Yes, because it came in that way which is the last thing you’d expect SPAM to say first thing out of the box. To be more precise than my earlier post, we used to do a subject: header rewrite adding [SPAM] to suspected spam, but we stopped that a few days ago. So when the CNN Alerts: style spam (that we’d previously eliminated with its unique own filter rule) started showing up with what appeared to be a header rewrite that was no longer enabled, it drove me crazy for a few minutes because I first blamed our mail server (which is Ability Mail Server*), but then realized that our spam header rewrite was typographically different than what we were seeing on the pre-labeled CNN spam.

*Full Disclosure: I have no interest in Code-Crafters Ability Mail Server other than as a satisfied long-term user.

The best thing you can do is scan your machine off-line: boot from a live CD and do a a malware scan of your disks. F-secure just released a new ISO file to do this. And to be really safe, don’t download and burn this ISO on your suspect machine, but use another one.

Look for the F_secure ISO here, and also update the virus database:
http://www.f-secure.com/linux-weblog/2008/06/19/f-secure-rescue-cd-300-released/

It came back with “you must upload the newest version of ?? player” to see video”

I KNEW there was a problem at that point but it would not allow me to exit - kept coming back with the same window.

Bottom line, in trying to get out of the loop I hit the “allow” button by mistake.

I immediately did a cntrl/alt/delete and closed browser.

I was/am running McAfee - it never said it stopped anything.

I ran a complete McAfee scan, found nothing.
I then ran Ad-Aware - only found normal cookies.
Then ran SuperAntiSpyware - only found normal cookies.
Just finishing running Trend Micro - seems to have found nothing.

Did I get a virus/trojan/etc. in the short time before I closed the browser and none of the virus programs I have run found it??

Any suggestions of other virus program(s) I should run as well?

How do I know if I got infected?

Thanks for the help.

That’s interesting, I’ve speculated (privately) about the blending of SPAM and malware e-mails.

Thanks for sharing this.

[Spam] - CNN Alerts: My Custom Alert

Since we do a similar header modification around here to flag spam, but were handling this malware differently, it caused some serious confusion and head scratching, which was just what the bastards intended.

These guys are Machiavellian. Its as clever as balancing a bucket of water above a door jamb in a way the intended victim can see it, but then when he carefully removes it and proudly takes it to the sink to pour it out, he discovers the real gotcha was that the undersink trap has been removed so the water pours all over his feet and the floor.