Greeting card virus spam - Autoloaded

Forums » Up and Running » Security » Spam, Scam and Phishbusters » Greeting card virus spam - Autoloaded


Uniqs: 231	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing

[scam] Weird email received -Spamming? »
« BestBuy Coupon (is a FRAUD)

caesarv

join:1999-08-02
Santa Rosa, CA

1 edit

Greeting card virus spam - Autoloaded

I got this obvious fake greeting card email that wanted me to click on a fake link that went to »61.120.121.218 /%7Ecustomer/index.html, which I believe may be in Japan.
I tried to avoid clicking on the link, but my curiosity got the better of me. I first tried just the IP address alone but nothing was there. I then tried the entire link and the page immediately loaded AND a download was immediately started (BTW, I use Firefox 1.06). The file name was something that ended in .jpg.exe so I am fairly certain it was nothing good, not that I was expecting anything good! Anyhow, I quickly canceled the download and left the site.

Any brave souls out there with a disposable computer want to figure out what that really is? If it automatically downloaded the file, would it have automatically executed it too?

Edit: I added a space in the URL to prevent accidental clicking of the entire link. Now you will only get to the harmless parent directory.

permalink · 2005-09-08 22:51:49 · Print ·

Dude111 An Awesome Dude Premium join:2003-08-04 USA ·Time Warner VOIP	Re: Greeting card virus spam - Autoloaded I went to the site and a file download box opened and wanted to DL "postcard041083.jpg.exe" (I assume that is the date April 10 1983) I DLed it and my AV did not flag it as a bad file,HOWEVER,I AM NOT GONNA EXECUTE IT (Just in case) Anyone else??
	permalink · 2005-09-08 23:31:29 ·

Mordy Comfortably Numb Premium,MVM,ExMod 2004-07 join:2001-12-02 Denver, CO ·Comcast Formerly ..	It's this »us.mcafee.com/virusInfo/default.···k=100021 Only mcafee found it (I scanned with quite a few different scanners). Seems like a pretty old virus. -- Give generously to the Red Cross Hurricane Disaster Relief Fund
	permalink · 2005-09-08 23:35:53 ·

nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL

·AT&T U-Verse

·AT&T Midwest

I downloaded, but I won't run it. It is a 920K windows executable. I looked for interesting text messages, but couldn't find any. It does appear to reference
KERNEL32.DLL
ADVAPI32.DLL
COMCTL32.DLL
COMDLG32.DLL
GDI32.DLL
OLE32.DLL
SHELL32.DLL
USER32.DLL

The chances are high that it is malware.

I suggest that you edit your post to deactivate the link. I usually do that by changing the ":" to "<b>:</b> which puts the colon in bold (not noticable) but prevents the link from being clickable. Someone who really wants to can still cut and paste.

permalink · 2005-09-08 23:46:28 · Print ·

rfnut
Premium
join:2002-04-27
Fisher, IL

·Mediacom

AVG Detected

AVG caught it right off.

permalink · 2005-09-09 07:05:47 ·

your comment..

Forums » Up and Running » Security » Spam, Scam and Phishbusters	[scam] Weird email received -Spamming? » « BestBuy Coupon (is a FRAUD)


Monday, 30-Nov 22:27:35	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF

Greeting card virus spam - Autoloaded

Re: Greeting card virus spam - Autoloaded