Description of Problem. We have identified a new computer virus that arrives in an e-mail with the subject line "Mail Server Report".
Outage Duration. None. Email services and Internet access currently remain available.
Impact. We are working with our anti-virus vendor to obtain more information. The email arrives with an attached .zip file. It claims a worm was detected in an email you sent. You are asked to use the attached file to install updates that will eliminate the virus it has supposedly detected.
Action To Be Taken. Please do NOT open any Emails with attachments from individuals or organizations you are NOT familiar with. Also, since it is possible for viruses to "spoof" or fake the sender's address, do NOT open Emails with attachments from people you know, but from whom you were not expecting an attachment or if the attachment is a file type or file name that you customarily do not receive from this person. We have put filters in place to block future messages and have swept the e-mail system removing all messages that match the above description.
Origins: The "IT Services Alert Notification" reproduced above was a valid warning from October 2006 that cautioned users of Windows-based PCs about a real mass-mailing worm which arrived via e-mail with a subject line of "Mail server report" and a body containing the following text:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
Please install updates for worm elimination and your computer restoring.
Customers support service
In the guise of offering users an update to stop their computers from being used to spread mass-mailing worms, the "Mail server report" messages included attachments that when opened actually infected PCs with just such a worm, one known as Warezov.W or W32/Warezov.X.
In March 2008, a new warning began circulating that erroneously linked the name of the 'Mail Server Report' worm with elements of the 'Life is Beautiful' virus hoax and claimed that the resulting amalgam "HAS BEEN CONFIRMED BY SNOPES," thereby creating a combination that fused a real virus warning with aspects of a hoax virus warning:
Anyone-using Internet mail such as Yahoo, Hotmail, AOL and so on.
This information arrived this morning, Direct from both Microsoft and Norton.
Please send it to everybody you know who has access to the Internet.
You may receive an apparently harmless e-mail titled "Mail Server Report"
If you open either file, a message will appear on your screen saying:
'It is too late now, your life is no longer beautiful.'
Subsequently you will LOSE EVERYTHING IN YOUR PC, And the person who
sent it to you will gain access to your name, e-mail and password.
This is a new virus which started to circulate on Saturday afternoon.
AOL has already confirmed the severity, and the anti virus software's
are not capable of destroying it.
The virus has been created by a hacker who calls himself 'life owner'.
PLEASE SEND A COPY OF THIS E-MAIL TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!
Snopes also advises NOT TO OPEN MAIL WITH ATTACHMENTS unless you are expecting it.
This latter version is difficult to classify as either "true" or "false": The virus it references (i.e., the Mail Server Report worm) was a real one, but it's neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the "symptoms" provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn't really merit the dire warning to "SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!"
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.