I just got an email from "Knowlton" ( knowlton1@clublexus.com) with the subject of "forum notify". There was an attachment titled text_document.com with the size of 20.8k

Does anyone know what this is?

 

That's not a valid CL email address, but I've received lots of these similar spoof emails at my work account and also some on my personal accounts.

Do not open the file, if you have you should immediately update your virus signature file and run a full scan.

The virus sounds very similar to the beagle virus, probably a variant.

http://securityresponse.symantec.com...agle.a@mm.html

 

Thanks Dave. It's wierd though b/c I ran my virus scanner over it (which updates automatically) and it didn't catch anything.

 

This is an email from my ISP that I got today You were right, the bagle virus. What I would like to know though is how this dude uses the clublexus.com domain name??


Tim


An email was sent to you that we have identified as containing a virus. Below find the details of the infected message:

From: knowlton1@clublexus.com
Date: Fri, 14 May 2004 13:18:04 -0400
Virus Name: W32/Bagle.ab@MM
Infected Attachments: 000002bf.EML, /Details.com


To protect you from destructive Internet viruses, your *** High Speed Internet service now includes a free anti-virus security enhancement. This security enhancement detects and prevents the delivery of most viruses transmitted via email so that your personal computers will not be harmed.

This is an auto-generated message. Please do not reply. For more information on how this security enhancement works, please visit *** Customer Support at the following location:

http://usercenter.***.net/rsuite/sdc...fety/virus.htm

Please note that *** does not read the content (text) of your email messages. This security enhancement only detects known viruses.

This anti-virus security enhancement of your *** High Speed Internet service is applied when your email comes through our email servers and is intended to provide protection against most identified viruses transmitted via email. In order to complete your anti-virus protection, it is recommend that you install and use PC-based anti-virus software on your PC; this will protect you from viruses transmitted through Web sites, Internet downloads, and via diskettes, portable drives, etc. *** High Speed Internet's email anti-virus security enhancement will not prevent downloading of virus-infected files, nor will it remove viruses already present on your computer.

Sincerely,

The *** High Speed Internet Team

 

The virus just spoofs the domain, it's not really sent from CL. Just like spammers make it look like emails come from AOL, etc.

 

Dave is right. Most of these people use Anonymous mailers that mask the real address and put in a fake one.

-Anthony