrypted zip file worms, we now also remove encrypted zips, but let regular zips through (after executables have been removed and the attachment virus scanned). We still worry.

                Bill

                Comment

                Previous template Next
                Working...
                X