SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Fake virus warnings...?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Yastreb
Demented Opportunist


Joined: 04 Apr 2006
Posts: 15088
Location: Leading my wolf pack


PostPosted: Tue Jul 10, 2007 12:05 pm Reply with quoteBack to top

I've had some odd spam show up today, including two "virus warnings" that I have the gravest suspicions about.

Each has the same text:
Quote:
Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.


The boldfaced phrase was a link that I didn't follow. I did a properties check and found this:
Quote:
?c955099675c50080d0229e368412571d7d
Protocol: HyperText Transfer Protocol
Type: 11/?C955099675C50080D0229E368412571D7D
Address: http://74.69.xxxxx
URL: c955099675c50080d0229e368412571d7d


I'm assuming it's a sneaky way to get people to upload a virus.

Mod edit - I have xxxxx out part of the url to stop people from accidentally clicking on it - SP

_________________
I will heed the advice of a polite horse for it is written that more flies are caught with honey than vinegar... although assault carbines and monstrous wolves are still fun.

"I aim to misbehave."

Asena - Pretty Rose
United Kingdom x5 Spain New Zealand Senegal Ghana x2 Benin Closed lad accounts x 185
Safari x 4 - Oyenka Chidinma - Lagos to Cotonou; Dickyboi - Lagos to Accra; Femmy - Lagos to Porto Novo; "Woody" - Accra to Singapore
Sand Timer x 7: Dufus & Abavana/Capt Joseph Annan/Victor Walla/Ohene Agyekum/James Jeffrey/Peace Akpobor & John Mensah/Tony Kalaby & Addo Gilbert
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Tue Jul 10, 2007 12:09 pm Reply with quoteBack to top

Yes.

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
ratter
Master of Master Baiters


Joined: 03 Jun 2007
Posts: 630
Location: Disembarking at Duvalier Airport


PostPosted: Tue Jul 10, 2007 12:31 pm Reply with quoteBack to top

I got the whole IP before TS xxx'd it. That address is dead at the moment; perhaps his mom made him go to bed and turn off his computer.

I'd say your instinct is spot on. I was going to hit it from a Linux box and see what was there (without the /? at the end).

Did you get the same addy when you hover the cursor over the link in the email? It actually looks like a misformed version of this:

http://74.69.xxx.xxx/?c955099675c50080d0229e368412571d7d

Googling on that long hex number after the ? led me to a Japanese forum filled with spam. The IP addy before your hex number is 76.197.xxx.xxx and it's also dead. The bait on that one was a fake greeting card.

Mod comment: Ratter, that was SP, not I. Wink TS

_________________
Closed lad accounts xseveral

United KingdomUnited StatesNigeriaSpainSwitzerlandBeninNetherlandsCanadaGhanaItalyIrelandMalaysiaUnited Nations = 56

Goat

PayPal Modality
View user's profileSend private message
bill2
Baiting Guru


Joined: 10 Sep 2006
Posts: 5496
Location: Yeah who can tell me where I am?


PostPosted: Tue Jul 10, 2007 1:31 pm Reply with quoteBack to top

Got another one today different IP# in link, got a rule set up so I won't see them again Rolling Eyes Will go over without thinking about it, just wondering where I dropped that addy to receive this. Guess it's time to drop that addy and get a fresh one.

_________________
I don't do bling, I just do lads Evil or Very Mad
View user's profileSend private message
TheGreatOok
CATBINGO


Joined: 25 May 2007
Posts: 2355
Location: Lost in L-Space


PostPosted: Tue Jul 10, 2007 1:39 pm Reply with quoteBack to top

Yes, we were discussing that worm here, but it probably should be in general rather than help.

_________________
For Free Bananas Click Here!
HYIP: pyramid x3 Banks: United Arab Emirates
Pith Helmet Samuel - Ziguinchor, SE to Dakar, SE - 264 km through Gambia Helping JojoBean

"I knew rigth from the first time you sent email to me that,you are a bloody *DELETED*" - Sgt Daniel Vess
"I NO BLAME U NA DI DIRTY TOTO WEN BORN U NA IM I BLAME. CATBINGO" - Lee Wong
"I AM EQUAL TO A MENTAL RETARDED PERSON" - Alvan Ben
"You have pushed me to the wall and i will make you smell yourself i bet." - George Martins
"THE FOOL STOLE YOUR US$755, HE DOES NOT DESERVE TO LEAVE ON THE PLANET" - Jim Ovia

pony pony - for a perfect brown nosing job. Wink

pony Mortar x4
View user's profileSend private messageSend e-mailVisit poster's websiteSkype Name
ratter
Master of Master Baiters


Joined: 03 Jun 2007
Posts: 630
Location: Disembarking at Duvalier Airport


PostPosted: Tue Jul 10, 2007 1:44 pm Reply with quoteBack to top

Ook, thanks for the pointer.

SP, sorry, I'm used to blaming TS for everything. Very Happy

_________________
Closed lad accounts xseveral

United KingdomUnited StatesNigeriaSpainSwitzerlandBeninNetherlandsCanadaGhanaItalyIrelandMalaysiaUnited Nations = 56

Goat

PayPal Modality
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT