Gossamer Forum
Home : General : Chit Chat :

LMAO..how stupid do they think we are?

Quote Reply
LMAO..how stupid do they think we are?
LOL.. do they really think people believe that M$ send out security updates via email? Laugh


---------------------------

Microsoft Customer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to continue keeping your computer secure. This update includes the functionality of all previously released patches.


---------------------------



...attached was a virus Tongue

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
What a suprise :p

Quote:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

tlhubjqp@advisor.com
SMTP error from remote mailer after RCPT TO:<tlhubjqp@advisor.com>:
host mail1.advisor.com [66.63.146.11]: 550 tlhubjqp@advisor.com... No such user

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
Just think of the percentage of people who actually install it thinking it's legit :/

~Charlie
Quote Reply
Re: [Chaz] LMAO..how stupid do they think we are? In reply to
For those poor people... that god for antivirus software Tongue

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
Yep...received three of those messages today...may be a disguise for the SoBig G virus?
========================================
Buh Bye!

Cheers,
Me
Quote Reply
New Email Virus: Targets Hole in Internet Explorer In reply to
Found this news story:

http://story.news.yahoo.com/...nm/tech_worm_swen_dc

That email that Andy alerted us contains a virus that targets holes in Internet Explorer...

BTW: McAfee did send me an automatic update today, so it looks like this virus is within McAfee's recent virus definitions.
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
These fake MS emails are nearly identical to ones that were being sent out back in February. I've received two of these last week, the first already had the virus removed, while the second for whatever reason managed to go through my mail server but PC-cillin caught it before I even got to my inbox to read the message :-)

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [fuzzy logic] LMAO..how stupid do they think we are? In reply to
holy crap!! just checked my mail. I received over 45 copies of WORM_SWEN.A, some from "Microsoft", and some from fake return undeliverable messages while I was at work. Some of the emails are now sporting chunks of Microsofts web page layout to make it look authentic.

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [fuzzy logic] LMAO..how stupid do they think we are? In reply to
Adrian just forwarded me this post from bugtraq:

Quote:
Joe Stewart of Lurhq.com has made an interesting discovery about the new
Swen/Gibe.F worm that started circulating today: When the worm infects
a new machine, it hits a Web counter.

The URL of the counter is:


http://ww2.fce.vutbr.cz/...dth=6&set=cnt006

If this URL wraps in your email reader, here's a shorter version:

http://tinyurl.com/nufo

At 2:30 EST, the counter is about 615,000.

Here's a bit more about the worm:

http://news.com.com/2100-7349_3-5078696.html

The server log entries for this counter might prove interesting to virus
researchers. These entries could provide data for a statistical study
of computer worm transmissions. Perhaps the Vutbr.cz Web site would be
willing to go public with this information.

He also pointed out that visiting this link bumps the counter, however that's probably a small fraction of hits.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [fuzzy logic] LMAO..how stupid do they think we are? In reply to
In Reply To:
holy crap!! just checked my mail. I received over 45 copies of WORM_SWEN.A, some from "Microsoft", and some from fake return undeliverable messages while I was at work. Some of the emails are now sporting chunks of Microsofts web page layout to make it look authentic.

Yeah...my one did too. It just didn't show up very well in the forum cos of the tables :(

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
How nice... I got anothe 115 copies while I was sleeping, bringing my total to 169.

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [fuzzy logic] LMAO..how stupid do they think we are? In reply to
Only received one so far (touch wood) Smile

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
This is not the SOBIG virus...found out via the following article:

http://story.news.yahoo.com/...20030919/tc_nf/22328

Although this particular virus has been upgraded to the "highest" security level due to its penetration rate via IRC and P2P, not just email.
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] LMAO..how stupid do they think we are? In reply to
Speaking of whacky emails... I keep getting these (see pic below) - and when I look at the source I see this:

<html><body>
<img border=0
src="http://us.i1.y&#105;mg.com/us.yimg.com/i/fi/main4.gif">
<FONT COLOR="#FFFFFF" SIZE="1">z xzibrxt gegelmw ep</FONT><br><FONT COLOR="#FFFFFF" SIZE="1">u eaeql</FONT><br>
<font face=arial>
Vis&#105;t a &#89;ahoo&#33; F&#105;nancial Prof&#105;le page: <a
href="http://f&#105;nance.y&#97;hoo.com/q?s=BLDP">Cl&#105;ck
Here</a><FONT COLOR="#FFFFFF" SIZE="1">n mtwydqq qhafvnd jvzie</FONT><br><FONT COLOR="#FFFFFF" SIZE="1">w wvxkgpard rgizfhgje xfriy</FONT><br>
V&#105;sit a &#89;ahoo&#33; F&#105;nancial N&#101;ws page: <a
href="http://b&#105;z.y&#97;hoo.com/bw/030917/175676_1.html">Cl&#105;ck
H&#101;re</a><FONT COLOR="#FFFFFF" SIZE="1">h rlaakbq tdlbcbu </FONT><br><FONT COLOR="#FFFFFF" SIZE="1">t djbzdtni rskiwpaz uzj</FONT><br><FONT COLOR="#FFFFFF" SIZE="1">g uwskz lwqkd </FONT><br><br><a
href="http://f&#105;nance.y&#97;hoo.com/q?s=BLDP">Uns&#117;bscribe
Her&#101;</a>
</font>
</body></html>

I guess they are using the codes to avoid spam detection (?) - also notice the "white" (hidden) letters also.

So, why are they sending spam that simply takes a user to yahoo.com ? I don't quite get it. Does anyone see anything I don't see? Are they using the graphic at the top as somekind of counter?
Quote Reply
Re: [Watts] LMAO..how stupid do they think we are? In reply to
BTW

http://us.i1.yimg.com/us.yimg.com/i/fi/main4.gif

brings up the little yahoo image at the top... tried going to network solutions and do a whois to see if yimg.com is registered to yahoo or not, but the stupid whois look up won't return any results on this domain, no "error" or "not found" it just simply ignores the entry. Arrgghh! What a bunch of f--king freaks! I hate crap like that.
Quote Reply
Re: [Watts] LMAO..how stupid do they think we are? In reply to
Quote:
[root@www admin]# whois yimg.com
[whois.crsnic.net]

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: YIMG.COM
Registrar: ALLDOMAINS.COM INC.
Whois Server: whois.alldomains.com
Referral URL: http://www.alldomains.com
Name Server: NS1.YAHOO.COM
Name Server: NS5.YAHOO.COM
Name Server: NS2.YAHOO.COM
Name Server: NS3.YAHOO.COM
Name Server: NS4.YAHOO.COM
Status: REGISTRAR-LOCK
Updated Date: 19-dec-2002
Creation Date: 14-may-1997
Expiration Date: 15-may-2012

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
Lucky bastard Tongue my count is up to 459 now. I'm curious how many copies Alex and the gang have got.

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [fuzzy logic] LMAO..how stupid do they think we are? In reply to
Still only got one through. I normally get millions (not literally) .... cos my ace-installer.com is pretty well linked over the internet, and spambots/people who somehow have my email address, are quite high. Last year, I got 400+ of one virus :(

Not sure if it is the virus/spam filter on my new server thats picking these viruses up; or if I'm just not getting many!

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Andy] LMAO..how stupid do they think we are? In reply to
If it's going through your server on Gossamer, the virus filter is catching it. You probably got one originally as it got through before the virus db was updated.

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [Alex] LMAO..how stupid do they think we are? In reply to
>>>You probably got one originally as it got through before the virus db was updated. <<<

Nah, that one came through on ace-installer.com, which is still on my old host (without virus checking). Must be that your server is picking them all up :) Good job!

Cheers

Andy (mod)
andy@ultranerds.co.uk
Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!
Quote Reply
Re: [Alex] LMAO..how stupid do they think we are? In reply to
hm... Carston said he had Jack turn on virus checking on our server and I have noticed "X-Antivirus: Clean" or something to that affect in the message header for the past day or so. However, PC-cillin is still catching Swen in the email attachment. Any idea what's going on here?

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [fuzzy logic] LMAO..how stupid do they think we are? In reply to
Hi,

Hmm, that's very strange, I just checked the logs, and today alone 185 Worm.Gibe.F have been quarantined on your server.

If possible, can you send me a copy of the full message so I can take a look?

Cheers,

Alex
--
Gossamer Threads Inc.

Last edited by:

Alex: Sep 20, 2003, 3:59 PM