Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Spam, Scam and Phishbusters » Greeting card virus spam - Autoloaded
Search Topic:
Uniqs:
226		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
[scam] Weird email received -Spamming? »
« BestBuy Coupon (is a FRAUD)  
AuthorAll Replies


caesarv

join:1999-08-02
Santa Rosa, CA

1 edit		Greeting card virus spam - Autoloaded

I got this obvious fake greeting card email that wanted me to click on a fake link that went to »61.120.121.218 /%7Ecustomer/index.html, which I believe may be in Japan.
I tried to avoid clicking on the link, but my curiosity got the better of me. I first tried just the IP address alone but nothing was there. I then tried the entire link and the page immediately loaded AND a download was immediately started (BTW, I use Firefox 1.06). The file name was something that ended in .jpg.exe so I am fairly certain it was nothing good, not that I was expecting anything good! Anyhow, I quickly canceled the download and left the site.

Any brave souls out there with a disposable computer want to figure out what that really is? If it automatically downloaded the file, would it have automatically executed it too?

Edit: I added a space in the URL to prevent accidental clicking of the entire link. Now you will only get to the harmless parent directory.
to forum · permalink · · 2005-09-08 22:51:49 · Reply to this


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
·Time Warner VOIP

 I went to the site and a file download box opened and wanted to DL "postcard041083.jpg.exe" (I assume that is the date April 10 1983) I DLed it and my AV did not flag it as a bad file,HOWEVER,I AM NOT GONNA EXECUTE IT (Just in case)

Anyone else??
to forum · permalink · · 2005-09-08 23:31:29 · Reply to this


Mordy
Comfortably Numb
Premium,MVM,ExMod 2004-07
join:2001-12-02
Denver, CO
·Comcast Formerly ..

reply to caesarv
It's this »us.mcafee.com/virusInfo/default.···k=100021

Only mcafee found it (I scanned with quite a few different scanners). Seems like a pretty old virus.
--
Give generously to the Red Cross Hurricane Disaster Relief Fund
to forum · permalink · · 2005-09-08 23:35:53 · Reply to this


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest

reply to caesarv
I downloaded, but I won't run it. It is a 920K windows executable. I looked for interesting text messages, but couldn't find any. It does appear to reference
KERNEL32.DLL
ADVAPI32.DLL
COMCTL32.DLL
COMDLG32.DLL
GDI32.DLL
OLE32.DLL
SHELL32.DLL
USER32.DLL

The chances are high that it is malware.

I suggest that you edit your post to deactivate the link. I usually do that by changing the ":" to "<b>:</b> which puts the colon in bold (not noticable) but prevents the link from being clickable. Someone who really wants to can still cut and paste.
to forum · permalink · · 2005-09-08 23:46:28 · Reply to this


rfnut
Premium
join:2002-04-27
Fisher, IL
·Mediacom

reply to caesarv

AVG Detected
AVG caught it right off.
to forum · permalink · · 2005-09-09 07:05:47 · Reply to this
Forums » Up and Running » Security » Spam, Scam and Phishbusters[scam] Weird email received -Spamming? »
« BestBuy Coupon (is a FRAUD)  

Tuesday, 10-Nov 08:39:45 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [88] Verizon Keeps Swinging At AT&T
· [83] VoIP Over 3G Still Not Working For iPhone
· [33] Bill Would Force ISPs To Block Financial Scams
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [15] Clearwire To Get Another $1.5 Billion
· [11] Monday Evening Links
· [9] 15 States Have Now Gotten Broadband Mapping Money
· [6] AT&T Launching New 7.2 Mbps 3G Modem
· [1] Sprint Announces Job Cuts
· [0] Tuesday Morning Links
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· How in the world am I going to get into college? [General Questions]
· Sigh...time to switch from WindowMaker [All Things Unix]
· A fishy CRTC tarriff filed by bell? [TekSavvy]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Wood floor opinion... [Home Repair & Improvement]
· 60 Minutes piece on cyber security last night [Security]
· [WIN7] Standby mode. Is it just a dream? [Microsoft Help]
· Your ideal heroic 5-man class comp! [World of Warcraft]
· Microsoft Security Bulletin Summary for October 13, 2009 [Security]