ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
Some other virus: (Community)
Some other virus: // CommunityjohnfMar 14, 2004, 9:09am
----------------------------------------------------------------------------
------------------------ Dear user, the management of 3d-reality.com mailing system wants to let you know that, We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions. For further details see the attach. Cheers, The 3d-reality.com team http://www.3d-reality.com ---------------------------------------------------------------------------- ------------------------ I received the above e-mail this morning (I assume its coming from the same place as netsky), containing W32/Bagle.n at MM. Watch out for these yourselves.... luckily I a) Own the domain, so I know its fake and B) don't open executable extension files, lol! ~John andrasMar 14, 2004, 2:19pm
[View Quote]
> I received the above e-mail this morning (I assume its coming from the same > place as netsky), containing W32/Bagle.n at MM. Watch out for these > yourselves.... luckily I a) Own the domain, so I know its fake and B) don't > open executable extension files, lol! > > ~John > > Removal tool for those who are infected (I know at least one AW user who is) : <http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle at mm.removal.tool.html> -- Andras "It's MY computer" (tm Steve Gibson) lioness.Mar 14, 2004, 6:00pm
yes, I got the same thing too but mine says from yahoo. I guess cus my email
addy is from yahoo. Turns out it also was the "beagle" virus. Thank goodness I didn't just assume it was from yahoo and double checked it right away. But it DID look like a legit message at first. Am pasting it here to show everyone, but please note that I am altering yahoo's link so nobody can accidentally click on it. Be careful out there folks: ----- Original Message ----- From: <noreply at yahoo.com> To: <Lioness at yahoo.com> Sent: Wednesday, March 03, 2004 4:26 PM Subject: E-mail account disabling warning. > Hello user of Yahoo.com e-mail server, > > Our antivirus software has detected a large ammount of viruses outgoing > from your email account, you may use our free anti-virus tool to clean up > your computer software. > > Please, read the attach for further details. > > Attached file protected with the password for security reasons. Password is 40166. > > Cheers, > The Yahoo.com team http://www.yaho.com > [View Quote] andrasMar 14, 2004, 7:07pm
[View Quote]
> yes, I got the same thing too but mine says from yahoo. I guess cus my email
> addy is from yahoo. Turns out it also was the "beagle" virus. Thank goodness > I didn't just assume it was from yahoo and double checked it right away. But > it DID look like a legit message at first. Am pasting it here to show > everyone, but please note that I am altering yahoo's link so nobody can > accidentally click on it. Be careful out there folks: > > Could you please post the source of the message? I wonder what is the originating IP. Thanks, -- Andras "It's MY computer" (tm Steve Gibson) casey n qrv oMar 14, 2004, 7:38pm
yahoo tip: Did you receive an email that impersonated Yahoo! and contained a
virus? Forward it to spoof at yahoo-inc.com. [View Quote] johnfMar 14, 2004, 7:50pm
X-McAfeeVS-TimeoutProtection: 0
Received: from VAIO.net [24.186.156.179] by web20 (SMTPD32-7.07) id A8A03A600F6; Sun, 14 Mar 2004 05:49:04 -0500 Date: Sun, 14 Mar 2004 05:47:08 -0500 To: <<my email addy was here> Subject: Email account utilization warning. From: noreply at 3d-reality.com Message-ID: <oinrwluffajuujjkrbi at 3d-reality.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------vsbjfstxyuiatyinenis" X-RCPT-TO: <and here! :p> Status: U X-UIDL: 342503269 ----------vsbjfstxyuiatyinenis Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit <html><body> Dear user, the management of <b>3d-reality.com</b> mailing system wants to let you know that,<br> <br> We warn you about some attacks on your e-mail account. Your computer may <br>contain viruses, in order to keep your computer and e-mail account safe,<br> please, follow the instructions.<br><br> For further details see the attach.<br> <br> Cheers,<br> The 3d-reality.com team <a href="http://www.3d-reality.com">http://www.3d-reality.com</a></body></html> ----------vsbjfstxyuiatyinenis Content-type: text/plain; charset=iso-8859-1 Content-Disposition: attachment;filename=McAfee_EmailScanReport.txt Content-Transfer-Encoding: quoted-printable ****************** McAfee VirusScan ************************ ******* Alert generated at: Sun, 14 Mar 2004 10:58:16 +0000 ********* ********************************************************************* McAfee VirusScan has detected a potential threat in this e-mail=20 sent by noreply at 3d-reality.com. The following actions were attempted on each suspicious part.=20 We strongly recommend that you report this virus-related activity=20 to noreply at 3d-reality.com. The attachment "MoreInfo.pif" is infected with the New Malware.b Virus(e= s).=20 This attachment has been quarantined. ----------vsbjfstxyuiatyinenis-- [View Quote] andrasMar 15, 2004, 12:22am
[View Quote]
> X-McAfeeVS-TimeoutProtection: 0
> Received: from VAIO.net [24.186.156.179] by web20 > (SMTPD32-7.07) id A8A03A600F6; Sun, 14 Mar 2004 05:49:04 -0500 > Date: Sun, 14 Mar 2004 05:47:08 -0500 > To: <<my email addy was here> > Subject: Email account utilization warning. > From: noreply at 3d-reality.com > Message-ID: <oinrwluffajuujjkrbi at 3d-reality.com> > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------vsbjfstxyuiatyinenis" > X-RCPT-TO: <and here! :p> > Status: U > X-UIDL: 342503269 > Thanks - I know this person and I warned him about his machine infected! -- Andras "It's MY computer" (tm Steve Gibson) alexthemartianMar 15, 2004, 4:19am
lol.. look at this, it is so stupid becuase there is no such thing as a
virtual-studios.net team, becuase that is my own DOMAIN! FAKE! FAKE!: "Dear user of Virtual-studios.net e-mail server gateway, Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions. For more information see the attached file. Yours, The Virtual-studios.net team http://www.virtual-studios.net " alexthemartianMar 15, 2004, 4:47am
btw i posted the headers in my post above named "what the?"
[View Quote] > lol.. look at this, it is so stupid becuase there is no such thing as a > virtual-studios.net team, becuase that is my own DOMAIN! FAKE! FAKE!: > > "Dear user of Virtual-studios.net e-mail server gateway, > > Some of our clients complained about the spam (negative e-mail content) > outgoing from your e-mail account. Probably, you have been infected by > a proxy-relay trojan server. In order to keep your computer safe, > follow the instructions. > > For more information see the attached file. > > Yours, > The Virtual-studios.net team http://www.virtual-studios.net " |