Re: Attn: Virus from "photo.net": do NOT open attachments in messages from Photo.net
That's correct. As for "non-executable" extensions, there is still a danger there. Thanks to Microsoft, the default setting in Windows is to masquerade the "known extensions". This is frequently used by the perpetrators: a file has two extensions, e.g. file.doc.js or file.doc.exe So, it would appear as "file.doc" in that case. (I always disable that extension hiding on all Windows systems I set up.) BTW, in this specific case, the attachment in question is called terms_and_conditions_doc.zip, and the file inside is terms_and_conditions_doc.js The interesting thing is that clamav doesn't indentify any virus in this .js file. Igor Richard Dell Thu, 21 Sep 2017 09:50:33 -0700 wrote: Good advice for almost all emails ... never open an attachment unless you absolutely know it is ok, particularly .zip, .exe, .docx, .xlsx, or any of the types that can contain macros. If it is an extension that likely does not contain executable code, like .jpg or such, I'll usually save it to my hard drive first, before opening .. then the anti-virus software will be sure to take a look at it. On Thu, 21 Sep 2017, Igor PDML-StR wrote: Hi All, I just responded to David's e-mail, but I thought, I would have a separate message with the warning in the Subject, since there are many people here who have accounts on Photo.net I'll repeat here: I received two e-mails from photo.net this night/morning - a few hours apart. Both were identical, mentioning my name, as it was used in photo.net account. The message informed about policy change, and said that I was subscribed and paid for the premium account. 1. I don't have a premium account, and I didn't pay anything, so, the information is bogus. 2. Indeed, the email came from an address (and via server) in Finland, and that confirmed my concerns. 3. Both messages have an attachment. Do NOT open it. It is masqueraded as a ZIP-ed document, but it is a JavaScript, - most likely a virus. Igor -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: Attn: Virus from "photo.net": do NOT open attachments in messages from Photo.net
Good advice for almost all emails ... never open an attachment unless you absolutely know it is ok, particularly .zip, .exe, .docx, .xlsx, or any of the types that can contain macros. If it is an extension that likely does not contain executable code, like .jpg or such, I'll usually save it to my hard drive first, before opening .. then the anti-virus software will be sure to take a look at it. On 9/21/2017 9:06 AM, Igor PDML-StR wrote: Hi All, I just responded to David's e-mail, but I thought, I would have a separate message with the warning in the Subject, since there are many people here who have accounts on Photo.net I'll repeat here: I received two e-mails from photo.net this night/morning - a few hours apart. Both were identical, mentioning my name, as it was used in photo.net account. The message informed about policy change, and said that I was subscribed and paid for the premium account. 1. I don't have a premium account, and I didn't pay anything, so, the information is bogus. 2. Indeed, the email came from an address (and via server) in Finland, and that confirmed my concerns. 3. Both messages have an attachment. Do NOT open it. It is masqueraded as a ZIP-ed document, but it is a JavaScript, - most likely a virus. Igor -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Re: Attn: Virus from "photo.net": do NOT open attachments in messages from Photo.net
Thanks, Igor. Dan Matyola http://www.pentaxphotogallery.com/danieljmatyola On Thu, Sep 21, 2017 at 9:06 AM, Igor PDML-StR wrote: > > Hi All, > > I just responded to David's e-mail, but I thought, I would have a separate > message with the warning in the Subject, since there are many people here > who have accounts on Photo.net > > I'll repeat here: > I received two e-mails from photo.net this night/morning - a few hours > apart. Both were identical, mentioning my name, as it was used in > photo.net account. The message informed about policy change, and said > that I was subscribed and paid for the premium account. > > 1. I don't have a premium account, and I didn't pay anything, so, the > information is bogus. > 2. Indeed, the email came from an address (and via server) in Finland, and > that confirmed my concerns. > > 3. Both messages have an attachment. > Do NOT open it. It is masqueraded as a ZIP-ed document, but it is a > JavaScript, - most likely a virus. > > Igor > > > -- > PDML Pentax-Discuss Mail List > PDML@pdml.net > http://pdml.net/mailman/listinfo/pdml_pdml.net > to UNSUBSCRIBE from the PDML, please visit the link directly above and > follow the directions. > -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
Attn: Virus from "photo.net": do NOT open attachments in messages from Photo.net
Hi All, I just responded to David's e-mail, but I thought, I would have a separate message with the warning in the Subject, since there are many people here who have accounts on Photo.net I'll repeat here: I received two e-mails from photo.net this night/morning - a few hours apart. Both were identical, mentioning my name, as it was used in photo.net account. The message informed about policy change, and said that I was subscribed and paid for the premium account. 1. I don't have a premium account, and I didn't pay anything, so, the information is bogus. 2. Indeed, the email came from an address (and via server) in Finland, and that confirmed my concerns. 3. Both messages have an attachment. Do NOT open it. It is masqueraded as a ZIP-ed document, but it is a JavaScript, - most likely a virus. Igor -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net to UNSUBSCRIBE from the PDML, please visit the link directly above and follow the directions.
