Another variation of the greeting card virus spreader in Security

Re: Another variation of the greeting card virus spreader

Wed, 22 Aug 2007 14:14:49 EDT

anon : I must be popular. The ones I got so far were for:

Joke-A-Day
Web Joker
Poker World
Web Cooking
Entertaining Pros

Sheesh...they must want me baaaaaaad! :D

Re: Another variation of the greeting card virus spreader

Wed, 22 Aug 2007 09:50:35 EDT

Doctor Four : Got none in my Spamcop Held Mail folder, which usually
gets around 12-18 items of spam a day. Not even one in
there, only the run of the mill pharma, stock spams, etc.

Now my mom's Yahoo email is a different story. She got
inundated by them, though not one got to the inbox.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 20:27:17 EDT

EGeezer :

said by StraitShoot :

I've gotten all the above and Avast detected them all...

I don't know if my AV would have detected them - I deleted the emails at RR's mail servers and used Sam Spade to read the linked addresses.

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 18:45:29 EDT

StraitShoot : I've gotten all the above and Avast detected them all...

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 18:13:24 EDT

kokuryu : I received one for "Free Ringtones" that made me suspicious - it was hosted by a company in Switzerland. The direct IP address was not responding, but the sub-domain associated with it was responding.

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 15:47:28 EDT

Jrb2 :

said by MagnusM :

A short analysis of this latest variant I just finished: »blog.misec.net/2007/08/21/latest···-emails/

Thanks Magnus !

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 14:43:41 EDT

jaykaykay : I get these darned things all the time. Happy to say, I didn't notice if I got anything like this one specifically as all my Spam, other than one or 2 a month, merely land in my ISP's filter. I can then look at the sender and title and know if it's something I've been waiting for or that is legit. If so, the address is put in my white list. Otherwise, each and everyone of them is put in deleted without opening. Speakeasy's filter really works well, I am pleased to say. I also am pleased to say that I learned long ago, be careful what I open. Most of the Spam I get should be under a heading of Joke A Day...some of the sender's names are hysterical. However, I don't take any of this c**p as a joke. I wish people would learn not to open and click on everything they get. :(
--
JKK:-)

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 14:29:16 EDT

MagnusM : A short analysis of this latest variant I just finished: »blog.misec.net/2007/08/21/latest···-emails/
--
Mischel Internet Security
http://www.misec.net

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 13:36:54 EDT

jimkyle : In the last 24 hours I've gotten a couple dozen of these and some of them are quite persistent. My Bayesian filtering plug-in seems to be trapping most of them now, but a few still manage to make it through.

One reason I'm getting so many is that one of my mail addresses has to be publicly visible on my commercial web site, and it's long since been added to the spammers' lists. I also got some 50 bounce messages Sunday morning, making it plain that someone has spoofed my address as the origin for some attack. While I have SPF in place on that domain, it doesn't seem to make much difference to most mail servers that send bounce messages...
--
Jim Kyle

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 13:25:32 EDT

KeysCapt : Got four of these today, all to my DSLR mail account. Cat lovers, dog lovers, and a couple of others. MailWasher is now deleting them by filter.

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 12:59:31 EDT

cabana : got two in the office mail this morning:

Greetings,

Welcome To Office Antics.

Member Number: 36959114545
Your Temp. Login ID: user1332
Temp Password ID: bp828

Please Change your login and change your Login Information.

Follow this Link: (disable) 83.248.36.119/

Thank You,
Support Department
Office Antics

and

Welcome,

Welcome To WebTunes.

User Number: 77179118
Login ID: user2230
Your Temp. Password ID: dz442

Be Secure. Change your Login ID and Password.

Follow this link, or paste it in your browser: disable 76.226.0.118/

Welcome,
Internet Support
WebTunes

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 11:30:04 EDT

kpatz : Also here: »Fake e-card viruses getting harder to stop

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 10:36:49 EDT

nwrickert : See thread »[Phish] Login Information in the »Spam, Scam and Phishbusters forum.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 10:15:36 EDT

BIGbadjohn :

said by caffeinator :

I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care.
-CaFF

Likewise here. I have Mailwasher and it is a blessing for these nuisance spam emails. :)

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 06:08:55 EDT

caffeinator : I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care.

Use a real server, use non-html, non-JS, non-inline-image email with AV.

Problem solved. :)

Email worms/virus/etc. can kiss my shiny silicon buttocks.

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein

Need an Avatar? Check out Wafen's Avatar Pages

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 05:38:12 EDT

tempnexus : YEah got one in my SPAM folder which I never look at.

Welcome Member,

We are so happy you joined Entertaining Pros.

User Number: 727617979
Your Temp. Login ID: user1460
Your Password ID: gl537

Please Change your login and change your Login Information.

Click here to enter our secure server: »8 6.1 30.2 51.1 99/

Enjoy,
Internet Support
Entertaining Pros

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 05:33:41 EDT

MagMan : Yes Sir this is one that I received. :)

New Member,

Welcome To Wine Lovers.

User Number: 8165971419
Temorary Login: user6050
Temorary Password: vr634

Please keep your account secure by logging in and changing your login info.

Click here to enter our secure server: »xxxxxxxxxxx

Welcome,
Technical Services
Wine Lovers
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 05:32:32 EDT

sjoeii : I think you must be indeed. haha :)
As long as you won't open anything you'll keep laughing
--
Kaspersky Labs Fan Club Project Manager
forum.kasperskyclub.com

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 05:20:27 EDT

BIGbadjohn : Got one myself this morning, we must be among the first recipients of this generous offer! :)

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 04:41:10 EDT

tempnexus : Damn I have yet to see a greeting card virus...I guess I get no love. :(

Re: Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 02:03:31 EDT

sjoeii : Haha

Looks like a funny spammer indeed. I really have no spam like these what soever. I guess my KIS is doing a great job
--
Kaspersky Labs Fan Club Project Manager
forum.kasperskyclub.com

Another variation of the greeting card virus spreader

Tue, 21 Aug 2007 01:56:40 EDT

EGeezer : Now it's a subscription to a service the spamee didn't ask for.

Dear Member,

Thank You for Joining Joke-A-Day.

User Number: 8814123239
Your Login ID: user5632
Password ID: wk333

Please Change your login and change your Login Information.

Use this link to change your Login info:
ht tp://aaa.bbb.ccc.ddd/

Welcome,
Membership Services
Joke-A-Day

Like the greeting card spams, the site indicates the dear reader must install something and provides an IP address link to an executable - code here;

This one is undoubtedly hosted by some unfortunate Cox customer with an infected PC.

PTR record is ip72-193-246-37.lv.lv.cox.net. Still live as of this post.