Home Archive Virus Complaint Email Carries Malware

Virus Complaint Email Carries Malware

by Brett M. Christensen

Threatening “complaint” email accuses the recipient of sending emails containing viruses and instructs him or her to open an attachment supposedly containing email log files.

False – Attachment contains malware

To Whom It May Concern:I am tired of receiving messages containing malicious computer programs (viruses) from your e-mail address!!! If within 1-2 days you do not stop sending messages to my e-mail address, I will have to address this issue to the Police!… Today I received a hard copy of your data logs from my Internet service provider. The copy contains your IP address, logs of sending malicious programs and your e-mail address details…

I am sending you the copy of the document containing your data and logs of sending malicious programs as the proof of your fault!!!!!!

You must print the document containing the list of your data and logs of sending malicious programs and pass it on to your Internet service provider with, so that they could find out why the viruses are sent from your computer to my e-mail address!!!!

Ask your Internet service provider to resolve this problem!!!!

Do this now!!!
Once again!!! If you don’t stop sending the letters, I will address to the Police and file a lawsuit against you!!!

Detailed Analysis:
According to this threatening complaint email, the sender has been receiving virus emails that originate from the recipient’s computer and is intending to take legal action if the matter is not quickly resolved. The message demands that the recipient print out a copy of the email log and data files, supposedly contained in an email attachment, and pass them to his or her Internet Service Provider so that they can ascertain why the alleged virus emails are being sent. The sender warns that he will involve the police and file a lawsuit if the recipient does not comply with this request immediately.

However, it is the complaint email itself that actually delivers the malicious program and the claims in the message are entirely bogus. Rather than log files proving that virus emails have been sent from the recipient’s computer, the attachment actually contains malware. Opening the attachment can install a trojan that can collect sensitive information from the infected computer and communicate with a remote server.

The message is intended to trick the recipient into opening the attachment without due care and attention. Stung by the unfair accusations in the message, and fearful of the threat of impending legal action, many recipients may immediately open the attachment after reading the message. The criminals responsible for distributing such malware rely for success on provoking this natural panic reaction in their potential victims. Malware vendors have repeatedly used similar tactics in the past and are likely to continue to do so. In 2006, a bogus Mail Server Report that claimed that emails containing worms had been sent from the recipient’s computer itself contained a worm hidden in an attached file. In 2005, malicious emails were distributed that claimed that the FBI or the CIA had logged the recipient visiting illegal websites and instructed him or her to open an attached file for details. The attachment contained a variant of the Sober worm. And in 2007, a “complaint” email that falsely claimed to be from the Federal Trade Commission attempted to fool recipients into installing an information-stealing trojan hidden in an attached file.

As an Internet user, you need to remain continually vigilant against clever criminal tactics such as these. You need to be wary of any unsolicited email that contains an attached file. Even if a message is threatening or requests urgent action on your part, always take the time to properly evaluate the claims in the message before opening any attachments or clicking on any links. To mitigate the dangers posed by malware and Internet worms, users should also ensure that they operate reliable and up-to-date security software.

You can learn how to protect your computer systems from all manner of security threats quickly and cheaply. Click here for details

Last updated: 11th September 2008
First published: 11th September 2008
By Brett M. Christensen
About Hoax-Slayer

Fake Mail Server Report Message Carries Worm
FBI Virus Emails – Sober Worm
Federal Trade Commission Complaint Scam
The complaint that’s an attack

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,