Warning: Email Virus Claiming to be from PetrolPrices.com

It has been brought to our attention that someone is sending out a virus that says it is from PetrolPrices.com

If you have received an e-mail from Steve Grey, who is claiming to be the Editor of PetrolPrices.com then please delete it immediately. Do not under any circumstances open the file attached to this e-mail as it contains a virus. This e-mail was not sent from PetrolPrices.com, nor did they get your e-mail address from us. We take stringent measures to protect the privacy of our users. If you have signed up to this and received the virus e-mail then it is an unfortunate coincidence.

We have answered some common questions you may have below.

How did they get my e-mail address?

We can only guess, but we are certain that they did not get your e-mail address from us. This virus appears to have been sent to a huge number of people, most of them are not PetrolPrices.com users, but a small percentage were, so these people are right to be suspicious, but we will stress again that the security of our user data is of utmost importance to us and we implement numerous measures to make sure it is kept private.

Looking at the source headers of the e-mails being sent out, we assume this virus is an e-mail worm that will spread to your address book if you run the attachment.

Why does the e-mail come from PetrolPrices.com?

The virus is “spoofing” PetrolPrices.com, that means it is pretending to come from us when in fact it comes from a spammer or an infected machine.

What measures can PetrolPrices.com take to stop these spams?

Unfortunately, there is not an awful lot we can do. When the idea for E-mail was conceived, the Scientists who designed it were an honest bunch, and didn’t consider that people would want to lie about who they are when sending e-mails. Therefore, one of the major problems with e-mail, is that it is possible (in fact extremely easy) to send an e-mail pretending to be someone else. This is how spammers and e-mail viruses work. They pick an honest web site like ours, and then fire out millions of e-mails pretending to be from it. If anyone checks the website, it looks genuine, and the user will be more inclined to open the attachment.

This sounds terrible! There must be something you can do?

Well, in recent years the Internet community have come up with a few ways to fight back at spam, and one of the simplest and most effective ideas is a new measure called SPF. SPF stands for Sender Policy Framework, and what this provides is a system to verify who is allowed to send e-mails from any particular domain name. Quite simply, if your ISP (or e-mail provider) had implemented SPF checks you would not have received this spam.

We have published SPF records on our domain name (via the DNS system) which detail the servers that are permitted to send e-mail for PetrolPrices.com – you can see more detail on what we have set up here: http://www.openspf.org/wizard.html?mydomain=petrolprices.com&x=0&y=0

SPF is an open standard that is free for everyone to use. By using it you won’t stop spam all together, but you will stop any spam or virus e-mails that forge the envelope sender address. If your ISP or e-mail provider do not currently support the SPF standard then you really should lobby them to do so. You can find more information on SPF here.

My ISP is too slow/lazy to implement SPF, what can I do?

Find a new ISP or e-mail provider! Google’s free Gmail service uses both SPF and another measure called domain keys to protect users from spam. Hotmail also uses SPF checks as do Yahoo and AOL.

What does the virus e-mail look like?

	Dear colleagues and friends

	We are circulating an attachment proving the major oil companies are
	working closely with certain politicians (as can be seen in the
	attached photo) to keep petrol prices at an all time high.

	After a year of rising prices it is the public that are now bearing
	the cost of the fall out in the Middle East. Do you think this is
	fair? Bush and Blair can be seen shaking hands with the president
	of BP and Texaco after a hush hush meeting. The attached article
	shows that Bush and Blair know that high petrol prices drives
	Barrel prices up-words and so in turn increases the value of
	stockpiled oil. This is hiding the costs of the recent and on-going
	troubles in the Middle East and is a ploy to keep the current
	Governments confidence rating high in the public eye.

	Do not be fooled by figures!

	Regards,

	Steve Grey
	Editor
	www.petrolprices.com

I ran the attachment and I think I have a virus, what can I do?

You really need to get a virus checker installed. There are lots of commerical ones available such as McAfee, Symantec, Kaspersky, but if you are looking for a free one then you could try AVG.

How was this virus brought to your attention?

Fortunately, some good web citizens who received the virus have written to us to let us know:

Richard wrote in….

	You've probably already been made aware of this... but the email address
	steve at PetrolPrices.com is being used to send round a very dodgy Windows
	executable attachment as spam (probably a virus, though not one that's
	being picked up by anti-virus scanners - yet).  The email (or at least, my
	copy of it) has a US source IP address.  The subject matter of the
	covering note makes it *very* believable, as it's all about petrol prices.

	There's not a lot you can do about it, of course, except perhaps a
	prominent disclaimer on the web site and/or sent round to your legit
	mailing list.

	I can forward a copy if you need it.

	Richard

And Darren also said…

	I have received an e-mail from a Steve Grey who says he's the Editor of
	PetrolPrices.com. The e-mail appears to be a newsletter about the ongoing
	problems with petrol prices and the middle east. The e-mail has an attachment
	of photo+article.zip which contains a Photo and Article.exe file. This file
	is infected with the W32/Sdbot.worm.gen.as virus. I doubt very much that this
	e-mail is actually from you and if it is you wouldnt have intentionally sent
	me a virus! I thought I should let you know about this problem incase you
	wanted to warn your members =)
	Darren