VERY strange situation going on

This may be in the wrong place. Feel free to move.

Last night, I got an email from Kaspersky, advising that I had sent an infected email to them. I shrugged it off and, unfortunately deleted it from my Yahoo account.

Today, I received an email from Panda below.
***
Panda Antivirus a détecté les virus suivants dans le message:
   Server :   MESSAGERIE

   Envoyé par :   
   Adresse :   MAILER-DAEMON@kazmail.asdc.kz
   A :   list-15@webserver2.kaspersky-labs.com
   Objet :   Returned mail: see transcript for details
   Date :   08/11/2002 01:40

VIRUS DETECTE

Fichier : ~000003.txt
    Virus :   Exploit/iFrame - Désinfecté
Fichier : README.EXE
    Virus :   W32/Bride - Désinfecté

***

Then, by the time I finished the above, the one below appeared in my yahoo box.


Date: Fri, 8 Nov 2002 00:44:20 +0300 (MSK)
From: DrWeb-DAEMON@sandy.ru | This is Spam | Add to Address Book
Subject: îÅÄÏÓÔÁ×ÌÅÎÎÏÅ ÓÏÏÂÝÅÎÉÅ: [unknown-subject]
To: list-15@webserver2.kaspersky-labs.com




õ×ÁÖÁÅÍÙÊ ïÔÐÒÁ×ÉÔÅÌØ,
óÏÏÂÝÅÎÉÅ, ÐÏÓÌÁÎÎÏÅ Ó ×ÁÛÅÇÏ ÁÄÒÅÓÁ e-mail (ÁÄÒÅÓ ÍÏÇ ÂÙÔØ ÐÏÄÄÅÌÁÎ)
ÎÁ <piotr@sandy.ru> ×ÅÒÏÑÔÎÏ ÉÎÆÉÃÉÒÏ×ÁÎÏ É ÎÅ ÂÙÌÏ ÄÏÓÔÁ×ÌÅÎÏ.
ïÔÞÅÔ ÁÎÔÉ×ÉÒÕÓÎÏÇÏ ÆÉÌØÔÒÁ:

========================
DrWeb found next viruses:
========================
infected with Trojan.IframeExec
infected with Win32.HLLM.Generic.95


ðÏÌÕÞÁÔÅÌØ Õ×ÅÄÏÍÌÅÎ Ï ÄÁÎÎÏÍ ÐÉÓØÍÅ, ËÏÐÉÑ ÚÁÒÁÖÅÎÎÏÇÏ ÐÉÓØÍÁ ÅÍÕ
ÄÏÓÔÕÐÎÁ.

üÔÏ ÓÏÏÂÝÅÎÉÅ ÂÙÌÏ ÓÇÅÎÅÒÉÒÏ×ÁÎÏ Á×ÔÏÍÁÔÉÞÅÓËÉ ÐÒÏÇÒÁÍÍÏÊ ÄÏÓÔÁ×ËÉ
ÐÏÞÔÙ.

Dear Sender,
message sent from your e-mail address (address may be spoofed)
to <piotr@sandy.ru> was probably infected and was not delivered.
Antiviral filter report:

========================
DrWeb found next viruses:
========================
infected with Trojan.IframeExec
infected with Win32.HLLM.Generic.95


Recipient was warned and can obtain a copy of infected message.

This message was generated automatically by mail delivery software.

***

I've scanned my machine, I use KAV, and have run two online scans and I'm clean according to all of them. Further, I'd never even been to either Panda or Dr. Web. I did use Panda for an online scan today. First time I've ever been there.

Obviously somebody is using my email address for the above, and the one from kaspersky last night, that I didn't keep, insinuated that the virus was sent FROM my yahoo account. Do I advise Yahoo of the situation? I don't have any names in my address book, so that's not a problem and I've changed my password again. I'm sort of at a loss as to what to do about this.

I run Spybot at the end of every day. It says I have no keyloggers or any other stuff on this computer. If some clown is sending infected mails around with my name, what the h**l do I do? I'm stuck.

 

Chuck57

Have you received any other emails from Kapersky lately?

Have a look at the following on their site:
http://www.avp.ru/news.html?id=965624

Regards
CrazyM

 

No, but the message you pointed me to was there last night along with the email from Kaspersky. Didn't know what it was and opened it on Yahoo.

Since then, I've run my three scans as I mentioned, and I'm clean. There was no attachment, so I'm guessing yahoo's av got rid of it. Nothing else has arrived today, so far.

My server email is reserved for family and friends. Everything else goes through Yahoo or Hotmail.

 

Chuck57,
It seems that KAV has been Hacked! See explanation below..Virus News. Friday, November 08, 2002
******************************************************************

1. Beware of fakes!
2. How to subscribe/unsubscribe

****

1. Beware of fakes!
Kaspersky Labs reports an attempt to hack its Web server

Kaspersky Labs informs users that on the night the November 7th there
was a massive attack against the company's Web server. The attack
resulted in a group of hackers sending the subscribers of the Kaspersky
Labs e-mail newsletter a message containing the recently discovered
"Bridex" worm.

The infected messages have the following appearance:

"Bridex" is an e-mail aware worm that spreads in e-mail messages and
infects computers in two ways: manually, if a user executes the attached
file (README.EXE) automatically upon reading the message if the target
PC has no Internet Explorer patch installed that thwarts the
IFRAME-vulnerability

Despite Kaspersky Labs not receiving any actual reports of infection
caused by this hacker attack we recommend that users under no
circumstances open messages having the aforementioned appearance and
immediately to delete them. To strengthen your defense against "Bridex"
we also advise you to urgently install the IFRAME-vulnerability patch
available for free at Microsoft's Web site:
http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp
(http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp).

Unfortunately, hacker attacks have become a part of computer users'
every day life. Even the majority of the world's largest governmental
and commercial institutions already felt victims to hackers. "During the
last few years Kaspersky Labs has grown to become one of the leading
virus experts and this status has attracted much attention from hackers
resulting in daily attempts to penetrate of defenses, - said Eugene
Kaspersky, Head of Anti-Virus Research. - Currently we are conducting an
investigation to reveal the sources of this attack and are taking the
necessary measures with our security system to ensure that this type of
attack will never succeed in the future."

Kaspersky Labs apologizes to all its newsletter subscribers. If your PC
has become infected with "Bridex" as a result of this hacker attack we
will provide you with immediate free assistance to neutralize this worm.
We kindly ask you to contact our technical support available 24 hours a
day by e-mail (support@kaspersky.com) or by phone (+7 095 797 87 07).

Kaspersky Labs takes this opportunity to remind you of the security
rules of the company's e-mail newsletters, which allow you to
distinguish the hackers' messages from the real ones. Please, keep in
mind that Kaspersky Labs newsletters come in plain text format and do
not contain any attached objects. If you receive a message with attached
objects - do not open them and submit them to Kaspersky Labs' technical
support (support@kaspersky.com (mailto:support@kaspersky.com)) for an
expert evaluation.

You can find more details about the "Bridex" worm in the Kaspersky Virus
Encyclopedia at http://www.viruslist.com/eng/viruslist.html?id=57756
(http://www.viruslist.com/eng/viruslist.html?id=57756)



**

2. How to subscribe/unsubscribe

If you would like to subscribe to other Kaspersky Lab news blocks or
to unsubscribe from this news block, you can do so by visiting
http://www.kaspersky.com/subscribenow.html

If you experience any problems with this procedure, please contact us at:
webmaster@kaspersky.com

****

Best of Luck,

Kaspersky Lab News Agent

-----
10 Geroyev Panfilovtcev St.,
125363, Moscow
Russia
Telephone/Facsimile: +7 (095) 948 43 31
WWW: http://www.kaspersky.com
FTP: ftp://ftp.kasperskylab.ru
E-mail: webmaster@kaspersky.com

 

As a subscriber on the Kaspersky newslists i too got the message and complaints of other subscribers mailer daemons, including many av/at security software developers, so it's bit of a mess in the inbox; be very careful with those messages in case you get them, as most of these complaints contain the worm too.
The other official Kaspersky message you mention i did not see yet, so thanks for posting it here

 

Well that figures

Just because I go to Kasperskys site the other night and download their Firewall Beta, Somebody has to hack them.
Ok who is following me around these days? I hope she is pretty.