Sorry if this has been discussed before but...

I just got this email, supposedly from administrator @ yahoo.com

Dear user of "Yahoo.com" mailing system,

Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.

For details see the attach.

Cheers,
The Yahoo.com team

It comes with an attachment called message.pif

So I have a few questions...

[list=1]
Why did it end in my BULK folder if it really came from Yahoo?
what's a PIF file?
what happened to the button they used to have to report spam?
Am I right to be suspicious?
Anyone else get this?
Who says "Cheers" in an important email?
[/list=1]

TIA

.pif files commonly contain viruses, so yes, IMHO I think you are entirely right to be suspicious. If I were a betting man, etc.

In fact, you might want to forward the attachment (WITHOUT opening it) to one of the anti-virus houses - eg Symantec (http://www.sarc.com/avcenter/submit.html).

"Why did it end in my BULK folder if it really came from Yahoo?"

Because it almost certainly didn't. Can you PM me the headers ?

"what's a PIF file?"

Program Information File, very basically, used to tell Windows how to run another program. When you doulbe-click on a PIF file, it will run the program that it describes. But since the PIF doesn't contain the actual program (it kind-of points to the real code) it will not show up as a virus itself, which fools some AV software and even more people, which is why the virus writers use it, of course...

"what happened to the button they used to have to report spam?"

No idea -- don't use yahoo :)

"Am I right to be suspicious?"

Very :ok: But it's probably safe to just ignore / delete this one...

"Anyone else get this?"

Nope :)

"Who says "Cheers" in an important email?"

I might, but not in this case ;)

Hope this helps a little

/RTFM

PS You need to spell it "[c o l o r =" not "[c o l o u r =" 'cos this software is American... :rolleyes:

RTFMPS You need to spell it "[c o l o r =" not "[c o l o u r =" 'cos this software is American... Sorry, I thought I had, but I was running out the door when I typed it up this morning. I get :confused: sometimes.

Dunno how to get the headers from Yahoo :(

OtC,

If you're suspicious about an apparently safe official e-mail do a right-click on the title and left-click properties. You can see the headers without opening the message. Always assuming that, if you're using Outlook Express, you haven't allowed the message to be opened in the "Viewing Pane". This option should be unchecked in the View>Layout menu.

Often, the e-mail that purports to come from a respected source can be seen to have come from a domain that you have never heard of before.

And there's a new trick afoot. It used to be safe if you got an e-mail from eBay asking you to go to Site with a URL starting with https. Well, today an obviously spam e-mail coming from !eBay contained an https URL.

But I binned it anyway.

It's been a bad few days for viruses and spam, but the new BT/Yahoo setup is coping with the problems well. But they will keep changing things... Oh dear, I am getting old. :\

Onan the Clumsy,

It sounds like the MyDoom Worm (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.F).

If you check the full email header, you will see that the Yahoo address has been spoofed.

Take Care,

Richard

You could reasonably expect the Yahoo.com Team to be able to spell "amount" correctly, too! :E

Actually, it looks like it's very probably one of the two new variants of Beagle, Beagle J or Beagle K. The Symantec fact sheets for
Beagle J (http://www.sarc.com/avcenter/venc/data/[email protected]) and Beagle K (http://www.sarc.com/avcenter/venc/data/[email protected]) both describe e-mails exactly as you received. (Scroll down to paragraph 9 and paragraph 8 respectively in those documents.)