New Trojan Warning...Complete With Spam Complaint

by Floyd Fisher 8 replies
(note: the following was done by a trained professional, do not attempt stuff like this at home)

Dear Warriors:

One of my hosting clients got an 'interesting email' and I figured I'd post the details here in case you get this one.

The body of the email follows:

> From: (name and email address removed)
> Subject: I am wait your reply
> To: (recipients email address removed)
> Date: Monday, September 8, 2008, 6:38 PM
> To Whom It May Concern:
>
> I am tired of receiving messages containing malicious
> computer programs (viruses) from your e-mail address!!!
> If within 1-2 days you do not stop sending messages to my
> e-mail address, I will have to address this issue to the
> Police!...
> Today I received a hard copy of your data logs from my
> Internet service provider. The copy contains your IP
> address, logs of sending malicious programs and your e-mail
> address details...
> I am sending you the copy of the document containing your
> data and logs of sending malicious programs as the proof of
> your fault!!!!!!
> You must print the document containing the list of your
> data and logs of sending malicious programs and pass it on
> to your Internet service provider with, so that they could
> find out why the viruses are sent from your computer to my
> e-mail address!!!!
>
> Ask your Internet service provider to resolve this
> problem!!!!
>
> Do this now!!!
> Once again!!! If you donʼt stop sending the letters, I
> will address to the Police and file a lawsuit against you!!!!!!

There was an attached file to it that was a zip file that supposedly contains IP logs that allegedly prove a crime. Inside was...lo and behold, an exe file masquerading as a pdf!

My spidey sense told me then and there this was a very, very suspicious file indeed. So, like the trained professional I am, I send a copy of the file to Symantec to see what's up.

Turns out the thing is infected with 'Infostealer.Banker.C' which is explained below:

Infostealer.Banker.C - Symantec.com

Lesson: If you get an email similar to this one, ignore it and delete immediately. It's not a real spam complaint, just some yahoo trying to hack your machine.
#main internet marketing discussion forum #complaint #spam #trojan #warningcomplete
Avatar of Unregistered
  • Profile picture of the author mysteryleaves
    thanks for info
    {{ DiscussionBoard.errors[89609].message }}
    • Profile picture of the author grumpyjacksa
      thanx

      will be on the lookout
      Signature
      Ex-ghostwriter now writing exclusive PLR ebooks - Limited PLR Club
      {{ DiscussionBoard.errors[89867].message }}
      • Profile picture of the author GarrieWilson
        I'd ignore it ven w/out the attachment.

        Unless I'm bored. Which I am most of the time.
        Signature
        Screw You, NameCheap!
        $1 Off NameSilo Domain Coupons:

        SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
        {{ DiscussionBoard.errors[89878].message }}
        • Profile picture of the author infinite
          Thanks for the heads up.... I just got one of them too and although I was 99.9% sure it was a hoax, it made me curious. Of course - I did a quick google search of the email contents and ended up at my favorite place (just NOT in the WSO section for once in my life! - lol)

          Again - thanks for the heads up.

          Aaron
          {{ DiscussionBoard.errors[89885].message }}
          • Profile picture of the author MrLeN
            I just received such an email 5 minutes ago so I googled it.

            I found this thread. So, for what ever it's worth, here's the email:

            X-Message-Delivery: Vj0zLjQuMDt1cz0wO2w9MDthPTA=
            X-Message-Status: n:0
            X-SID-PRA: Elma Workman <laowco@bradleyandassociates.com>
            X-Message-Info: 6sSXyD95QpV00IIgjsTh+YawfpHDgpqpzBd0/CsTm5NOvH5/6fJOphqMOPisrkL7hMd9YT4jXdLCNx6S7y+Xsw==
            Received: from server.poozz.com ([72.249.17.98]) by bay0-mc9-f8.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
            Tue, 9 Sep 2008 01:54:24 -0700
            Received: from [64.160.216.100]
            by server.poozz.com with esmtp (Exim 4.63)
            (envelope-from <laowco@bradleyandassociates.com>)
            id 1KcywA-0008RO-UI
            for MYEMAIL@MYEMAIL.COM; Tue, 09 Sep 2008 08:51:19 +0000
            Received: from [64.160.216.100] by domain-relay.mspring.net; Tue, 9 Sep 2008 00:51:03 -0800
            From: "Elma Workman" <laowco@bradleyandassociates.com>
            To: <MYEMAIL@MYEMAIL.COM>
            Subject: I am wait your reply
            Date: Tue, 9 Sep 2008 00:51:03 -0800
            Message-ID: <01c91216$22407580$64d8a040@laowco>
            MIME-Version: 1.0
            Content-Type: multipart/mixed;
            boundary="----=_NextPart_000_000E_01C91216.22407580"
            X-Priority: 3 (Normal)
            X-MSMail-Priority: Normal
            X-Mailer: Microsoft Outlook, Build 10.0.2627
            X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
            Importance: Normal
            X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
            X-AntiAbuse: Primary Hostname - server.poozz.com
            X-AntiAbuse: Original Domain - mrlen.com
            X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
            X-AntiAbuse: Sender Address Domain - bradleyandassociates.com
            X-Source:
            X-Source-Args:
            X-Source-Dir:
            Return-Path: laowco@bradleyandassociates.com
            X-OriginalArrivalTime: 09 Sep 2008 08:54:26.0115 (UTC) FILETIME=[A9749930:01C91259]

            This is a multi-part message in MIME format.

            ------=_NextPart_000_000E_01C91216.22407580
            Content-Type: text/plain;
            charset="iso-8859-2"
            Content-Transfer-Encoding: 7bit

            To Whom It May Concern:

            I am tired of receiving messages containing malicious computer programs (viruses) from your e-mail address!!!
            If within 1-2 days you do not stop sending messages to my e-mail address, I will have to address this issue to the Police!...
            Today I received a hard copy of your data logs from my Internet service provider. The copy contains your IP address, logs of sending malicious programs and your e-mail address details...
            I am sending you the copy of the document containing your data and logs of sending malicious programs as the proof of your fault!!!!!!
            You must print the document containing the list of your data and logs of sending malicious programs and pass it on to your Internet service provider with, so that they could find out why the viruses are sent from your computer to my e-mail address!!!!

            Ask your Internet service provider to resolve this problem!!!!

            Do this now!!!
            Once again!!! If you don’t stop sending the letters, I will address to the Police and file a lawsuit against you!!!
            {{ DiscussionBoard.errors[89928].message }}
            • Profile picture of the author BIG Mike
              Banned
              [DELETED]
              {{ DiscussionBoard.errors[90003].message }}
              • Profile picture of the author infrequentlyhere
                Got the same message this morning. The "I am wait" was a bit of a giveaway.

                However, the thing that got me wondering, is that sometimes I do get spam emails that appear to come from my own email address.

                So obviously, I've been put on some list, somehow.

                Is there a way to get my email address off these things, or is it just the price I pay for having posted my business email address on my website?
                {{ DiscussionBoard.errors[90037].message }}
                • Profile picture of the author Floyd Fisher
                  Originally Posted by infrequentlyhere View Post

                  Got the same message this morning. The "I am wait" was a bit of a giveaway.

                  However, the thing that got me wondering, is that sometimes I do get spam emails that appear to come from my own email address.

                  So obviously, I've been put on some list, somehow.

                  Is there a way to get my email address off these things, or is it just the price I pay for having posted my business email address on my website?
                  There are ways to 'hide' the email while posting it on your website.

                  name.nospam@nospam.mywebsite.nospam.com

                  or

                  name [at] mywebsite <dot> com

                  Of course, by now it's too late for any of that to do any good.

                  As far as getting off the list is concerned, there is no way I know of to do that as spammers never allow you to unsubscribe.
                  {{ DiscussionBoard.errors[90468].message }}
                  • Profile picture of the author JohnMcCabe
                    Originally Posted by Floyd Fisher View Post

                    There are ways to 'hide' the email while posting it on your website.

                    name.nospam@nospam.mywebsite.nospam.com

                    or

                    name [at] mywebsite <dot> com

                    Of course, by now it's too late for any of that to do any good.

                    As far as getting off the list is concerned, there is no way I know of to do that as spammers never allow you to unsubscribe.
                    At this point, I wouldn't even attempt to get off those lists.

                    According to an article I read awhile back in Wired, a confirmed live email is worth about three times what a run of the mill, scraped email brings.

                    Spammers will harvest millions of emails, then send some message with what appears to be a legitimate unsubscribe link. The link does unsubscribe you from that list - and confirms that they found a live email. Within days, sometimes even hours, your spam load will go up significantly.

                    According to the article, the buying and selling of email lists purely for spamming is a multi-hundred-million dollar a year business. Most of it comes from countries that are more enamored of the hard money spam brings in than they are of treaties, laws and such.
                    {{ DiscussionBoard.errors[90543].message }}
Avatar of Unregistered

Trending Topics