Blank emails from random addresses a virus? 2

[SpecSys]

A few people on my staff have been recieving periodic emails from random email addresses. The emails are completely blank without attachments. The come from both unknown addresses AND addreses in the contacts, including from other employees at the company. We run AVG virus protection and are updated daily. There have only been a handful of viruses found in the past 6 months, and all have been easily taken care of by AVG.

Also, one guy just recieved an email from someone he does not know, but who is a company contact (not in his personal address book though) saying simply "You sent me a virus, check your virus protection software." with the note saying the attached file was bval(1).htm. I haven't found anything on this file name in any search engine. Could it be related?

 

[AVChap]

Might be Klez. We won't know until we see the actual mail header.

Just make sure your AVG is updated.

AVChap

 

[hnd]

That is not a really blank mail. Usually this is an Attack to the Iframe Security Hole. I got a lot of such mails, but i have installed the secure Viewer from PGP, and there you can see the code.

An other way, but a dangerous way ist to open the mail and select the option "Show Source text". There you can see the text too. Usually the code opens am Iframe of Size=0.

hnd
hasso55@yahoo.com

 

[SpecSys]

All of the AVG is up to date on all computers. What kind of damage can these attacks do? We haven't noticed any bad effects. And how do I stop the mail? The return addresses are obviously not correct and the AV software isn't showing it as anything, so what steps can I take?

I will check the header next time we recieve one. I know we have recived at least a couple dozen in this past summer, and I know for a fact at least one guy opened it because he figured if it doesn't have an attachment it must be safe.

 

[hnd]

If you have installed all security Patches Nothing can happen, but if not ...... You may be guided to a Website from where you get malware.

hnd
hasso55@yahoo.com

 

[SpecSys]

Well, I just took 3 messages from a users deleted items bin and took a look at them, just opened them up. I don't see anything in the header that looks suspiscious. They come from random email addresses, one was a .edu, but the rest are just random. The same title was on 3 different emails from different addresses. "Pete, how about this..." The wierd thing is every now and then someone gets one that appears to come from someone else in the company.

All service packs and patches are present.

 

[hnd]

As stated above: If all security Patches are present Nothing will happen. But if not then it would be enough to open the Mail. The hidden code on the mail would be able to load some malware from a Webserver to your PC.

Make a test: save this Mail to a textfile and look to this file with a regular Ascii editor. I am 99.99% sure you will find something like that: <Iframe> ..........</iframe>
hnd
hasso55@yahoo.com

 

[2IC]

Possibly, these mails can be virus related. Certain viruses such as the Klez use e-mail spoofing to hidethe indentity of the infected user.

Have a look at the page below for more information on e-mail spoofing.

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci840262,00.html

Why are the e-mails blank? I wish I knew for sure.

 

[SpecSys]

I don't really think there is any action I can take with these right now. Our virus software has been up to date for months and we are running a very tight ship as far as I can tell. The software has stopped numerous KLEZ emails already so I am thinking that these blank emails are not KLEZ unless it got through long ago. No harm no foul so far, I will chalk it up to spam and monitor it carefully.