A number of reports have been received from our customers of emails threatening suspension or termination of customer accounts. These emails are scams. If you receive one of these messages, please contact the Support Department by email or phone, and we will give you instructions on how you can help us contain and minimize these threats.
 
IMPORTANT
CityStar and A 1st Internet will never send you any attached files other than your invoices and statements as .PDF (Adobe Acrobat) files, and these will always be sent from billing_dept@citystar.com. Do not open *any* attached files ending in .ZIP, .PIF, .EXE, .SCR etc. unless you have confirmed their veracity with a sender who is known to you.
 
We have quoted one of these fraudulent emails below in order to give you an idea of the typical wording. Thank you once again for choosing CityStar.
 
Artie Romero
CityStar Group, Inc.
support@citystar.com
(719) 302-3044
 
+++++++++++++++++++++
BEGIN quoted malware-infected fraud email including all headers:
+++++++++++++++++++++
 
Return-Path:
Received: from srv03.citystar.com (root@localhost)
by citystar.com (8.12.10/8.12.10) with ESMTP id j7PDV0U3028177
for ; Thu, 25 Aug 2005 07:31:00 -0600
Received: from a-1st.net (www.citystar.biz [207.44.132.61])
by srv03.citystar.com (8.12.10/8.12.10) with ESMTP id j7PDV0RL028173
for ; Thu, 25 Aug 2005 07:31:00 -0600
Received: from srv02.citystar.biz (root@localhost)
by a-1st.net (8.11.6/8.11.6) with ESMTP id j7PD5b422236
for ; Thu, 25 Aug 2005 07:05:37 -0600
X-ClientAddr: 24.32.98.106
Received: from a-1st.net (doc-24-32-98-106.cabot.ar.cebridge.net [24.32.98.106] (may be forged))
by srv02.citystar.biz (8.11.6/8.11.6) with ESMTP id j7PD5TM22226
for ; Thu, 25 Aug 2005 07:05:33 -0600
Message-Id: <200508251305.j7PD5TM22226@srv02.citystar.biz>
From: support@a-1st.net
To: sales@a-1st.net
Subject: Security measures
Date: Thu, 25 Aug 2005 09:04:11 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0013_ACDE7CE4.3DEF3F5B"
X-Priority: 3
X-MSMail-Priority: Normal
 
Dear A-1st Member,
 
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
 
If you choose to ignore our request, you leave us no choice but to cancel your membership.
 
Virtually yours,
 
The A-1st Support Team
 
+++ Attachment: No Virus found
 
+++ A-1st Antivirus - www.a-1st.net
 
Attachments:
 
important-details.zip
 
+++++++++++++++++++++
END quoted malware-infected fraud email
+++++++++++++++++++++
 
Notes on the above:
 
The file "important-details.zip" most likely carries a virus, trojan, backdoor, or other malware. The statement "Attachment: No Virus found" is part of the scam. The signature, "The A-1st Support Team," is fraudulent, and an infringement of a trademark owned by CityStar Group, Inc. The sender of the above-quoted message was most likely an innocent dupe who opened a similar message attachment, thus giving a black-hat hacker control of his/her system. Nevertheless, his/her ISP has been notified of this problem. Thank you once again for choosing A 1st Internet, a division of CityStar Group, Inc.
 
Here is another example:
 
+++++++++++++++++++++
BEGIN quoted malware-infected fraud email including all headers:
+++++++++++++++++++++
 
Subject: Your Account is Suspended
From: support@a-1st.net
Date: Sat, August 27, 2005 1:49 pm
To: sales@a-1st.net
 
Some information about your A-1st account is attached.
 
The A-1st Support Team
 
Attachment: important-details.zip
 
+++++++++++++++++++++
END quoted malware-infected fraud email
+++++++++++++++++++++