Author |
Message |
thud419
Baiting Guru
Joined: 04 Jan 2006
Posts: 3193
|
Posted:
Thu May 21, 2009 5:18 pm |
|
I received three of these on Tuesday. (My personal account has been used as the From address by a virus. As a result I am on just about every spam list there is.)
It struck me that baiters may just click the attachment without thinking. Don't.
Quote: |
From: "Western Union Support Team" <[email protected]>
To: xxxxxxx
Subject: Western Union Transfer MTCN: 0852096213
Date: Tuesday 03:47:05
Dear Client!
The money transfer you have sent on the 8th of April hasn't been received by the recipient.
Due to the Western Union contract the transfers which are not collected in 30 business days are to be returned to sender.
To collect funds you need to print the invoice attached to this mail and visit the nearest Western Union branch.
Thank you! |
Attached is a zip file containing an exe file. I assume it is malware of some sort.
The headers for what they're worth:
Quote: |
X-Virus-Flag: no
Return-path: <[email protected]>
Delivery-date: Tue, 19 May 2009 03:50:56 +0100
Received: from [222.254.142.232] (helo=localhost)
by jupiter with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1M6FPE-0007xd-OH
for xxxxx; Tue, 19 May 2009 03:50:56 +0100
Received: from 222.254.142.232 by mx2.hotmail.com; Tue, 19 May 2009 09:47:05 +0700
From: "Western Union Support Team" <[email protected]>
To: xxxxxxxxx
Subject: Western Union Transfer MTCN: 0852096213
Date: Tue, 19 May 2009 09:47:05 +0700
Message-ID: <000d01c9d82c$187b1550$6400a8c0@oqpbct>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01C9D82C.187B1550"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.499545, version=1.1.7
X-UID:
Status: R
X-Status: NT
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent: |
That looks spoofed to me: it appears to be sent from Hotmail, but I don't think it is; it's sent direct to my mail server. |
_________________ Click here to feel warm and cozy.
I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Barr. Cole
x14
x 0.25 won from Reaper in a sucker's bet
x8 x several |
|
|
|
John Henry Eden
Wannabe Baiter
Joined: 22 Mar 2009
Posts: 99
Location: Raven Rock
|
Posted:
Thu May 21, 2009 5:38 pm |
|
Yeah, never run an exe you got off e-mail. Even from someone you know unless you are expecting it and scan the file with several different anti-virus programs. |
_________________
Quote: |
Stamp fee: $5 Dollars
Security keeping fee : $9 Dollars
Total :$95 Dollars |
5 + 9 = 95
It all makes sense now! |
|
|
|
atlanteana
Wannabe Baiter
Joined: 20 Apr 2009
Posts: 95
Location: where i am right now
|
Posted:
Thu May 21, 2009 6:18 pm |
|
would it be worth while sending a copy if the text in that message to ma lad along with a w-u form tomake it look real ? |
_________________ happiness lies at the end of the road |
|
|
|
r2d2
Master of Master Baiters
Joined: 19 Apr 2009
Posts: 796
Location: in a galaxy far far away
|
Posted:
Thu May 21, 2009 9:09 pm |
|
^^ i hope you're not suggesting sending malware? |
|
|
|
|
LegolasGreenleaf
Master Baiter
Joined: 21 May 2009
Posts: 126
Location: Mirkwood
|
Posted:
Thu May 21, 2009 9:34 pm |
|
Sound similar to the 'UPS Virus' I've seen lately. Says you have a shipment not delivered or something, please print the document.
It's just particulary nasty bit of spyware and also a trojan that downloads more spyware. I've never seen anything really ugly like a keylogger or data stealer of some other type come with it. Annoying as hell though, and very hard to remove. |
|
|
|
|
atlanteana
Wannabe Baiter
Joined: 20 Apr 2009
Posts: 95
Location: where i am right now
|
Posted:
Thu May 21, 2009 9:39 pm |
|
most certainly not . if you havbve a lazy lad who is doubting your sending the money cut and past the text into an e-mail of your own saying you just got this fomr westrn onion . try to get the lad to go to the office and embarass himself . it would be nice to send some malware but i know that its unethical and therefore i wou'nt do it ( honest , i would'nt ! ) |
_________________ happiness lies at the end of the road |
|
|
|
John Henry Eden
Wannabe Baiter
Joined: 22 Mar 2009
Posts: 99
Location: Raven Rock
|
Posted:
Thu May 21, 2009 10:03 pm |
|
Interesting idea atlanteana. Have a template of this:
Quote: |
From: "Western Union Support Team" <[email protected]>
To: [YOUR E-MAIL]
Subject: Western Union Transfer MTCN: [MTCN HERE]
Date: [DATE]
Dear Client!
The money transfer you have sent on the [#th] of [MONTH] hasn't been received by the recipient.
Due to the Western Union contract the transfers which are not collected in 30 business days are to be returned to sender.
To collect funds you need to print the invoice attached to this mail and visit the nearest Western Union branch.
Thank you! |
And send it to the lads when they claim that you gave them a bad MTCN. |
_________________
Quote: |
Stamp fee: $5 Dollars
Security keeping fee : $9 Dollars
Total :$95 Dollars |
5 + 9 = 95
It all makes sense now! |
|
|
|
GSN_fan
Hellish Taskmaster
Joined: 31 Dec 2008
Posts: 537
|
Posted:
Fri May 22, 2009 2:11 am |
|
^ No virus attached, I hope?
There are WU forms that you can get. |
_________________ x12
x23
x6 x4 x2 x2
Listen very openly Barrister Koffi Adams forward to this or what you sent to him how der you sent such a thing to him with is age am very disapointed in you if by your next mail you could not comeplete sending the right way sorry.
Even my little child know how to send money and give to the taker on how to take it so
Austria is a the name of a country near Australia.
This are the details we required from you so our customer cab infect payment to you.
Our is not ready to receive your incandesces message
send to me their pin code and asses code
Click here to support 419Eater.com |
|
|
|
John Henry Eden
Wannabe Baiter
Joined: 22 Mar 2009
Posts: 99
Location: Raven Rock
|
Posted:
Fri May 22, 2009 12:06 pm |
|
I believe atlanteana's idea was just text. No attachments. I would assume you would send a message to your lad saying "Why did you not collect the funds yet? I got this from WU" then paste in the text. |
_________________
Quote: |
Stamp fee: $5 Dollars
Security keeping fee : $9 Dollars
Total :$95 Dollars |
5 + 9 = 95
It all makes sense now! |
|
|
|
|