There have been a slew of viruses being delivered lately. The latest is a varient of a very old virus, but is acting similar in the means and frequency of updates. As you can see here: http://vil.mcafeesecurity.com/vil/content/v_134066.htm
The latest one is seems to be a W32/Mytob@MM spinnoff.
The reason you are seeing them is because as soon as the server side virus definitions are updated, a new version of the virus is released, with a different file signature. Sometimes several new versions are released in a single day.
This particular virus is a sneaky one. It pretends to be from authoratative email addresses, typically support@yourdomain.com, webmaster@yourdomain.com hostmaster@yourdomain.com, etc etc. yourdomain.com of course being your actual domain name.
This can be troublesome for large sites with many employees that have email addresses, but are less than savvy about virus protection.
I would reccomend if you fit the description above to send a memo reminding people of how to deal with viruses, and what to look for.
Typical emails contain a .zip attachment with malware (among other fun things) bundled inside.
This email is spoofed, meaning that it did not originate from your account, or your domain, though it appears to have.
It is being delivered to it using fake "from" headers. The IP address in the email headers is the actual sender, who usually has no clue they are infected.
Typical subjects include or are similar to:
Your account is suspended for security reasons.
*WARNING* Your Email Account Will Be Closed
Typical message bodies can include or be similar to:
Dear user,
It has come to our attention that your DOMAINHERE User Profile ( x ) records are out of date. For further details see the attached document.
Thank you for using DOMAINHERE!
The DOMAINHERE Support Team
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.DearDOMAINHERE Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours,
The DOMAINHERE Support Team
Remember! Never open attachments if you are not specifically expecting them from someone. GlowHost is never going to send you an attachement without first discussing with you that you should expect one.
We provide free server side virus filters as a first line of defense for you. We block delivery of 10's of thousands of viruses every day. Some do slip through the cracks however, so we cannot do all the work for you.
Some people prefer to run anti-virus on their local computers as well.
Just remember, the best anti-virus is using your noggin!