Does it get any more obvious ?

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Today I checked my email and seen this,

From: ¤p±Ó
Subject: Ëק»¨Ó¤F

I knew it was something to do with a virus as soon as i seen it, but just for kicks i disabled images and opened it up.
Sure enough there was nothing but a grey disabled image box centered with nothing else, I imagine it was some sort of .htt worm mis-labeled with a GIF extension.

Just wanted to give a heads up if someone gets an email with the from and subject like above DO NOT EVEN OPEN IT !!!!
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • BlueHat
  • Banned
  • Banned
  • User avatar
  • Posts: 589
  • Loc: Cyprus

Post 3+ Months Ago

Thanks for the warning...
  • Nego
  • Expert
  • Expert
  • User avatar
  • Posts: 697
  • Loc: Chicago

Post 3+ Months Ago

Hehe, once I got one but, it had a friend's name on it so I opened it. Low n' behold the damn this is a .htt img that buried like 4 trojans in my computer... Took like 40 virus scans to get rid of it :(
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

While i'm at it here's the address it came from and some domain relatives if anyone wants to look it up or cut it off at the pass by blobking it.


Code: [ Select ]
From : ¤p±Ó <allopiu@ms56.hinet.net>
Sent : Friday, March 12, 2004 10:12 AM
Subject : Ëק»¨Ó¤F
Received: from .............hotmail.com ([..............]) by .................hotmail.com with Microsoft SMTPSVC(.........); Fri, 12 Mar 2004 08:41:40 -0800
Received: from hotmail.com ([..............]) by ...........hotmail.com with Microsoft SMTPSVC(...............); Fri, 12 Mar 2004 08:40:57 -0800
X-Message-Info: ...........................=
Return-Path: allopiu@ms56.hinet.net
Message-ID: <...........................>
X-OriginalArrivalTime: 12 Mar 2004 16:40:58.0273 (UTC) FILETIME=[.....................]

--------------------

traceroute to ms56.hinet.net (168.95.4.56), 30 hops max, 40 byte packets
1 FastEthernet6-0.civ-service1.Canberra.telstra.net (203.50.1.65) 0.442 ms 0.5 ms 0.346 ms
2 GigabitEthernet3-0.civ-core2.Canberra.telstra.net (203.50.10.129) 0.488 ms 0.43 ms 0.363 ms
3 GigabitEthernet2-2.dkn-core1.Canberra.telstra.net (203.50.6.126) 0.642 ms 0.571 ms 0.517 ms
4 Pos4-1.ken-core4.Sydney.telstra.net (203.50.6.69) 3.947 ms 3.856 ms 3.968 ms
5 10GigabitEthernet3-0.pad-core4.Sydney.telstra.net (203.50.6.86) 4.312 ms 4.149 ms 4.178 ms
6 GigabitEthernet0-0.syd-core01.Sydney.net.reach.com (203.50.13.242) 4.374 ms 4.217 ms 4.129 ms
7 i-2-0.per-core01.net.reach.com (202.84.249.225) 53.085 ms 53.117 ms 52.958 ms
8 i-5-0-0.per01.net.reach.com (202.84.142.22) 53.456 ms 53.395 ms 53.285 ms
9 * * *
10 tp-s2-c12r2.router.hinet.net (211.72.233.12) 255.956 ms 255.917 ms 256.006 ms
11 tp-s2-c6r9.router.hinet.net (211.22.35.129) 256.18 ms 256.383 ms 255.973 ms
12 * ms56a.hinet.net (168.95.5.56) 249.711 ms *
  1. From : ¤p±Ó <allopiu@ms56.hinet.net>
  2. Sent : Friday, March 12, 2004 10:12 AM
  3. Subject : Ëק»¨Ó¤F
  4. Received: from .............hotmail.com ([..............]) by .................hotmail.com with Microsoft SMTPSVC(.........); Fri, 12 Mar 2004 08:41:40 -0800
  5. Received: from hotmail.com ([..............]) by ...........hotmail.com with Microsoft SMTPSVC(...............); Fri, 12 Mar 2004 08:40:57 -0800
  6. X-Message-Info: ...........................=
  7. Return-Path: allopiu@ms56.hinet.net
  8. Message-ID: <...........................>
  9. X-OriginalArrivalTime: 12 Mar 2004 16:40:58.0273 (UTC) FILETIME=[.....................]
  10. --------------------
  11. traceroute to ms56.hinet.net (168.95.4.56), 30 hops max, 40 byte packets
  12. 1 FastEthernet6-0.civ-service1.Canberra.telstra.net (203.50.1.65) 0.442 ms 0.5 ms 0.346 ms
  13. 2 GigabitEthernet3-0.civ-core2.Canberra.telstra.net (203.50.10.129) 0.488 ms 0.43 ms 0.363 ms
  14. 3 GigabitEthernet2-2.dkn-core1.Canberra.telstra.net (203.50.6.126) 0.642 ms 0.571 ms 0.517 ms
  15. 4 Pos4-1.ken-core4.Sydney.telstra.net (203.50.6.69) 3.947 ms 3.856 ms 3.968 ms
  16. 5 10GigabitEthernet3-0.pad-core4.Sydney.telstra.net (203.50.6.86) 4.312 ms 4.149 ms 4.178 ms
  17. 6 GigabitEthernet0-0.syd-core01.Sydney.net.reach.com (203.50.13.242) 4.374 ms 4.217 ms 4.129 ms
  18. 7 i-2-0.per-core01.net.reach.com (202.84.249.225) 53.085 ms 53.117 ms 52.958 ms
  19. 8 i-5-0-0.per01.net.reach.com (202.84.142.22) 53.456 ms 53.395 ms 53.285 ms
  20. 9 * * *
  21. 10 tp-s2-c12r2.router.hinet.net (211.72.233.12) 255.956 ms 255.917 ms 256.006 ms
  22. 11 tp-s2-c6r9.router.hinet.net (211.22.35.129) 256.18 ms 256.383 ms 255.973 ms
  23. 12 * ms56a.hinet.net (168.95.5.56) 249.711 ms *
  • starqueen
  • Graduate
  • Graduate
  • User avatar
  • Posts: 122

Post 3+ Months Ago

thanx for sharing, I've reported it to some authorities :D
  • myemailaccount
  • Graduate
  • Graduate
  • myemailaccount
  • Posts: 121
  • Loc: North of Boston

Post 3+ Months Ago

how resent was this e-mail can norton kill it
  • jesselong
  • Newbie
  • Newbie
  • User avatar
  • Posts: 12
  • Loc: Johannesburg, South Africa

Post 3+ Months Ago

BlueHat wrote:
Thanks for the warning...


Linux Lover!!! The other day I called my co-sysadmin (win32 user) over and double clicked a whole bunch of obviously infected files from my Linux box.

He was pretty impressed when absolutely nothing happened. :shock:
  • starqueen
  • Graduate
  • Graduate
  • User avatar
  • Posts: 122

Post 3+ Months Ago

lol oh windows...
  • Vladdrac
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2136
  • Loc: Louisville, Ky

Post 3+ Months Ago

yea linux! I am thinking about getting suse
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Just wait, Linux will get its' share of security problems once it's grown to be as mainstream as Windows. Think about it, if wondows dies what can virus ( I refuse to call them programmers ) makers do but go to the next big thing ?
  • Vladdrac
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2136
  • Loc: Louisville, Ky

Post 3+ Months Ago

especially now that they are now putting a price on one version of red hat
  • Cool#9
  • Graduate
  • Graduate
  • User avatar
  • Posts: 102
  • Loc: Québec

Post 3+ Months Ago

Quote:
Just wait, Linux will get its' share of security problems once it's grown to be as mainstream as Windows. Think about it, if wondows dies what can virus ( I refuse to call them programmers ) makers do but go to the next big thing ?

Well most programmers that makes viruses are from Unix/Linux world, (and some kids on MS visual basic, but that is another story)
Anyhow, I don’t think Linux users are stupid enough to shoot themselves in the foot with their own viruses, some of the purpose of viruses, well a part of it, is to try and tell the world that nearby theirs other stuff than MS and associated companies.
Even if Linux becomes mainstream like windblows, it will never have the ridiculous price tags. Linux as too many flavors for them to even think of raising the OS prices, for the ones that have a price thought!!!
Recent survey shows that MS is dropping slowly but surely! And nothing will stop this good ascension of Linux, us the consumers will only benefit from it!

Just remember the Chevrolet corvette fact, they ad too drop the average price of 60,000$(Can) to about 45,000$(Can), all that just because they didn’t have anymore the exclusivity of the only sport car in America, when competition rises its only good for us, and this rule applies to any industry my buddies, everywhere!!!
Obvious examples;
-Boeing is loosing it to the amazing Airbus industry (already passed Boeing)
-Microsoft is loosing it to Linux (give time)
-In North America, homeland cars is loosing it against imports (in the making)
And I can go without end, when something is better, it’s simply better, the shift occurs inevitably!!!!

I just love underdogs, I will use Linux as soon “Wine” is better, I need windblows to much in this moment, I just acquired a pricey program and can’t be run on Linux, but soooooon! Very soon! :roll:

Cheers!!! :)
PS: I think that mal intentioned hackers are scums! Put your effort in something positive! Jolt MS out of this world the good way! We already know that the average individual not very familiar with computers stuff as only one think to say about Linux “Hacking” , and that is not fair for L.Torvalds :(
  • Vladdrac
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2136
  • Loc: Louisville, Ky

Post 3+ Months Ago

Yeah I wonder how many script kiddies actually use linux
  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

Hehe I got like 30 emails today all with the same size and an attachment. a .pif file. fun stuff!
  • Cool#9
  • Graduate
  • Graduate
  • User avatar
  • Posts: 102
  • Loc: Québec

Post 3+ Months Ago

Well I don’t know how much, but it’s rising rapidly, these tools are open to everyone game enough.
A nice muzzle in the forefront would be great, Mafiosi style! Then maybe they will know that outside is f*ck**g PC world they are nothing, nothing, nothing. :cry:
  • Troubadour
  • Graduate
  • Graduate
  • User avatar
  • Posts: 137
  • Loc: Melbourne, Australia

Post 3+ Months Ago

Vladdrac wrote:
yea linux! I am thinking about getting suse


Novell of Netware fame recently, (Using IBM's gift of 50 million US) bought SUSE linux and a few little side projects to compliment their transition to running the netware suite of tools on a linux kernel as opposed to the netware kernel.

They haven't ever had the marketing pinache of Miscrosoft, but they are a far better server O/S than Windows. (not to mention, overlooked by pretty close to 100% of virus coders.)
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I've been getting tons of these 'emails'. Just now I received this one:

Code: [ Select ]
From: Mail Delivery Service
Subject: Delivery Status Notification

- These recipients of your message have been processed by the mail server:
zjfrxuzdtrg@mail2southdakota.com; Failed; 5.1.1 (bad destination mailbox address)

  Remote MTA 66.28.189.140: SMTP diagnostic: 550 5.1.1 <zjfrxuzdtrg@mail2southdakota.com> is not a valid mailbox
  1. From: Mail Delivery Service
  2. Subject: Delivery Status Notification
  3. - These recipients of your message have been processed by the mail server:
  4. zjfrxuzdtrg@mail2southdakota.com; Failed; 5.1.1 (bad destination mailbox address)
  5.   Remote MTA 66.28.189.140: SMTP diagnostic: 550 5.1.1 <zjfrxuzdtrg@mail2southdakota.com> is not a valid mailbox


Code: [ Select ]
Header info:

X-Message-Info: JGTYoYF78jHidl65NY2SAWbLbkXsoImd
Received: from C9mailgw06.amadis.com ([216.163.188.202]) by mc3-f33.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
     Wed, 17 Mar 2004 23:49:43 -0800
Received: from C9Mailgw04.amadis.com (10.9.0.1) by C9mailgw06.amadis.com (NPlex 6.5.029)
    id 3FBBFCFF03410502 for jrzycrim@msn.com; Wed, 17 Mar 2004 23:47:25 -0800
Received: by C9Mailgw04.amadis.com (NPlex 6.5.029) id 40326F54050769DE for jrzycrim@msn.com; Wed, 17 Mar 2004 23:44:40 -0800
From: Mail Delivery Service <postmaster@mail2world.com>
Subject: Delivery Status Notification
To: jrzycrim@msn.com
Date: Wed, 17 Mar 2004 23:43:37 -0800
Message-ID: <40326F5405076129@C9Mailgw04.amadis.com>
MIME-Version: 1.0
Content-Type: Multipart/Report; report-type=delivery-status; boundary="========/40326F540506AC72/C9Mailgw04.amadis.com"
Return-Path: <>
X-OriginalArrivalTime: 18 Mar 2004 07:49:43.0865 (UTC) FILETIME=[93A54290:01C40CBD]
  1. Header info:
  2. X-Message-Info: JGTYoYF78jHidl65NY2SAWbLbkXsoImd
  3. Received: from C9mailgw06.amadis.com ([216.163.188.202]) by mc3-f33.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
  4.      Wed, 17 Mar 2004 23:49:43 -0800
  5. Received: from C9Mailgw04.amadis.com (10.9.0.1) by C9mailgw06.amadis.com (NPlex 6.5.029)
  6.     id 3FBBFCFF03410502 for jrzycrim@msn.com; Wed, 17 Mar 2004 23:47:25 -0800
  7. Received: by C9Mailgw04.amadis.com (NPlex 6.5.029) id 40326F54050769DE for jrzycrim@msn.com; Wed, 17 Mar 2004 23:44:40 -0800
  8. From: Mail Delivery Service <postmaster@mail2world.com>
  9. Subject: Delivery Status Notification
  10. To: jrzycrim@msn.com
  11. Date: Wed, 17 Mar 2004 23:43:37 -0800
  12. Message-ID: <40326F5405076129@C9Mailgw04.amadis.com>
  13. MIME-Version: 1.0
  14. Content-Type: Multipart/Report; report-type=delivery-status; boundary="========/40326F540506AC72/C9Mailgw04.amadis.com"
  15. Return-Path: <>
  16. X-OriginalArrivalTime: 18 Mar 2004 07:49:43.0865 (UTC) FILETIME=[93A54290:01C40CBD]

And of course, there was an 18kb attachment entitled 'Hi'. Wonder what that could be?? :)
  • conorific
  • Proficient
  • Proficient
  • User avatar
  • Posts: 350
  • Loc: NY

Post 3+ Months Ago

Maggie hath a question:

Why would virus programmers and hackers want in a normal person's PC? IT'S FILLED WITH NOTHING BUT B0RKED WORD DOCUMENTS AND FAVORITES! Is it just to annoy them? *wh33z3*
  • Cool#9
  • Graduate
  • Graduate
  • User avatar
  • Posts: 102
  • Loc: Québec

Post 3+ Months Ago

conorific wrote:
Why would virus programmers and hackers want in a normal person's PC? IT'S FILLED WITH NOTHING BUT B0RKED WORD DOCUMENTS AND FAVORITES! Is it just to annoy them? *wh33z3*

Maybe you have nothing but “B0RKED WORD DOCUMENTS AND FAVORITES”, but allot of us as much more, especially if you own a business!!! :wink:

Post Information

  • Total Posts in this topic: 19 posts
  • Users browsing this forum: No registered users and 34 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.