Another variation of the greeting card virus spreader

Forums » Up and Running » Security » Security » Another variation of the greeting card virus spreader


Uniqs: 1798	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Fake e-card viruses getting harder to stop »
« Is a supercomputer possible with a bot net and dis comp tech

EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!

·Callcentric

·RoadRunner Cable

·AT&T CallVantage

Another variation of the greeting card virus spreader

Now it's a subscription to a service the spamee didn't ask for.

Dear Member,

Thank You for Joining Joke-A-Day.

User Number: 8814123239
Your Login ID: user5632
Password ID: wk333

Please Change your login and change your Login Information.

Use this link to change your Login info:
ht tp://aaa.bbb.ccc.ddd/

Welcome,
Membership Services
Joke-A-Day

Like the greeting card spams, the site indicates the dear reader must install something and provides an IP address link to an executable - code here;

This one is undoubtedly hosted by some unfortunate Cox customer with an infected PC.

PTR record is ip72-193-246-37.lv.lv.cox.net. Still live as of this post.

permalink · 2007-08-21 01:56:40 · Print ·

sjoeii Premium join:2007-08-07	Re: Another variation of the greeting card virus spreader Haha Looks like a funny spammer indeed. I really have no spam like these what soever. I guess my KIS is doing a great job -- Kaspersky Labs Fan Club Project Manager forum.kasperskyclub.com
	permalink · 2007-08-21 02:03:31 ·

tempnexus Premium join:1999-08-11 Boston, MA	Damn I have yet to see a greeting card virus...I guess I get no love.
	permalink · 2007-08-21 04:41:10 ·

BIGbadjohn HI JFK, you frightened us back in 1962 Premium join:2003-03-05 Ireland	Got one myself this morning, we must be among the first recipients of this generous offer!
	permalink · 2007-08-21 05:20:27 ·

sjoeii Premium join:2007-08-07	I think you must be indeed. haha As long as you won't open anything you'll keep laughing -- Kaspersky Labs Fan Club Project Manager forum.kasperskyclub.com
	permalink · 2007-08-21 05:32:32 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

·AT&T Midwest

Yes Sir this is one that I received.

New Member,

Welcome To Wine Lovers.

User Number: 8165971419
Temorary Login: user6050
Temorary Password: vr634

Please keep your account secure by logging in and changing your login info.

Click here to enter our secure server: »xxxxxxxxxxx

Welcome,
Technical Services
Wine Lovers
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

permalink · 2007-08-21 05:33:41 · Print ·

tempnexus Premium join:1999-08-11 Boston, MA	YEah got one in my SPAM folder which I never look at. Welcome Member, We are so happy you joined Entertaining Pros. User Number: 727617979 Your Temp. Login ID: user1460 Your Password ID: gl537 Please Change your login and change your Login Information. Click here to enter our secure server: »8 6.1 30.2 51.1 99/ Enjoy, Internet Support Entertaining Pros
	permalink · 2007-08-21 05:38:12 ·

caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA

·WebBand

I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care.

Use a real server, use non-html, non-JS, non-inline-image email with AV.

Problem solved.

Email worms/virus/etc. can kiss my shiny silicon buttocks.

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein

Need an Avatar? Check out Wafen's Avatar Pages

permalink · 2007-08-21 06:08:55 · Print ·

BIGbadjohn HI JFK, you frightened us back in 1962 Premium join:2003-03-05 Ireland ·Fast.co.uk	Re: Another variation of the greeting card virus spreader said by caffeinator : I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care. -CaFF Likewise here. I have Mailwasher and it is a blessing for these nuisance spam emails.
	permalink · 2007-08-21 10:15:36 ·

nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	See thread »[Phish] Login Information in the »Spam, Scam and Phishbusters forum. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5
	permalink · 2007-08-21 10:36:49 ·

kpatz MY HEAD A SPLODE Premium join:2003-06-13 Manchester, NH	Re: Another variation of the greeting card virus spreader Also here: »Fake e-card viruses getting harder to stop
	permalink · 2007-08-21 11:30:04 ·

cabana
now in peppermint
Assistant
join:2000-07-07
New York, NY

Host:
AT&T Southeast
56k Lookout (Broad..

2 edits

Re: Another variation of the greeting card virus spreader

got two in the office mail this morning:

Greetings,

Welcome To Office Antics.

Member Number: 36959114545
Your Temp. Login ID: user1332
Temp Password ID: bp828

Please Change your login and change your Login Information.

Follow this Link: (disable) 83.248.36.119/

Thank You,
Support Department
Office Antics

and

Welcome,

Welcome To WebTunes.

User Number: 77179118
Login ID: user2230
Your Temp. Password ID: dz442

Be Secure. Change your Login ID and Password.

Follow this link, or paste it in your browser: disable 76.226.0.118/

Welcome,
Internet Support
WebTunes

permalink · 2007-08-21 12:59:31 · Print ·

KeysCapt Premium,Mod join:2001-07-11 Keys Exile clubs:	Got four of these today, all to my DSLR mail account. Cat lovers, dog lovers, and a couple of others. MailWasher is now deleting them by filter.
	permalink · 2007-08-21 13:25:32 ·

jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK

·AT&T Southwest

In the last 24 hours I've gotten a couple dozen of these and some of them are quite persistent. My Bayesian filtering plug-in seems to be trapping most of them now, but a few still manage to make it through.

One reason I'm getting so many is that one of my mail addresses has to be publicly visible on my commercial web site, and it's long since been added to the spammers' lists. I also got some 50 bounce messages Sunday morning, making it plain that someone has spoofed my address as the origin for some attack. While I have SPF in place on that domain, it doesn't seem to make much difference to most mail servers that send bounce messages...
--
Jim Kyle

permalink · 2007-08-21 13:36:54 · Print ·

MagnusM Premium join:2001-07-07	A short analysis of this latest variant I just finished: »blog.misec.net/2007/08/21/latest···-emails/ -- Mischel Internet Security http://www.misec.net
	permalink · 2007-08-21 14:29:16 ·

Jrb2 Premium join:2001-08-31	Re: Another variation of the greeting card virus spreader said by MagnusM : A short analysis of this latest variant I just finished: »blog.misec.net/2007/08/21/latest···-emails/ Thanks Magnus !
	permalink · 2007-08-21 15:47:28 ·

jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ

·Speakeasy

I get these darned things all the time. Happy to say, I didn't notice if I got anything like this one specifically as all my Spam, other than one or 2 a month, merely land in my ISP's filter. I can then look at the sender and title and know if it's something I've been waiting for or that is legit. If so, the address is put in my white list. Otherwise, each and everyone of them is put in deleted without opening. Speakeasy's filter really works well, I am pleased to say. I also am pleased to say that I learned long ago, be careful what I open. Most of the Spam I get should be under a heading of Joke A Day...some of the sender's names are hysterical. However, I don't take any of this c**p as a joke. I wish people would learn not to open and click on everything they get.

--
JKK

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay

permalink · 2007-08-21 14:43:41 · Print ·

kokuryu join:2000-10-10 Hollywood, FL	I received one for "Free Ringtones" that made me suspicious - it was hosted by a company in Switzerland. The direct IP address was not responding, but the sub-domain associated with it was responding.
	permalink · 2007-08-21 18:13:24 ·

StraitShoot Who Loves Ya Baby? - Theo Kojak Premium join:2003-02-08 Clinton, MA	I've gotten all the above and Avast detected them all...
	permalink · 2007-08-21 18:45:29 ·

EGeezer Go Bobcats Premium join:2002-08-04 Country! ·Callcentric ·RoadRunner Cable ·AT&T CallVantage	Re: Another variation of the greeting card virus spreader said by StraitShoot : I've gotten all the above and Avast detected them all... I don't know if my AV would have detected them - I deleted the emails at RR's mail servers and used Sam Spade to read the linked addresses.
	permalink · 2007-08-21 20:27:17 ·

Doctor Four My other vehicle is a TARDIS Premium join:2000-09-05 Dallas, TX ·AT&T U-Verse	Got none in my Spamcop Held Mail folder, which usually gets around 12-18 items of spam a day. Not even one in there, only the run of the mill pharma, stock spams, etc. Now my mom's Yahoo email is a different story. She got inundated by them, though not one got to the inbox. -- "The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
	permalink · 2007-08-22 09:50:35 ·

Eskhalon @comcast.net	I must be popular. The ones I got so far were for: Joke-A-Day Web Joker Poker World Web Cooking Entertaining Pros Sheesh...they must want me baaaaaaad!
	permalink · 2007-08-22 14:14:49 ·

your comment..

Forums » Up and Running » Security » Security	Fake e-card viruses getting harder to stop » « Is a supercomputer possible with a bot net and dis comp tech


Wednesday, 02-Dec 10:39:05	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF