|
New Virus!
I have gotten about 10 emails with different names on them to my adult email accounts. When you clcik the email in Outlook it instantly tries to open and ask if you want to save it to disk or open.
The files says: C:/Windows Temporary Internet Files\Content.IE5\SE5V8XAJ\stuff.mp3.pif Of course I elect to close =) Here is the message source: Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 68392 invoked from network); 25 Nov 2001 18:37:20 -0000 Received: from unknown (HELO mail7.wlv.netzero.net) (209.247.163.57) by 64.62.104.68 with SMTP; 25 Nov 2001 18:37:20 -0000 Received: (qmail 27427 invoked from network); 25 Nov 2001 18:00:54 -0000 Received: from dialup-64.154.123.49.dial1.omaha1.level3.net (HELO aol.com) (64.154.123.49) by mail7.wlv.netzero.net with SMTP; 25 Nov 2001 18:00:54 -0000 From: "kira lefholtz" <[email protected]> To: [email protected] Subject: Re: MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 And on one of the others: Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 65328 invoked from network); 25 Nov 2001 10:08:29 -0000 Received: from unknown (HELO harrier.prod.itd.earthlink.net) (207.217.120.12) by 64.62.104.68 with SMTP; 25 Nov 2001 10:08:29 -0000 Received: from pool-63.53.131.67.nwrk.grid.net ([63.53.131.67] helo=aol.com) by harrier.prod.itd.earthlink.net with smtp (Exim 3.33 #1) id 167vdv-0004nU-00 for [email protected]; Sun, 25 Nov 2001 01:32:07 -0800 From: "Greg Hoggatt" <[email protected]> To: [email protected] Subject: Re: MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 Message-Id: <[email protected]> Date: Sun, 25 Nov 2001 01:32:07 -0800 Looks like it attaches and sends out in your email possibly. If someone wants the file I can send it to you. Shane |
And all of the subjects have been just
RE: Shane |
yeah, just got up and dled my email. over 100 of these damn things today. got around 20 the day before.
|
I got about a dozen of them before I got bored with the antics and filtered them out.
|
I've been getting those too.
|
Open it with winamp it has a really nice message too http://bbs.gofuckyourself.net/board/smile.gif
|
heh, just got my first these kind of mails http://bbs.gofuckyourself.net/board/wink.gif deleted right away..
.:h0st |
What about an email that says something like:
"I send you this file in order to have your advice." they always have re: in the subject as well, anybody knows what this one is? Most of the time is a 300k attackment, one time I got like 200 of these in a day. |
Quote:
|
Quote:
|
if you are dumb enough to open the attachment or you just feel like taking a crap in your pc it sends the file to everyone in your address book and so on to everyone who opens it. I think thats why it never ends and it has been going on for months.
|
Those are easy to get rid of =) If you are using outlook express go into TOOLS/MESSAGE RULES and set a rule to delete anything more then 100 or 150kb in size. I mean how often do you get a legitmate email that big? I know i sure don't hehe. When I did that that stopped 99% of them. I may get 1 a week now.
Shane |
what about outlook 2000?
|
Actually, instead of eliminating your option to receive larger attachments, why not make a rule that filters and send them to a special directory.... or even the Deleted Items directory... base the new rule on something else unique to those mails... like some of the text, since it always seems to be the same, or pretty close... then whenever you see new mail in that directory, it'll be easy enough to scan through the titles and know if they're all junk or if someone's legit email got mixed in. Do a mass select and delete all the crap. http://bbs.gofuckyourself.net/board/wink.gif
|
Normally, I would filter shit like that at the server level so that it never even makes it beyond that... but like I said, those particular mails are tricky to filter because they're always coming from somewhere new.
|
I got one this morning that automatically installed as soon as I viewed the message. I'm not stupid enough to click on attachments, but this sucker autoinstalled.
The bitch of it is that I could have sworn I had all the latest critical updates installed from windows update. I specifically remember installing them on that computer. The only thing I can think happened is that when I downloaded the critical updates before they didn't install properly. I've had that happen on other computers. Just spent the last 2 hours fucking around getting rid of it. ARGGHHH!!! |
I wonder I get a prompt from Win ME every night to see If I want to download updates.
|
I've been getting a shit load of virus's in my mail lately. My virus program is going crazy everytime I read my mail
------------------ Nude Central 60% Partnership Also Earn 10% on referrals Nude Central |
Quote:
|
I got 20+ of those emails today, I never open attachments from people I don't know but after 5 emails i knew it had to be an other virus http://bbs.gofuckyourself.net/board/biggrin.gif
It came to an addy I've just put up on my website a couple days ago, looks like we're gonna see alot more of them the comming days http://bbs.gofuckyourself.net/board/frown.gif |
VIRUS NAME:
W32.Badtrans.B@mm Discovered on: November 24, 2001 W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes. Type: Worm Damage: Payload: Large scale e-mailing: Sends email from addresses found in the default MAPI program. Compromises security settings: Installs keystroke logging Trojan. Technical description: This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR DOCS S3MSONG ME_NUDE CARD SEARCHURL YOU_ARE_FAT! NEWS_DOC IMAGES PICS The first extension that is appended to the file name is one of the following: .DOC .MP3 .ZIP The second extension that is appended to the file name is one of the following: .pif .scr The resulting file name would look something like this: CARD.DOC.PIF NEWS_DOC.MP3.SCR etc. When executed, this worm copies itself as kernel32.exe in the "\windows\system" directory. It then adds the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\Kernel32=kernel32.exe. Prevention methods: 1. Corporate email filtering systems should block all email that have attachments with the extensions .scr and .pif. 2. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted. |
|
When Sircam first hit I was getting hundreds of them an hour, because the virus grabs email addresses from a PC's internet cache. I have always used a stand-alone email client so I don't have to mess with all the problems of Outlook. The problem then became the sheer volume of the downloads.
In the last few days I've been getting an increasing number of the Badtrans emails. The biggest threat with them is that there is not really an attachment to have to click on to view. The virus installs itself when the user clicks on the email to read it in Outlook. I finally found a small program that downloads headers only, lets me delete the emails I want to (anything suspicious) and then I can download the *real* email in my regular email client. The program I'm using is called Email Remover . It's freeware, very basic and small, but it's getting the job done for me. It's available at http://www.tucows.com/preview/194114.html [This message has been edited by PersianKitty (edited 11-26-2001).] |
I dont keep adress books. The best solution to keep such viruses or worms from activating or spreading.
|
| All times are GMT -7. The time now is 10:02 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123