E-mail account security warning.
Dear user, the management of Suse.com mailing system wants to let you know that, Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions. For further details see the attach. For security reasons attached file is password protected. The password is "34451". Sincerely, The Suse.com team http://www.suse.com
On Thursday 04 March 2004 08:34, management@suse.com wrote:
Dear user, the management of Suse.com mailing system wants to let you know that,
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For further details see the attach.
For security reasons attached file is password protected. The password is "34451".
Sincerely, The Suse.com team http://www.suse.com
WTF? -- Greetings from /bill at 169 west , 19 south. Disclaimer: Any errors in spelling, tact, or fact are transmission errors."
On Thu, 2004-03-04 at 14:34, management@suse.com wrote:
Dear user, the management of Suse.com mailing system wants to let you know that,
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For further details see the attach.
For security reasons attached file is password protected. The password is "34451".
Sincerely, The Suse.com team http://www.suse.com
Any clues that I also got this???? Marshall
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 04 March 2004 03:07 pm, Anders Johansson wrote:
On Thursday 04 March 2004 21.06, Marshall Heartley wrote:
Any clues that I also got this????
It was sent to the list. All subscribers got it.
I got one with Borland news server in the header. People wonder why I hate that particular company. My inbox is so full of crap like that, even with spam assassin, I don't even care to look to see if I have mail there. STH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAR5txwX61+IL0QsMRAnfaAJ44AF+8E7m8fR7EvJS0ssadGG+gcACgx+JW aj8fzHHnh0+0vWv7WAJxu+E= =rBC7 -----END PGP SIGNATURE-----
Its a Windowz virus.. Heres the Symantec Info - http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html --Charles
On Thursday 04 March 2004 3:06 pm, Marshall Heartley wrote:
On Thu, 2004-03-04 at 14:34, management@suse.com wrote:
Dear user, the management of Suse.com mailing system wants to let you know that,
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For further details see the attach.
For security reasons attached file is password protected. The password is "34451".
Sincerely, The Suse.com team http://www.suse.com
Any clues that I also got this????
MOST of this type junk mail has a virus attached, but there wasn't anything attached because of the list. This is a worm, actually, and it's VERY good at appearing to have come from the listed address. 'Affects MickySoft systems ONLY. Fred -- "...Linux, MS-DOS, and Windows XP (also known as the Good, the Bad, and the Ugly)."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 05 March 2004 02:05 am, Fred Miller wrote:
MOST of this type junk mail has a virus attached, but there wasn't anything attached because of the list. This is a worm, actually, and it's VERY good at appearing to have come from the listed address. 'Affects MickySoft systems ONLY.
Fred
I've got the virus sitting right here on my harddrive if anybody wants it. I haven't hexilified this one, but it looks pretty tightly wrapped. Not you typical VB variety. STH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFASCgFwX61+IL0QsMRAq4pAJ4ohgLGkrJqyJwdNAmwn6nAl/dRnQCg9BoM f9OAqOKOF1VBLTQRw9Zw3Ik= =e2TA -----END PGP SIGNATURE-----
On Friday 05 March 2004 2:11 am, Steven T. Hatton wrote:
On Friday 05 March 2004 02:05 am, Fred Miller wrote:
MOST of this type junk mail has a virus attached, but there wasn't anything attached because of the list. This is a worm, actually, and it's VERY good at appearing to have come from the listed address. 'Affects MickySoft systems ONLY.
Fred
I've got the virus sitting right here on my harddrive if anybody wants it. I haven't hexilified this one, but it looks pretty tightly wrapped. Not you typical VB variety.
Correct it's not. Once you give it the password, it then will write a passworded (maybe hidden) file to your hard drive (assuming a 'bloze box). The worm then spams other systems. Fred -- "...Linux, MS-DOS, and Windows XP (also known as the Good, the Bad, and the Ugly)."
On Fri, 5 Mar 2004 02:11:01 -0500 "Steven T. Hatton" <hattons@globalsymmetry.com> wrote:
I've got the virus sitting right here on my harddrive if anybody wants it. I haven't hexilified this one, but it looks pretty tightly wrapped. Not you typical VB variety.
I was wondering if I could use ndisasm for a Windows binary or any other tool that could do the job without wine. This crap seems to be quite successful considering what I see on my logs. We'd ask reimbursement to sysadmin configuring their antivirus sending twice this junk. After all they are sending unsolicited bulk emails ;)
The 2004-03-05 at 09:52 +0100, Ivan Sergio Borgonovo wrote:
We'd ask reimbursement to sysadmin configuring their antivirus sending twice this junk. After all they are sending unsolicited bulk emails ;)
X-) I thought about that just before this one hit the list - I got strange bounces from emzlm shortly before. They should have an antivirus on email entry. -- Cheers, Carlos Robinson
The 2004-03-05 at 02:11 -0500, Steven T. Hatton wrote:
I've got the virus sitting right here on my harddrive if anybody wants it.
Has it got a name? Just curious. Or better, a link to an explanation of what it does. -- Cheers, Carlos Robinson
participants (9)
-
Anders Johansson -
Bill Wisse -
Carlos E. R. -
Charles -
Fred Miller -
Ivan Sergio Borgonovo -
management@suse.com -
Marshall Heartley -
Steven T. Hatton