Broadband Tech > Security > Security > Another variation of the greeting card virus spreader

Another variation of the greeting card virus spreader

HTTP/1.1 200 OK
 
Server: nginx/0.5.17
 
Date: Tue, 21 Aug 2007 05:40:50 GMT
 
Content-Type: text/html
 
Transfer-Encoding: chunked
 
Connection: close
 
X-Powered-By: PHP/5.2.1
 
6b
 
If you do not see the Secure Login Window please install our <a href="/applet.exe">Secure Login Applet</a>.
 
0
 
Content-Expire: 1
 

Haha

Looks like a funny spammer indeed. I really have no spam like these what soever. I guess my KIS is doing a great job
--
Kaspersky Labs Fan Club Project Manager
forum.kasperskyclub.com

reply to EGeezer
Damn I have yet to see a greeting card virus...I guess I get no love.

reply to EGeezer
Got one myself this morning, we must be among the first recipients of this generous offer!

reply to EGeezer
I think you must be indeed. haha
As long as you won't open anything you'll keep laughing
--
Kaspersky Labs Fan Club Project Manager
forum.kasperskyclub.com

reply to EGeezer
Yes Sir this is one that I received.

New Member,

Welcome To Wine Lovers.

User Number: 8165971419
Temorary Login: user6050
Temorary Password: vr634

Please keep your account secure by logging in and changing your login info.

Click here to enter our secure server: »xxxxxxxxxxx

Welcome,
Technical Services
Wine Lovers
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

reply to EGeezer
YEah got one in my SPAM folder which I never look at.

Welcome Member,

We are so happy you joined Entertaining Pros.

User Number: 727617979
Your Temp. Login ID: user1460
Your Password ID: gl537

Please Change your login and change your Login Information.

Click here to enter our secure server: »8 6.1 30.2 51.1 99/

Enjoy,
Internet Support
Entertaining Pros

reply to EGeezer
I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care.

Use a real server, use non-html, non-JS, non-inline-image email with AV.

Problem solved.

Email worms/virus/etc. can kiss my shiny silicon buttocks.

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein

Need an Avatar? Check out Wafen's Avatar Pages

reply to EGeezer
See thread »[Phish] Login Information in the »Scam and Phishbusters forum.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5

Also here: »Fake e-card viruses getting harder to stop

got two in the office mail this morning:

Greetings,

Welcome To Office Antics.

Member Number: 36959114545
Your Temp. Login ID: user1332
Temp Password ID: bp828

Please Change your login and change your Login Information.

Follow this Link: (disable) 83.248.36.119/

Thank You,
Support Department
Office Antics

and

Welcome,

Welcome To WebTunes.

User Number: 77179118
Login ID: user2230
Your Temp. Password ID: dz442

Be Secure. Change your Login ID and Password.

Follow this link, or paste it in your browser: disable 76.226.0.118/

Welcome,
Internet Support
WebTunes

reply to EGeezer
Got four of these today, all to my DSLR mail account. Cat lovers, dog lovers, and a couple of others. MailWasher is now deleting them by filter.

reply to EGeezer
In the last 24 hours I've gotten a couple dozen of these and some of them are quite persistent. My Bayesian filtering plug-in seems to be trapping most of them now, but a few still manage to make it through.

One reason I'm getting so many is that one of my mail addresses has to be publicly visible on my commercial web site, and it's long since been added to the spammers' lists. I also got some 50 bounce messages Sunday morning, making it plain that someone has spoofed my address as the origin for some attack. While I have SPF in place on that domain, it doesn't seem to make much difference to most mail servers that send bounce messages...
--
Jim Kyle

reply to EGeezer
A short analysis of this latest variant I just finished: »blog.misec.net/2007/08/21/latest···-emails/
--
Mischel Internet Security
http://www.misec.net

reply to EGeezer
I get these darned things all the time. Happy to say, I didn't notice if I got anything like this one specifically as all my Spam, other than one or 2 a month, merely land in my ISP's filter. I can then look at the sender and title and know if it's something I've been waiting for or that is legit. If so, the address is put in my white list. Otherwise, each and everyone of them is put in deleted without opening. Speakeasy's filter really works well, I am pleased to say. I also am pleased to say that I learned long ago, be careful what I open. Most of the Spam I get should be under a heading of Joke A Day...some of the sender's names are hysterical. However, I don't take any of this c**p as a joke. I wish people would learn not to open and click on everything they get.
--
JKK

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay

reply to MagnusM

reply to EGeezer
I received one for "Free Ringtones" that made me suspicious - it was hosted by a company in Switzerland. The direct IP address was not responding, but the sub-domain associated with it was responding.

reply to EGeezer
I've gotten all the above and Avast detected them all...