Rule No. 1: Avoid clicking on unexpected email attachments! A lot of trojan viruses are being deliberately spread in order to steal the passwords of Internet subscribers. These trojans and viruses arrive in your email disguised as various "useful" or "interesting" files that seem attractive to click. The cover messages are designed to entice you into activating the attachments.

Don't be fooled and never click on these files. Delete them immediately.

Samples of Fraudulent E-Mail Messages
The latest flareups of fraudulent and malicious e-mail include payloads for the Hybris Trojan and the MTX Supervirus.

The W32.Hybris.gen trojan is an Internet worm which can be received by email. If run, this worm modifies the WSOCK32.DLL file, after which, an attempt is made to mail a copy of the worm to all mail recipients whenever email messages are sent out. The worm is sent unknowingly by the user of the infected PC. In addition, it downloads encrypted update components from a web site, most likely the worm creator's site.

The worm was sent using a number of faked or non-existent MosCom email addresses with highly pornographic text in both the message body and the subject header. More information on this can be found here.

The MTX Supervirus is a combination virus/worm/backdoor trojan that usually contains .pif files as attachments. An infected PC will send out two e-mail messages; the first e-mail is a normal e-mail message, followed by a second e-mail that lacks a subject and body. That second e-mail might contain one of the attached files found in the list below:

Other filename variations could exist, but most of the attached files have the double extension format ending with a .pif file. More details on the MTX Supervirus can be found here.

The BackDoor-g2.svr.gen trojan is a client program (also known as "subseven") that when activated will allow the sender to control your PC from a remote location and steal your critical information. Previous examples were messages with the subjects below:

"erap"
"erapjoke"
"erap estrada"
"DHL PROMO FREE !!!"
"COKE DISCOUNT"
"what is mozcom??"

Some sample body text in these emails are:

"Madam, FOR YOUR PROMO OF FREE OF CHARGE!!! VIEW THE ATTACHMENT TO FILL OUT THE FORM"
"to view erap picture click erap at attachment and want to see more joke clike more_joke! thanks hope u like!"

In some cases the body of the message is an excerpt from MosCom's 6th Anniversary news article. It ends in the statement: "avail the news!!!" Go here for more information on this trojan.

MosCom's Corporate E-mail Policy
We urge all subscribers not to click on any email attachment that you did not specifically ask for, even if it claims to be from MosCom Internet or from somebody you know. When in doubt, confirm with the e-mail sender (by phone if possible) whether he or she really intended to send the attachment to you before you activate it.

MosCom Internet does NOT send out e-mail notifications with attachments.

If you receive e-mail from a mozcom.com address claiming to be from Systems Administration or Technical Support that instructs you to click on an attachment to view it or to "fix" your system, please do not open the attachment. Delete the e-mail instead.

(If you know what you're doing, you may forward the suspicious e-mail message as another attachment to abuse@mozcom.com for analysis, with a short warning note describing your suspicions. The forwarded e-mail message must contain the complete message headers.) For technical and customer service support, please call your nearest MosCom Point of Presence.