LATEST threat

[Craig A]

Here's one I just received with an attached zip file named hotfix-37583.zip.
YUP! I'm SURE it'll fix me right up!!!!!!!!!!!!!!
And the "text" was sent as an image file so I couldn't even copy it!
It originated in Amsterdam...............

[JKWidener]

In the past two days i have been getting emails sent to me from overseas providers with the atatchment of greetingcard.exe and alot of other .exe files in other emails... I have my outlook set up to not accept and file like the ones mentioned. So outlook only shows the name of the atachment only and tells me its an .exe file... What i wouldnt give to have there home and email adresses ....

[Craig A]

JK.......SOMETIMES, in the header, you will find an email address that may or may not work.....WHEN I find one I USE it.......as this is a family oriented site I can't say what the response is but TRUST ME.......it ain't pretty......
Also, in brackets like this: [1923.168.1.16] you will find the source of the email which you can use to trace it here: http://www.network-tools.com/
Check the EXPRESS box and see what happens.
At the minimum you will usually find an abuse reporting address.

[JKWidener]

Well as i sit back down at the computer this morning i had another email. It was the same as you got. hotfix.ZIP. And there is something else interesting about this, it is getting past the virus scanner with my isp Sbcglobal/yahoo, It tells me that they were unable to scan this message for a virus. This is the only type of messages that are going through unscanned...

[Bill Geyer]

I don't even open Emails like that.

[Craig A]

I virus scanned the hotfix.ZIP. and it passed the scan....which is neither here nor there....except they are getting smarter and smarter.
FYI that message WAS trapped in my spam filter but I had it delivered to see what was what and to report it.
My Spam filter prescans all emails with McAfee and it passed that too.
I wish someone could extract and analyze that zipped file to see what the payload is...............
Some kid with an offline "junk" computer probably could figure it out in 2 minutes..............
Craig

[JKWidener]

If i get another one sent to me then i will burn it to disk and i will use an old computer i have here that needs some work to open it...Offline of course. Then mabey it will open some doors "Or just close all of them" lol but with this computer, i have nothing to lose. It was gave to me for parts but i did get everything working but the onboard sound. Its an old 386 running win98..... I will keep you updated....

[Craig A]

JK!!!!!!!!!
I FOUND the ZIP in my online sent folder...............
If you want to play with it email me (with a real email address so you can get the attachment) and I'll send it to you............
Craig

(Enquiring minds want to know..........)

[JKWidener]

Here is what it is... DONT OPEN IT....

The attachment is in the ZIP file. It contains a trojan horse that will install itself on the system as a system driver and then will download other malicious programs from various computers on the Internet. The file contained within the ZIP file will be detected as Trojan.Packed.13. If the user executes this file it will create another file that will be detected as Trojan.Peacomm

[JKWidener]

If you have opened a file like this, Most virus scanners have not released a patch for this file. I would suggest running a program called Trend Micro Housecall. Its free of charge and can be found here. http://housecall.trendmicro.com/

[Craig A]

Well THAT was quick!!!!!!!!!!!!
Thanks!
I figured it was a trojan of some sort...............but it could have as easily been a boot sector virus too..........
Thanks again!

Craig

[Tom Lumpkins]

I'm new to the site, But when I get email from someone I don't know I delete, I don't even open it up.and I never take attachments even from people I know, you get some emails that will have hundreds of emails on it from where it has been forwarded to death. I hate to have my name added to the list on those notes, A spammer gets hold of it, Then you get spammed to death.

[Nork]

Hi every one, a spatially Craig,

Be warned that spammers never use their own home/business email address. If you have one that works its either a victim that has that mail opened and became a part of a drone network (net work of infected computers) or it ends up in a domain trashcan. There is a new initiative on making a new verification on emails and the servers but it will take 1 to 4 years before it is fully implemented. Maybe then we’ll get less spam and spam with Trojans.

I would like to get rid rather yesterday than today but their a real plague. But I also have to warn for some nifty helping files and programs. I have found that some well known systems their names are used in bad programs to be found around. Lava soft with ad-aware is one of them. A other program that I use is “Spyware Doctor” from PC Tools. This in combination with a virus scanner (in my case McAfee) is a good protection for what the virus scanner didn’t see spy dr. will pick up and visa versa. I do have to warn that this all costs memory and a big load on the CPU.

I have no problems and it seems pretty clean on my systems. So no doubt there be some on there but not half as many that are installed on an average PC

NorK

[Craig A]

Yesterday I recieved 6 identical spams that escaped my filter as MY email address was listed as the sender.......
I did IP traces on all of them and they orginated in: Amsterdam, Russia, Argentina and I forgot the other three.
I reported the ones that turned up an abuse reporting address and personally replied to the others, none of which bounced back........
You don't want to know the content of the emails I sent...............
In addition to forwarding to the abuse center I also forward them, WITH HEADERS, to spamcop.
I know it won't do any good as they use disposable addresses anyway but it makes me feel a little better...........

[Ackman]

I NEVER , repeat NEVER open an E-mail that I don't recognize!!! I have 3 different E-mail addresses, one of which, is getting to be a BIG PIA, due to all the DAMN SPAM & other CRAP I've been getting, lately!!! (I'm sure that Craig knows "which one" I'm talking about. ) & I'm going to be dropping that E-mail account VERY soon!

[BDMelon]

Quote:

Originally Posted by Randy Ackley

I NEVER , repeat NEVER open an E-mail that I don't recognize!!! I have 3 different E-mail addresses, one of which, is getting to be a BIG PIA, due to all the DAMN SPAM & other CRAP I've been getting, lately!!! (I'm sure that Craig knows "which one" I'm talking about. ) & I'm going to be dropping that E-mail account VERY soon!

Don' forget to tell you freindly Melon you changes
(EEEEKKKK) ------lol