HELP! Yahoo.com send me a message saying I have a trojan!

Dear user of Yahoo.com gateway e-mail server,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

Pay attention on attached file.

For security reasons attached file is password protected. The password is
"88225".

Best wishes,
The Yahoo.com team

It's from support@yahoo.com

There's an attachment (zip file).

I scanned the file using their own scanner, it has a freakin' worm (Beagle.J) in it!

How can I report this to them?

I think their address has been spoofed, although I did receive a message on Monday claiming I'd sent a message to a person which had a worm attached (that mesage did not have an attachment, so my e-mail name was probably spoofed. x( )

And how can I double-check my system? I'm probably clean, but I have noticed some anomalies in my emulated WIndows system lately... (which is probably not a trojan, but still...)

You're system is probably fine but just to be on the safe side, go to

http://housecall.trendmicro.com/

...e-mail addy and can't find one.

Do they want me to confirm if they're pulling a jive turkey stunt like this on me?!

I'm also a fool, I forgot about Stinger...

Being in IT is one thing, being surprised like this is quite another.

just erase the email and walk away.

It's bogus.

... like the EBay "verify information" email, the PayPal "update account" email, etc.

Basically, nobody is going to send you an email with a request for action or a form to fill out.

If it has a link to go to, it *might* be legit. The way to tell is look at the URL you are actually going to. If it is not www.ebay.com or www.paypal.com - forget it.

The folks running these scams have got to be raking it in. :(

I just spent all day at the office dealing with this stupid thing.

LEAVE IT ALONE!@!!

Delete the email.

When it doubt, send the e-mail to abuse@whatever.com

only it wasn't really from Comcast. It has a zip file attached. I called Comcast to report it. They confirmed that it was bogus and that they had received a lot of calls about it.

that its still there but www.tucows.com once had a nice free program called TrojanHorse which sniffed these things out.
Also you might try adaware (free) which eliminates spyware - might be one those infected - who is to know.
Of course an updated anti virus program is essentail (norton or mcafee)
good luck

They can't do anything about it. Just delete it, don't open any attachments you arent' expecting or otherwise look supicious, yadda yadda yadda ...

Spoofing is a fact of life now and there's not a damn thing we can do about it but change our e-mail addresses. Weigh the costs for yourself and grin and bear it.

I've been getting calls on this all day.

On edit I wanted to clarify. The e-mail you got is a virus that got your address from somebody's infected computer. It is not true and there's no trojan virus on anything.

Some would try to download and unzip the file without scanning. This is the type of message that is more likely to con people than those I've seen in the past, and I've seen many.

Stinger is still scanning, but given I'm 110% careful with attachments and scan anything from you-know-where before playing it, I should be clean as a whistle.

But as y'all know, I'm a classic type A personality. :D

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html






http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html

I've been engrossed in 3 projects at work, followed by a seminar today. I probably would have heard of it by now though...

All of the big email domains are getting spoofed. If you used Earthlink, the virus would appear to come from them.

up on Beagle yet. They've got a pretty good virus filter set up. But, AVG didn't catch one coming in today. Maybe it's because the firewall already locked the attachment. And Beagle is a tough little bugger to identify.

Anyway, sometimes I dig through the headers and try to find an IP address that looks like the originator. Then I run it through:

http://www.iks-jena.de/cgi-bin/whois

and get the IP's owner.

Then I might forward them the email suggesting one of their members might have a virus.

I definitely do this when I get something like an eBay scam email. A couple of ISP's have written back to tell me they have "taken action."

But, IP's can be spoofed, too. These damn viruses all have their own SMTP built in now.

I personally don't mind if I have 3 - 10 people sending me the same thing when it's something like this. It's damn better than the alternative: Not knowing.

IMHO, of course...

I send it off to abuse@___

But, that's only after I've gotten enough of them from one source.

I don't worry much about the people working there-- it's all automated anyway. I don't have enough time to follow up on all of this crap I get anyway.

The scammeisters, though, always get me to send an email. Admins tend to appreciate knowing their customers are using them to rob people.

has it attached as a .zip+ file. The firewall passes it because it isn't a zip. Outlook strips off the "+" and suddenly you've got a fully working .zip file containing the virus payload.

Not Stinger, Beagle: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101071

Was posted at DU this afternoon, at which time the risk was characterized as "wild" (low). Already up to medium. Uh-oh.

That this shizznit is bloowing up!!!

because of this worm. I have gotten about 50 e-mails each day from various @ku.edu e-mail addresses. I have never been affected by one of these worms before and it is quite annoying.