Home PCGS Set Registry Forum

WARNING: POSSIBLE VIRUS FROM PINNACLE RARITIES

tompkinstompkins Posts: 413
in PCGS Set Registry Forum
I am not certain, but it is always better to be safe than sorry. I received an email from "inquiry@pinacle-rarities.com" with the subject "RE: Application" and an attached Zip file. I have sent email to Pinnacle warning them. DO NOT OPEN THIS ZIP FILE IF YOU GET THE EMAIL!!

Best regards

Pete

Here is an advisory I received a day or so ago from my corporate information security office regarding this virus:
---------------------------------------------------------------
There is a new email virus which is propagating through the Internet.
[my employer] has not been impacted but various measures have been put in
place
until our anti-virus vendors can supply up to date protection later
today.

For today, all attachments with .ZIP and .ZI extensions should be
handled
with care. If you receive an email with the following characteristics,
please DO NOT open the file attachment. Contact your helpdesk for
further
assistance.

The email that contains the virus has the following characteristics:

The sender may appear to be someone that you know. This is a real
email address that the virus has collected from the infected computer.

One of the following Subject Headers
Re: Application
Re: Movie
Re: Movies
Re: Submitted
Re: ScRe:ensaver
Re: Documents
Re: Re: Application ref 003644
Re: Re: Document
Your application
Application.pif
Applications.pif
movie.pif
Screensaver.scr
submited.pif
new document.pif
Re: document.pif
004448554.pif
Referer.pif


One of the following file attachments:

your_details.zip (contains details.pif)
application.zip (contains application.pif)
document.zip (contains document.pif)
screensaver.zip (contains sky.world.scr)
movie.zip (contains Movie.pif)

Again DO NOT open the file attachment and contact your helpdesk for
further
assistance.


My coins

Comments

  • pontiacinfpontiacinf Posts: 8,915 ✭✭
    i doubt pinnacle is spreading worms image
    image

    Go BIG or GO HOME. ©Bill
  • SteveSteve Posts: 3,312 ✭✭✭
    tompkins, I believe it is a DISSERVICE to identify a legitimate coin company in the subject of a thread where you supposedly are trying to "warn" people about a virus. WHY did you do this?
    My True View Album

    My Complete PROOF Lincoln Cent with Major Varieties(1909-2015)Set Registry
  • CarlWohlforthCarlWohlforth Posts: 11,074
    Viruses are horrible. It is always better to be safe than sorry.

    There is the Klez (or something like that) virus that is still making the rounds. If a company gets infected the virus gets sent to everybody on their email list. So it looks like it is coming from a legitimate company. Perhaps this is happening?

    Carl's Coins website w/ links to Carl's auctions
  • wondercoinwondercoin Posts: 16,974 ✭✭✭✭✭
    Pete Tompkins excels in this field. I wouldn't question his "warning" at this point (in fact, if I was possibly passing out a virus, I would want folks to know). But, perhaps Coinguy can come on the thread and comment on this to clear this up. image

    Wondercoin
    Please visit my website at www.wondercoins.com and my ebay auctions under my user name www.wondercoin.com.
  • dbldie55dbldie55 Posts: 7,733 ✭✭✭✭✭
    If you get an email with a from line of "inquiry@pinacle-rarities.com", you can be all but certain that it did NOT come from this address. You need to examine the headers of the file to find where it came from. It looks like a person who was infected had both of these addresses in their address book. I saw this virus 4 times yesterday. Naturally, I had to unzip the attachment and see what the file was. It contained the file details.pif (the good 'ol klez again). It would not allow me to run it on my machine though. Darn.

    You can read about it here.
    Collector and Researcher of Liberty Head Nickels. ANA LM-6053
  • coinguy1coinguy1 Posts: 13,484 ✭✭✭
    Hi Pete,

    I have been told that the virus clearly does NOT originate with us. Someone at our office checked with web hosting, our email systems and our IT people, whatever all that means.image

    Thanks for bringing this matter to everyone's attention. I just got back in town late last night, or I would have responded sooner.

  • BearBear Posts: 18,953 ✭✭✭
    Thats why those of us with brains have anti virus programs that are

    constantly updated.
    There once was a place called
    Camelotimage
  • dbldie55dbldie55 Posts: 7,733 ✭✭✭✭✭
    I am one of those without brains, as I have no anti virus program. Too much of a system hog. Still love to get the virus mails though.

    Of course, if you get the virus before there is an update for it, it does little good to have the anti virus program.
    Collector and Researcher of Liberty Head Nickels. ANA LM-6053
  • supercoinsupercoin Posts: 2,323
    Every couple weeks some infected machine somewhere sends out copies of the Klez virus with a supercoin.com return address. I know that because I get bounced copies of the e-mail from some of the recipients.

    There are probably people out there who think I'm passing that virus along, as would be natural to assume if you weren't familiar with how it works. And unfortunately there's not a thing I (or Pinnacle) can do about it.
    imageLibertarian Party
  • sinin1sinin1 Posts: 7,500
    isn't there a way to tell from the ip source code or whatever who was the original sender of the virus?

    some people have this virus and do not know they are spreading it.


    there are free KLEZ cleaners available
  • DMWJRDMWJR Posts: 6,008 ✭✭✭✭✭
    I have noticed a rise in the number of times my machine has picked up a klez virus over the last few weeks. Somebody in the group has it and is sending it out to the rest of us. I know mine is clean, and picks up all incoming klez strains.
    Doug
  • tompkinstompkins Posts: 413
    Steve:
    I received a Virus that APPEARED to come from Pinnacle. The reason "Pinnacle" waas in the subject of my post, is that "Pinnacle" is in the "From" line of the virus-infected email. I now believe it probably came from someone who has both Pinnacle and me in their contact list! I posted this so that someone else receiving the same virus would be forewarned and not open the attachment.

    If Pinnacle was offended, I sincerely apologize to them! In fact, I emailed Mark (and he has replied both through this thread and through PM). I did not at the time have the time to investigate where the virus actually came from---Mark is, in fact, correct: the cvirus in all likelihood did not come from him---BUT he WOULD be blamed by someone if this email that appears to be from him hurt their machine. (By the way, Mark, from both his post and his PM, does not appear to be offended).

    In that sense, I feel I did not do anyone (especially not Pinnacle) a disservice warning people that something that appears to be a legitimate mail is not.

    Best Regards,

    Pete
    My coins
  • MoneyLAMoneyLA Posts: 1,825
    First, thank you for the warning about the virus.

    Second, I never open attachments without first confirming with the sender (if the sender is known to me) that indeed they sent an attachment to me. If the sender is not known to me, in the trash it goes.

    Third, Pinnacle or other senders we know should not be blamed for thaving their name show up as a virus sender. It is very common for a virus or worm to steal a legitimate sender's name and use it to replicate itself through address books. It has happened to me. For a while, someone was using my website address to send out emails with virus attachments.

    careful with those attachments.

    cheers, alan mendelson
    Cheers, Alan Mendelson
    www.AlanBestBuys.com
    www.VegasBestBuys.com
Sign In or Register to comment.