Re: [Clamav-users] Email.Webaccount defined?

Am 29.08.2007 um 00:59 schrieb Dan Metcalf:

> I have a client that is having some trouble when forwarding some
> spamcop
> complaints to the appropriate parties. They keep getting
> Email.Webaccount-11 rejections.
>
> Looked all over, but haven't found the right place for a definition
> of what
> this is? Anybody know?
>

Email.Webaccount is a variant of the infamous mails that are currently seeded, they usually contain something like "Your account has been created, the temporary pass is..., please visit our website to change you pass as soon as possible, etc". The mail also contains a numeric URL, like hxxp://99.99.99.99. By visiting the website, you have a good chance to catch additional malware, since the site usually tries to exploit various flaws in your browser. The site will also tell you something like "Please download this plugin/software/ update" to display the site properly.

It's possible that the mails that your customer wants to send belongs to this family. I'd recommend to defuse the mails by modifying the URL in it - it's safer for the customer anyway and clam wont trigger an alert.

HtH

-- 
Best regards,
   Christoph


_______________________________________________
Help us build a comprehensive ClamAV guide: visit 
http://wiki.clamav.nethttp://lurker.clamav.net/list/clamav-users.html