Thread

Board Archives

Site Features

Activeworlds Support

Historic Archives
Some other virus: (Community)

Some other virus: // Community

1  |  

johnf

Mar 14, 2004, 9:09am
----------------------------------------------------------------------------
------------------------
Dear user, the management of 3d-reality.com mailing system wants to let you
know that,

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.

For further details see the attach.

Cheers,
The 3d-reality.com team http://www.3d-reality.com
----------------------------------------------------------------------------
------------------------

I received the above e-mail this morning (I assume its coming from the same
place as netsky), containing W32/Bagle.n at MM. Watch out for these
yourselves.... luckily I a) Own the domain, so I know its fake and B) don't
open executable extension files, lol!

~John

andras

Mar 14, 2004, 2:19pm
[View Quote]
> I received the above e-mail this morning (I assume its coming from the same
> place as netsky), containing W32/Bagle.n at MM. Watch out for these
> yourselves.... luckily I a) Own the domain, so I know its fake and B) don't
> open executable extension files, lol!
>
> ~John
>
>

Removal tool for those who are infected (I know at least one AW user who is) :

<http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle at mm.removal.tool.html>

--
Andras
"It's MY computer" (tm Steve Gibson)

lioness.

Mar 14, 2004, 6:00pm
yes, I got the same thing too but mine says from yahoo. I guess cus my email
addy is from yahoo. Turns out it also was the "beagle" virus. Thank goodness
I didn't just assume it was from yahoo and double checked it right away. But
it DID look like a legit message at first. Am pasting it here to show
everyone, but please note that I am altering yahoo's link so nobody can
accidentally click on it. Be careful out there folks:


----- Original Message -----
From: <noreply at yahoo.com>
To: <Lioness at yahoo.com>
Sent: Wednesday, March 03, 2004 4:26 PM
Subject: E-mail account disabling warning.


> Hello user of Yahoo.com e-mail server,
>
> Our antivirus software has detected a large ammount of viruses
outgoing
> from your email account, you may use our free anti-virus tool to clean
up
> your computer software.
>
> Please, read the attach for further details.
>
> Attached file protected with the password for security reasons.
Password is 40166.
>
> Cheers,
> The Yahoo.com team http://www.yaho.com
>





[View Quote]

andras

Mar 14, 2004, 7:07pm
[View Quote] > yes, I got the same thing too but mine says from yahoo. I guess cus my email
> addy is from yahoo. Turns out it also was the "beagle" virus. Thank goodness
> I didn't just assume it was from yahoo and double checked it right away. But
> it DID look like a legit message at first. Am pasting it here to show
> everyone, but please note that I am altering yahoo's link so nobody can
> accidentally click on it. Be careful out there folks:
>
>

Could you please post the source of the message? I wonder what is the originating IP.

Thanks,
--
Andras
"It's MY computer" (tm Steve Gibson)

casey n qrv o

Mar 14, 2004, 7:38pm
yahoo tip: Did you receive an email that impersonated Yahoo! and contained a
virus? Forward it to spoof at yahoo-inc.com.

[View Quote]

johnf

Mar 14, 2004, 7:50pm
X-McAfeeVS-TimeoutProtection: 0
Received: from VAIO.net [24.186.156.179] by web20
(SMTPD32-7.07) id A8A03A600F6; Sun, 14 Mar 2004 05:49:04 -0500
Date: Sun, 14 Mar 2004 05:47:08 -0500
To: <<my email addy was here>
Subject: Email account utilization warning.
From: noreply at 3d-reality.com
Message-ID: <oinrwluffajuujjkrbi at 3d-reality.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------vsbjfstxyuiatyinenis"
X-RCPT-TO: <and here! :p>
Status: U
X-UIDL: 342503269


----------vsbjfstxyuiatyinenis
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<html><body>
Dear user, the management of <b>3d-reality.com</b> mailing system wants
to let you know that,<br>
<br>
We warn you about some attacks on your e-mail account. Your computer may
<br>contain viruses, in order to keep your computer and e-mail account
safe,<br>
please, follow the instructions.<br><br>

For further details see the attach.<br>
<br>
Cheers,<br>
&nbsp; &nbsp; The 3d-reality.com team &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; <a
href="http://www.3d-reality.com">http://www.3d-reality.com</a></body></html>

----------vsbjfstxyuiatyinenis
Content-type: text/plain; charset=iso-8859-1
Content-Disposition: attachment;filename=McAfee_EmailScanReport.txt
Content-Transfer-Encoding: quoted-printable


****************** McAfee VirusScan ************************
******* Alert generated at: Sun, 14 Mar 2004 10:58:16 +0000 *********
*********************************************************************

McAfee VirusScan has detected a potential threat in this e-mail=20
sent by noreply at 3d-reality.com.
The following actions were attempted on each suspicious part.=20
We strongly recommend that you report this virus-related activity=20
to noreply at 3d-reality.com.


The attachment "MoreInfo.pif" is infected with the New Malware.b Virus(e=
s).=20
This attachment has been quarantined.


----------vsbjfstxyuiatyinenis--

[View Quote]

lioness.

Mar 14, 2004, 9:19pm
Thanks for reminding me hon! Forgot all about that! ;-"D


[View Quote]

andras

Mar 15, 2004, 12:22am
[View Quote] > X-McAfeeVS-TimeoutProtection: 0
> Received: from VAIO.net [24.186.156.179] by web20
> (SMTPD32-7.07) id A8A03A600F6; Sun, 14 Mar 2004 05:49:04 -0500
> Date: Sun, 14 Mar 2004 05:47:08 -0500
> To: <<my email addy was here>
> Subject: Email account utilization warning.
> From: noreply at 3d-reality.com
> Message-ID: <oinrwluffajuujjkrbi at 3d-reality.com>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="--------vsbjfstxyuiatyinenis"
> X-RCPT-TO: <and here! :p>
> Status: U
> X-UIDL: 342503269
>

Thanks - I know this person and I warned him about his machine infected!

--
Andras
"It's MY computer" (tm Steve Gibson)

alexthemartian

Mar 15, 2004, 4:19am
lol.. look at this, it is so stupid becuase there is no such thing as a
virtual-studios.net team, becuase that is my own DOMAIN! FAKE! FAKE!:

"Dear user of Virtual-studios.net e-mail server gateway,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For more information see the attached file.

Yours,
The Virtual-studios.net team
http://www.virtual-studios.net "

alexthemartian

Mar 15, 2004, 4:47am
btw i posted the headers in my post above named "what the?"

[View Quote] > lol.. look at this, it is so stupid becuase there is no such thing as a
> virtual-studios.net team, becuase that is my own DOMAIN! FAKE! FAKE!:
>
> "Dear user of Virtual-studios.net e-mail server gateway,
>
> Some of our clients complained about the spam (negative e-mail content)
> outgoing from your e-mail account. Probably, you have been infected by
> a proxy-relay trojan server. In order to keep your computer safe,
> follow the instructions.
>
> For more information see the attached file.
>
> Yours,
> The Virtual-studios.net team http://www.virtual-studios.net "
1  |  
Awportals.com is a privately held community resource website dedicated to Active Worlds.
Copyright (c) Mark Randall 2006 - 2024. All Rights Reserved.
Awportals.com   ·   ProLibraries Live   ·   Twitter   ·   LinkedIn