Date: Wed, 21 Jan 2004 12:20:37 -0500 (EST) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: Fraudulent BCPL.NET E-Mail Billing Notice ----------------------------------------------------------- VIRUS E-MAIL MASQUERADING AS BILLING NOTICES FROM "BCPL.NET ACCOUNTING DPT" RECEIVED BY SOME BCPL.NET CUSTOMERS ----------------------------------------------------------- A number of customers have called to report receipt of e-mail billing notices appearing to be from our "Accounting Department". The examples we have seen so far all have the following characteristics: From Address: Varies, but is NOT an official BCPL.NET administrative address. To Address: Varies, but is an "@bcpl.net" address. Cc Address: Varies, but is usually four "@bcpl.net" addresses. Subject: Billing Notice From bcpl.net's Accounting Dpt File Attachment: page.hta Message Text: As follows: ------------------------------------------------------------------ *** bcpl.net's accounting dpt notice *** Internet Billing Notice Please press "open" and read the attached Billing Notice. Note if you do not read this withing 24 hours we at bcpl.net regret we will have to terminate internet service. ------------------------------------------------------------------ o This e-mail DID NOT originate from BCPL.NET. o We don't have anything we call the "Accounting Department". The closest to that name is our "Accounts Department", and e-mail from that department is ALWAY from "accounts@bcpl.net". o We DO NOT send out billing notices via e-mail. We send them via U.S. Mail. o We NEVER send out official BCPL.NET e-mail of any kind that includes file attachments. McAfee VirusScan with the latest DAT file reports the file attachment as containing the VBS/Inor Trojan. However the descriptions of Inor on the McAfee Web site and other anti-virus Web sites do not match the characteristics described above. This may be a new variant of the Inor Trojan, or it may be something completely different. We don't know yet. If you receive e-mail matching (or even similar to) the message described above, DO NOT open the file attachment. It will probably infect your computer with a virus, trojan, or worm of some kind, which may cause your PC to start sending out infected messages on its own. I will post another BCPL.NET News message as soon as we know more about this virus, trojan, worm or whatever it is. In the mean time, this is a good opportunity to remind you of the following basic safety rule for dealing with e-mail file attachments: If you receive a message containing a file attachment DO NOT open the attachment unless ALL of the following are true: o The sender is known to you. o You are expecting a file attachment from that person. o The sender clearly identifies the nature of the file attachment in the text of the message. If any one of those three statements is not true, delete the message. DO NOT open the file attachment. When in doubt, get in touch with the apparent sender to confirm that he/she actually meant to send the file attachment. Chip -- BCPL.NET INTERNET SERVICES 320 York Road Towson, MD 21204-5179 U.S.A. CONTACTS: -------- Web Site: http://www.bcpl.net Administration & Policy: ispadmin@bcpl.net 410-887-6180 Sales, Renewals, Account Status: accounts@bcpl.net 410-887-4172 Technical Support (Help Desk): help@bcpl.net 410-887-3297 Usenet News Newsgroup Requests news-admin@bcpl.net 410-887-6180 E-Mail & Newsgroup Abuse Reports: abuse@bcpl.net 410-887-6180 Domain Name Service Issues: dnsadmin@bcpl.net 410-887-6180 FAX: 410-887-2091