Just wanted to share this new approach.

This is the email received today.

" Dear user, the management of Neophytemedia.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please follow the instructions.

For details see the Attach.
In order to read the attach you have to use the following password: 36572

Cheers,
The Neophytemedia.com team "

So here goes my comment:
Nice try, :)

First of all i would like to specify that Neophytemedia.com is in no way associated with the production, distribution of such emails. We're fighting viruses, spamming or aliens that threaten our servers. :) Keep in mind that your own domain is spoofed in the sent email. So the message may come from: staff@yourdomain.com, management@yourdomain.com or any other.

If this email was received by someone who has no experience in email decoding or be skeptical enough to ask a supervisor might fell for it. When we decoded the whole email we found out quite a few interesting things.
The email was sent through SMTP server:
24.88.245.103 (rdu88-245-103.nc.rr.com)

The attachment contains a Trojan horse.
" I-Worm.Netsky.d " or an updated version of it

The worm copies itself to %WinDir% under the name "winlogon.exe".

It adds the following key to the system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \]
"ICQ Net" = "%windir%\winlogon.exe"

the attached file name was: "document.pif"

this worm really seems to be the new Mydoom as it spreads really fast.

Make sure you do not open / save / or download the attachment unless you know what you're doing.

Neophyte Media (The real team)
http://www.neophytemedia.com

agree (of course). at least check it for virus with a updated antivirus program.

__________________
My Portfolio (in Norwegian)