SmartFeedSmartFeed          



WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Someone Keeps Sending me Viruses

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
LeeScambait
Hello I'm New here!


Joined: 28 Nov 2019
Posts: 19
Location: The Netherlands


PostPosted: Mon Mar 23, 2020 7:57 am Reply with quoteBack to top

Hello 419 Eater!

On the 20th of March I received a strange email pretending to be from a hospital,It asked the recipients to open the attached file because supposedly it was a purchase order.

One thing I noticed was the weird .rar ending.

Just to be safe I downloaded and opened the file in a Windows 7 Virtual Machine and ran it thru Virus Total.

My suspicion was correct, it was a Trojan.

Fast Forward to today and I received an email again from the same name and same spoofed email with another 1 MB .rar file.

It seems like the guy send the same virus again because he thinks that it failed last time.

This time I finally figured out how to open the Task Manager and it was not surprising to find that the file was running in the background.

I don't know how to post pictures on here so I posted all of them on postimage
https://postimg.cc/gallery/3e0aiq9r0/


If anyone wants to analyse the file he send me, send me a message.

Also I am sorry if this is posted in the wrong place.

_________________
Closed lad accounts

"You are idiot you are fool infact you are nicompoo"
"Ask your mother fu**** a** and ask your dad to open his a** and stick a wood on it your will get a loan from your mama a**"

"LOOK WE HAVE WARNED YOU MANY TIME THIS IS NOT A PLAY GROUNG OR A GAME
PLACE BE WAREND FOR THE LAST TIME"
"Juju Monkey"
View user's profileSend private messageSkype Name
bikeatl77
** WARNED **


Joined: 17 Nov 2018
Posts: 978
Location: Emptying one of my dehumidifiers...somewhere


PostPosted: Mon Mar 23, 2020 9:01 am Reply with quoteBack to top

Eater doesn't deal with this type of thing but I'm glad you used a VM to open the file. RAR is similar to a zip file. Multiple files are packaged in a RAR that extract when you open it. They probably put the RAR into a zip file to help it bypass your mail provider's filters. I'd mark the email as spam to help your mail provider block subsequent resends and move on with life. There's not much more you can do than that. Definitely destroy that VM instance though...there's no telling what lurks in it now.
View user's profileSend private message
LeeScambait
Hello I'm New here!


Joined: 28 Nov 2019
Posts: 19
Location: The Netherlands


PostPosted: Mon Mar 23, 2020 9:18 am Reply with quoteBack to top

Thanks for letting me know!

I reported it to Protonmail and I always destroy VMs after downloading these things.

_________________
Closed lad accounts

"You are idiot you are fool infact you are nicompoo"
"Ask your mother fu**** a** and ask your dad to open his a** and stick a wood on it your will get a loan from your mama a**"

"LOOK WE HAVE WARNED YOU MANY TIME THIS IS NOT A PLAY GROUNG OR A GAME
PLACE BE WAREND FOR THE LAST TIME"
"Juju Monkey"
View user's profileSend private messageSkype Name
bware419ers
419Eater Admin


Joined: 25 Jun 2012
Posts: 21186
Location: Searching for the Platinum Piggie


PostPosted: Mon Mar 23, 2020 12:40 pm Reply with quoteBack to top

Moved here.

As mentioned, this isn't Advance Fee Fraud or what we deal with, however...

We probably don't emphasize it enough, but, for safety's sake, you should never open any file a lad sends. If it claims to be a word processing document (WORD or PDF), tell the lad your computer says it's corrupted. Same with an Excel file. If you see an extension you don't recognize, certainly do not open it.

While most low-level AFF lads aren't adept at malicious files or links, many "seasoned" and successful lads diversify and take every advantage they can.

_________________
| SCAMWARNERS | PREMIUM | REQUIRED READING | REPORT BANK ACCOUNTS | FOLLOW 419EATER ON TWITTER

Golden Pig Vcamera Closed lad accounts X 6820
The Church of the Old Gods Sand Timer Safari X 17 Tattoo
Goat Mortar Flying Monkey Mc Fry Jack Boot Easter 2015 Santa Whip

Black Ribbon "FFS." - Capone
Black Ribbon - Toomuchfun
Black Ribbon - Irishemigrant
"I started to read it but got bored after the first couple of sentences." - SOOI
"Remind me not to get on your bad side." - jose_cuervo
View user's profileSend private message
B8er
Associate Boomdazzler


Joined: 16 Feb 2009
Posts: 13606
Location: In self-isolation practicing social distancing


PostPosted: Mon Mar 23, 2020 12:55 pm Reply with quoteBack to top

Even low-level lads are a big risk of passing on viruses. Some people will think sending a virus to a scammer is a good idea, lads pass around files between them and many will still work in Internet cafes so there's a very good chance that even the most technically inept scammer may unknowingly send you a virus.

If you really must know what's in a Word/Excel/PDF document or image and you're on Gmail then you can view it from within Gmail itself (assuming you are using the webmail and not a mail client). And other mail providers probably do similar.

_________________
"I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
Safari x 5 Tattoo Golden Pig Easter 2015 Vcamera
United KingdomUnited StatesNigeriaMalaysiaNetherlandsThailandCanadaUnited Arab EmiratesUnited NationsAustraliaSenegalSpainBeninChinaDenmarkGhanaIvory CoastKorean FlagSouth AfricaSwedenBurkina FasoCambodia FlagcameroonGermanyHong KongIndonesiaJapanNew ZealandSwitzerlandTogoTurkeyUkraine x 335 Elite Ninja Team Member Whip 🚽
Cellphone x 4 Closed lad accounts x 1746 x 1904 - Fake cheques: $4,392,620.83
Safari Team Woody - Ghana to Singapore - 11535km
View user's profileSend private messageSkype Name
Connie L. Gus
Moderator


Joined: 07 Oct 2005
Posts: 7234
Location: Somewhere over the rainbow


PostPosted: Mon Mar 23, 2020 4:38 pm Reply with quoteBack to top

I suggest to always ask that any Word or Excel file be converted into a PDF and any PDF you receive from a lad be converted into a DOCX. Don't bother looking at them, tell the lad that he then needs to move the information into the body of the email text. They will and end up giving you even more attention.

_________________
Mortar x8 Purple Flower Easter Egg Santa
LISTEN TO ME WHAT DO YOU TAKE ME FOR ONE OF THOSE CHEAP CROOK OR WHAT -tobi donito
Closed lad accounts-a few, United Nations
LISTEN I CAN NOT TAKE YOUR SHIT ANY LONGER WE HAVE WHROTE A PETITION AGAINST YOU TO THE FBI WITH ALL OUR EVIDENCE YOU ARE INTO PROSTITUTION,DRUG DEALING, FORGERY, CREDIT CARDS FORGRY WESTEN UNION FALSIFICATION,DRUGING MEN,COMMETING MURDER, STEALING, DRUNCARD, ALL THIS WE HAVE THE EVIDENCE TO PROOF OUR CASE AGAINST YOU.-Johnson Hill
SafariI am not finding it any funny...Henry A., Lagos, Nigeria to Cotonou, Benin, WIMPed
Safari I am stranderd. Henry A. Lagos to Accra, WIMPed for 67 days.
* Help Keep Eater Running - Click here to donate
View user's profileSend private message
LeeScambait
Hello I'm New here!


Joined: 28 Nov 2019
Posts: 19
Location: The Netherlands


PostPosted: Tue Mar 24, 2020 2:28 am Reply with quoteBack to top

Yes B8er, As far as I know GMX and Gmail give you the Ability to preview a file instead of opening or downloading it.

_________________
Closed lad accounts

"You are idiot you are fool infact you are nicompoo"
"Ask your mother fu**** a** and ask your dad to open his a** and stick a wood on it your will get a loan from your mama a**"

"LOOK WE HAVE WARNED YOU MANY TIME THIS IS NOT A PLAY GROUNG OR A GAME
PLACE BE WAREND FOR THE LAST TIME"
"Juju Monkey"
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum





All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT