Gossamer Forum
Home : General : Chit Chat :

New breed of virus

Quote Reply
New breed of virus
Wow, here's an interesting one I just got:

Code:
To: alex@gossamer-threads.com
Subject: Email account utilization warning.
From: staff@gossamer-threads.com

Dear user of Gossamer-threads.com,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

Advanced details can be found in attached file.

For security purposes the attached file is password protected. Password is "52836".

Kind regards,
The Gossamer-threads.com team http://www.gossamer-threads.com

and the attachment is a password protected zip file (locked so that virus scanners can't scan the content).

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] New breed of virus In reply to
Hmmmmm........pretty evil Mad

------------------------------------------
Quote Reply
Re: [Alex] New breed of virus In reply to
You would have to be pretty silly to open it though :( Especially with the state the Net is in at the moment with all these viruses going around :(

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Alex] New breed of virus In reply to
Got something similar [W32.Beagle.A@mm]:

Dear user, the management of Shaw.ca mailing system wants to let you know that,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

For details see the attach.

The Management,
The Shaw.ca team http://www.shaw.ca

----
Cheers,

Dan
Founder and CEO

LionsGate Creative
GoodPassRobot
Magelln
Quote Reply
Re: [Alex] New breed of virus In reply to
Oh, that was just me. ;-)

/joke. honestly.

- wil
Quote Reply
Re: [Wil] New breed of virus In reply to
Sounds like a varient of the W32/Bagle-* family. They come with password protected ZIPed files. Very clever. Whatever next?

- wil
Quote Reply
Re: [Alex] New breed of virus In reply to
Quote:
For security purposes the attached file is password protected. Password is "52836".

Yeah... right... Would anyone with an ounce of common sense not see the problem with this. Real secure if you put the password in the email.
Quote Reply
Re: [Alex] New breed of virus In reply to
They don't seem to be nearly as effective as the SCO/MyDoom one's. In the last three days:

Code:
[root@gossamer quar]# grep -h 'X-AntiVirus-Report' * | sort | uniq -c | sort -n -r
398 X-AntiVirus-Report: Worm.SCO.A-dam FOUND
327 X-AntiVirus-Report: Worm.SCO.A FOUND
240 X-AntiVirus-Report: Worm.SomeFool FOUND
192 X-AntiVirus-Report: Worm.SomeFool.B-petite FOUND
112 X-AntiVirus-Report: Worm.SomeFool.D FOUND
89 X-AntiVirus-Report: Worm.Bagle.F-zippwd-3 FOUND
63 X-AntiVirus-Report: Worm.SomeFool.B FOUND
42 X-AntiVirus-Report: Worm.Mydoom.F FOUND
38 X-AntiVirus-Report: Worm.Sober.C1 FOUND
23 X-AntiVirus-Report: Worm.Bagle.C FOUND
20 X-AntiVirus-Report: Worm.Bagle.E FOUND
19 X-AntiVirus-Report: Worm.MyDoom.E.UPX FOUND
16 X-AntiVirus-Report: Worm.Bagle.A3 FOUND
15 X-AntiVirus-Report: Worm.SomeFool.Gen-1 FOUND
12 X-AntiVirus-Report: Worm.Bagle.Gen-1 FOUND
7 X-AntiVirus-Report: Worm.Bagle.J FOUND
6 X-AntiVirus-Report: Worm.Dumaru.K FOUND
6 X-AntiVirus-Report: Worm.Bagle.Gen-2 FOUND
4 X-AntiVirus-Report: Worm.SomeFool.Gen-2 FOUND
4 X-AntiVirus-Report: Worm.Dumaru.Y FOUND
3 X-AntiVirus-Report: Worm.Dumaru.A FOUND
2 X-AntiVirus-Report: Worm.Gibe.F FOUND
1 X-AntiVirus-Report: Worm/Klez.H FOUND
1 X-AntiVirus-Report: Worm.SCO.A.enc FOUND
1 X-AntiVirus-Report: Worm.Bagle.F-zippwd-3
[root@gossamer quar]#

Either people are wisening up, or more likely, password protected zips are just too complex. =)

Cheers,

Alex
--
Gossamer Threads Inc.