What's This???

hatton

hatton

Perch
I just received the following email and I'm not quite sure what to do with it -It's from "the Ithinkitsnifty.com team" (which is my domain) and has a ZIP file attachment with an EXE file inside. The file's name appears to be a random string of characters.

Dear user, the management of Ithinkitsnifty.com mailing system wants to let you know that,

Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.

For further details see the attach.

For security purposes the attached file is password protected. Password is "45330".

Have a good day,
The Ithinkitsnifty.com team http://www.ithinkitsnifty.com
Click to expand...

For additional information, here are the message's headers:

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 905 invoked by uid 399); 5 Mar 2004 13:25:43 -0000
Received: from unknown (HELO wmunday) (66.76.23.113)
by sls-ce2p20.dca2.superb.net with SMTP; 5 Mar 2004 13:25:43 -0000
Date: Fri, 05 Mar 2004 07:22:54 -0600
To: [email protected]
Subject: Notify about using the e-mail account.
From: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------igmxorwaefkmkxoisrys"
Click to expand...


Is this some new tool that's been put in place or is this a beast of a different color?
 
I haven't seen this one before, but then again all virus e-mails get nerfed into oblivion before I see them.
It looks like a virus e-mail to me, with some text that tries to confuse you and trick you into launching the executable.

The e-mail originates from some Cox Internet user..
 
SubSpace said:
I haven't seen this one before, but then again all virus e-mails get nerfed into oblivion before I see them.
It looks like a virus e-mail to me, with some text that tries to confuse you and trick you into launching the executable.

The e-mail originates from some Cox Internet user..
Click to expand...
Okay, that's what I was thinking as well... I know that there has been some discussion here about adding filters to the email server and did not know if that was something that has been done or not.

Very tricky way to go about spreading a virus as well. Since the attachment is ZIPed *and* encrypted (password protected) I don't think AntiVirus programs can see it until it's too late!
 
SubSpace said:
I haven't seen this one before, but then again all virus e-mails get nerfed into oblivion before I see them.
It looks like a virus e-mail to me, with some text that tries to confuse you and trick you into launching the executable.

The e-mail originates from some Cox Internet user..
Click to expand...
A little more reasearch turned out that it is indeed a virus. Rather tricky one as well -

It's the W32/Bagle.k@MM virus. More details here:

http://vil.nai.com/vil/content/v_101074.htm

Thanks again for the reply!
 
There is a vast amount of these flowing around at the moment, anything that looks sus to me just goes stright in the trash.
 
There is a virus war going on right now between bagle, mydoom, and netsky. netsky has been grabbing all the attention lately so bagle and mydoom are ramping up their distribution. The virus also contain written attacks against their competitors. Be on the lookout for a lot more like this.
 
Hmm, only 1 Bagle received on my e-mail addies so far, 346 MyDooms and variants, and 3000+ Sobig.Fs at the time, I hope the downwards trend will continue ;)
 
You must log in or register to reply here.
Back
Top