EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
|  Another variation of the greeting card virus spreader
Now it's a subscription to a service the spamee didn't ask for.
Dear Member,
Thank You for Joining Joke-A-Day.
User Number: 8814123239
Your Login ID: user5632
Password ID: wk333
Please Change your login and change your Login Information.
Use this link to change your Login info:
ht tp://aaa.bbb.ccc.ddd/
Welcome,
Membership Services
Joke-A-Day
Like the greeting card spams, the site indicates the dear reader must install something and provides an IP address link to an executable - code here;
This one is undoubtedly hosted by some unfortunate Cox customer with an infected PC.
PTR record is ip72-193-246-37.lv.lv.cox.net. Still live as of this post. |
|
sjoeii
Premium
join:2007-08-07 | Haha
Looks like a funny spammer indeed. I really have no spam like these what soever. I guess my KIS is doing a great job
--
Kaspersky Labs Fan Club Project Manager
forum.kasperskyclub.com |
|
tempnexus
Premium
join:1999-08-11
Boston, MA | reply to EGeezer
Damn I have yet to see a greeting card virus...I guess I get no love.  |
|
BIGbadjohn
HI JFK, you frightened us back in 1962
Premium
join:2003-03-05
Ireland | reply to EGeezer
Got one myself this morning, we must be among the first recipients of this generous offer!  |
|
sjoeii
Premium
join:2007-08-07 | reply to EGeezer
I think you must be indeed. haha
As long as you won't open anything you'll keep laughing
--
Kaspersky Labs Fan Club Project Manager
forum.kasperskyclub.com |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
 ·AT&T Midwest
·AT&T Midwest
| reply to EGeezer
Yes Sir this is one that I received.
New Member,
Welcome To Wine Lovers.
User Number: 8165971419
Temorary Login: user6050
Temorary Password: vr634
Please keep your account secure by logging in and changing your login info.
Click here to enter our secure server: »xxxxxxxxxxx
Welcome,
Technical Services
Wine Lovers
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
tempnexus
Premium
join:1999-08-11
Boston, MA
| reply to EGeezer
YEah got one in my SPAM folder which I never look at.
Welcome Member,
We are so happy you joined Entertaining Pros.
User Number: 727617979
Your Temp. Login ID: user1460
Your Password ID: gl537
Please Change your login and change your Login Information.
Click here to enter our secure server: »8 6.1 30.2 51.1 99/
Enjoy,
Internet Support
Entertaining Pros |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
·WebBand
| reply to EGeezer
I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care.
Use a real server, use non-html, non-JS, non-inline-image email with AV.
Problem solved.
Email worms/virus/etc. can kiss my shiny silicon buttocks.
-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein
Need an Avatar? Check out Wafen's Avatar Pages |
|
BIGbadjohn
HI JFK, you frightened us back in 1962
Premium
join:2003-03-05
Ireland
·Fast.co.uk
| said by caffeinator  :I've been getting more of these again lately too, but as I don't actually download any emails from my server, I don't much care. -CaFF Likewise here. I have Mailwasher and it is a blessing for these nuisance spam emails. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
·AT&T Midwest
| reply to EGeezer
See thread »[Phish] Login Information in the »Spam, Scam and Phishbusters forum.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.5 |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH | Also here: »Fake e-card viruses getting harder to stop |
|
cabana
now in peppermint
Assistant
join:2000-07-07
New York, NY
Host:
AT&T Southeast
56k Lookout (Broad..
2 edits | got two in the office mail this morning:
Greetings,
Welcome To Office Antics.
Member Number: 36959114545
Your Temp. Login ID: user1332
Temp Password ID: bp828
Please Change your login and change your Login Information.
Follow this Link: (disable) 83.248.36.119/
Thank You,
Support Department
Office Antics
and
Welcome,
Welcome To WebTunes.
User Number: 77179118
Login ID: user2230
Your Temp. Password ID: dz442
Be Secure. Change your Login ID and Password.
Follow this link, or paste it in your browser: disable 76.226.0.118/
Welcome,
Internet Support
WebTunes |
|
KeysCapt
Premium,Mod
join:2001-07-11
Keys Exile
clubs: | reply to EGeezer
Got four of these today, all to my DSLR mail account. Cat lovers, dog lovers, and a couple of others. MailWasher is now deleting them by filter. |
|
jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
·AT&T Southwest
| reply to EGeezer
In the last 24 hours I've gotten a couple dozen of these and some of them are quite persistent. My Bayesian filtering plug-in seems to be trapping most of them now, but a few still manage to make it through.
One reason I'm getting so many is that one of my mail addresses has to be publicly visible on my commercial web site, and it's long since been added to the spammers' lists. I also got some 50 bounce messages Sunday morning, making it plain that someone has spoofed my address as the origin for some attack. While I have SPF in place on that domain, it doesn't seem to make much difference to most mail servers that send bounce messages...
--
Jim Kyle |
|
MagnusM
Premium
join:2001-07-07
| reply to EGeezer
A short analysis of this latest variant I just finished: »blog.misec.net/2007/08/21/latest···-emails/
--
Mischel Internet Security
http://www.misec.net |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
·Speakeasy
| reply to EGeezer
I get these darned things all the time. Happy to say, I didn't notice if I got anything like this one specifically as all my Spam, other than one or 2 a month, merely land in my ISP's filter. I can then look at the sender and title and know if it's something I've been waiting for or that is legit. If so, the address is put in my white list. Otherwise, each and everyone of them is put in deleted without opening. Speakeasy's filter really works well, I am pleased to say. I also am pleased to say that I learned long ago, be careful what I open. Most of the Spam I get should be under a heading of Joke A Day...some of the sender's names are hysterical. However, I don't take any of this c**p as a joke. I wish people would learn not to open and click on everything they get.
--
JKK
Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!
»www.pbase.com/jaykaykay
|
|
Jrb2
Premium
join:2001-08-31
| reply to MagnusM
Thanks Magnus ! |
|
kokuryu
join:2000-10-10
Hollywood, FL | reply to EGeezer
I received one for "Free Ringtones" that made me suspicious - it was hosted by a company in Switzerland. The direct IP address was not responding, but the sub-domain associated with it was responding. |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA | reply to EGeezer
I've gotten all the above and Avast detected them all... |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| said by StraitShoot :I've gotten all the above and Avast detected them all... I don't know if my AV would have detected them - I deleted the emails at RR's mail servers and used Sam Spade to read the linked addresses. |
|
