SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 WARNING: Malware that may be especially dangerous to us

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Thu May 21, 2009 5:18 pm Reply with quoteBack to top

I received three of these on Tuesday. (My personal account has been used as the From address by a virus. As a result I am on just about every spam list there is.)

It struck me that baiters may just click the attachment without thinking. Don't.

Quote:
From: "Western Union Support Team" <[email protected]>
To: xxxxxxx
Subject: Western Union Transfer MTCN: 0852096213
Date: Tuesday 03:47:05

Dear Client!

The money transfer you have sent on the 8th of April hasn't been received by the recipient.
Due to the Western Union contract the transfers which are not collected in 30 business days are to be returned to sender.
To collect funds you need to print the invoice attached to this mail and visit the nearest Western Union branch.

Thank you!

Attached is a zip file containing an exe file. I assume it is malware of some sort.

The headers for what they're worth:
Quote:
X-Virus-Flag: no
Return-path: <[email protected]>
Delivery-date: Tue, 19 May 2009 03:50:56 +0100
Received: from [222.254.142.232] (helo=localhost)
by jupiter with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1M6FPE-0007xd-OH
for xxxxx; Tue, 19 May 2009 03:50:56 +0100
Received: from 222.254.142.232 by mx2.hotmail.com; Tue, 19 May 2009 09:47:05 +0700
From: "Western Union Support Team" <[email protected]>
To: xxxxxxxxx
Subject: Western Union Transfer MTCN: 0852096213
Date: Tue, 19 May 2009 09:47:05 +0700
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01C9D82C.187B1550"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Importance: Normal
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.499545, version=1.1.7
X-UID:
Status: R
X-Status: NT
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:


That looks spoofed to me: it appears to be sent from Hotmail, but I don't think it is; it's sent direct to my mail server.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
John Henry Eden
Wannabe Baiter


Joined: 22 Mar 2009
Posts: 99
Location: Raven Rock


PostPosted: Thu May 21, 2009 5:38 pm Reply with quoteBack to top

Yeah, never run an exe you got off e-mail. Even from someone you know unless you are expecting it and scan the file with several different anti-virus programs.

_________________
Quote:
Stamp fee: $5 Dollars
Security keeping fee : $9 Dollars
Total :$95 Dollars

5 + 9 = 95
It all makes sense now!
View user's profileSend private message
atlanteana
Wannabe Baiter


Joined: 20 Apr 2009
Posts: 95
Location: where i am right now


PostPosted: Thu May 21, 2009 6:18 pm Reply with quoteBack to top

would it be worth while sending a copy if the text in that message to ma lad along with a w-u form tomake it look real ?

_________________
happiness lies at the end of the road
View user's profileSend private message
r2d2
Master of Master Baiters


Joined: 19 Apr 2009
Posts: 796
Location: in a galaxy far far away


PostPosted: Thu May 21, 2009 9:09 pm Reply with quoteBack to top

^^ i hope you're not suggesting sending malware?
View user's profileSend private messageSend e-mail
LegolasGreenleaf
Master Baiter


Joined: 21 May 2009
Posts: 126
Location: Mirkwood


PostPosted: Thu May 21, 2009 9:34 pm Reply with quoteBack to top

Sound similar to the 'UPS Virus' I've seen lately. Says you have a shipment not delivered or something, please print the document.

It's just particulary nasty bit of spyware and also a trojan that downloads more spyware. I've never seen anything really ugly like a keylogger or data stealer of some other type come with it. Annoying as hell though, and very hard to remove.
View user's profileSend private message
atlanteana
Wannabe Baiter


Joined: 20 Apr 2009
Posts: 95
Location: where i am right now


PostPosted: Thu May 21, 2009 9:39 pm Reply with quoteBack to top

most certainly not . if you havbve a lazy lad who is doubting your sending the money cut and past the text into an e-mail of your own saying you just got this fomr westrn onion . try to get the lad to go to the office and embarass himself . it would be nice to send some malware but i know that its unethical and therefore i wou'nt do it ( honest , i would'nt ! )

_________________
happiness lies at the end of the road
View user's profileSend private message
John Henry Eden
Wannabe Baiter


Joined: 22 Mar 2009
Posts: 99
Location: Raven Rock


PostPosted: Thu May 21, 2009 10:03 pm Reply with quoteBack to top

Interesting idea atlanteana. Have a template of this:

Quote:
From: "Western Union Support Team" <[email protected]>
To: [YOUR E-MAIL]
Subject: Western Union Transfer MTCN: [MTCN HERE]
Date: [DATE]

Dear Client!

The money transfer you have sent on the [#th] of [MONTH] hasn't been received by the recipient.
Due to the Western Union contract the transfers which are not collected in 30 business days are to be returned to sender.
To collect funds you need to print the invoice attached to this mail and visit the nearest Western Union branch.

Thank you!


And send it to the lads when they claim that you gave them a bad MTCN.

_________________
Quote:
Stamp fee: $5 Dollars
Security keeping fee : $9 Dollars
Total :$95 Dollars

5 + 9 = 95
It all makes sense now!
View user's profileSend private message
GSN_fan
Hellish Taskmaster


Joined: 31 Dec 2008
Posts: 537


PostPosted: Fri May 22, 2009 2:11 am Reply with quoteBack to top

^ No virus attached, I hope?

There are WU forms that you can get.

_________________
Cellphone x12
Closed lad accounts x23
United Kingdom x6 United States x4 Nigeria Australia Switzerland Russia x2 x2 Germany

Listen very openly Barrister Koffi Adams forward to this or what you sent to him how der you sent such a thing to him with is age am very disapointed in you if by your next mail you could not comeplete sending the right way sorry.

Even my little child know how to send money and give to the taker on how to take it so

Austria is a the name of a country near Australia.

This are the details we required from you so our customer cab infect payment to you.

Our is not ready to receive your incandesces message

send to me their pin code and asses code
Click here to support 419Eater.com
View user's profileSend private message
John Henry Eden
Wannabe Baiter


Joined: 22 Mar 2009
Posts: 99
Location: Raven Rock


PostPosted: Fri May 22, 2009 12:06 pm Reply with quoteBack to top

I believe atlanteana's idea was just text. No attachments. I would assume you would send a message to your lad saying "Why did you not collect the funds yet? I got this from WU" then paste in the text.

_________________
Quote:
Stamp fee: $5 Dollars
Security keeping fee : $9 Dollars
Total :$95 Dollars

5 + 9 = 95
It all makes sense now!
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT