ATTENTION ALL CAPTIVE REEFING MEMBERS!
In the early morning hours, still feeling like Tues, but indeed it was Wed approximately 12:30am, I opened an e-mail bearing the virus called "WormW32/Mytob.FM" with CR's return address on it. To find out that I had received the worm aforementioned was quite surprising. Please read all the pertinent information below! It appears that the message was sent from a member of CR, seems to know a bit about how we run things, and also has some hacking talent. We're pretty shocked & surprised that there's someone out there who'd send me a virus. I honestly can't think of any member on the board that dislikes me to the point of ruining a great reef site. If anyone has a problem with me or Dave, please take advantage of your PM option and we could talk it out instead of possibly ruining a site that so many people are fond of. Whoever it is that sent the virus simply took the coward's way out to handle a grievance with me... if that's the real reason the virus was even sent. We find this type of behavior immature & unacceptable. Our priority now will be to work through the information gathered from our mail server, and put a stop to the individual who did this. We want to assure all of you that we have the tools & knowledge to bring this to a quiet and quick halt. Lastly we want to be sure our members are aware of this incident so that no one is caught off guard with little or no virus protection. Please make sure that all your virus scanning software is up to date. Do a search on your computer to see if you have a copy of this worm residing on your system slowly worming it's way through your hard drive. DO NOT OPEN anything that looks suspicious. We'll be happy to help you to the best of our ability in hopes of nipping this virus scare in the bud, nuke this rotten worm along with the worm that's distributing it!
PLEASE READ ON CAREFULLY & TAKE NOTE!
Warning: This message has had one or more attachments removed (updated-passwo.exe, updated-password.zip). Please read the "PartnersForever.net-Attachment-Warning.txt" attachment(s) for more information.
Dear user angel,
You have successfully updated the password of your Captivereefing account.
If you did not authorize this change or if you need assistance with your account, please contact Captivereefing customer service at: firstname.lastname@example.org
Thank you for using Captivereefing!
The Captivereefing Support Team
+++ Captivereefing Antivirus - www.captivereefing.com
***This next portion is a piece of what was in the attachment. I didn't include the attachment information in it's entirety since it holds the key that will lead us to the individual who sent it.
The original e-mail attachment "updated-password.zip"
was believed to be infected by a virus and has been replaced by this warning message.
If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.
At Wed Apr 5 00:00:12 2006 the virus scanner said:
F-Prot: updated-password.zip->updated-password.htm Infection:
AntiVir:W32/WORM/Mytob.FS ALERT: [Worm/Mytob.FM worm] updated-password.zip <<< Contains signature of the Worm/Mytob.FM
I have to wonder if this virus attempt made this person feel good, because when all is said and done, I doubt they will be feeling all that tough. Remember, watch any attachments you recieve to be on the safe side. Please contact us immediately if you have any knowledge about this incident. Captive Reefing and it's owners are built of some heavy reef rock, and we won't tumble that easily! :p
Thanks for your continued support!
..........Reef_Angel & Dakar