Your internet access is going to get suspended (says the Worm, this time!)
Trojan Horse
“NOD32 has pulled out another nasty from an email that arrived today on one of my spam honeypot addresses. Unlike last time, this time the identical (to me) message contains a Worm instead of a Trojan as an attachment. NOD32 identifies it as an exe file inside a zip file called “a variant of Win32/Nuwar worm”. Whatever. The sender is still a crook bastard and deserves everything he’ll get for attempting to harm a Buddhist! Ha. Ha.
This is the text of the message below, shown after NOD32 has done it’s work. It follows the normal human engineering type rules of fear, uncertainty and doubt (FUD), but poorly executed in language and spelling skills as well as a lack of verifiable authority behind their message.Your internet access is going to get suspended
Your internet access is going to get suspended
The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.We are aware of your illegal activities on the internet wich were originating from
You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.
Sincerely
ICS Monitoring Team
__________ ESET NOD32 Antivirus warning, version of virus signature database 3475 (20080926) __________Warning, ESET NOD32 Antivirus found the following threats in the message:
user-EA49943X-activities.zip – probably a variant of Win32/Nuwar worm – deleted
user-EA49943X-activities.zip > ZIP > user-EA49943X-activities.exe – probably a variant of Win32/Nuwar worm – was a part of the deleted object
user-EA49943X-activities.zip > ZIP > user-EA49943X-activities.exe > UPX v12_m2 – probably a variant of Win32/Nuwar worm – was a part of the deleted object
Twat bastards.
This is the header with my info removed (obviously :-? )
Return-Path: <email hidden; JavaScript is required>
X-Original-To: xxxxxxxxxxxxxxxxxxxxxxxxx
X-Envelope-To: xxxxxxxxxxxxxxxxxxxxxxxxx
Delivered-To: xxxxxxxxxxxxxxxxxxxxxxxxx
Received: from p4FD1D873.dip.t-dialin.net (p4FD1D873.dip.t-dialin.net [79.209.216.115])
by xxxxxxxxxxxxxxxxxxxxxxxxx (Postfix) with ESMTP id B86EFE000088
for <xxxxxxxxxxxxxxxxxxxxxxxxx>; Sat, 27 Sep 2008 10:26:47 +0100 (BST)
Message-ID: <67827.burton@chriss>
Date: Sat, 27 Sep 2008 07:39:20 +0000
From: “ICS Monitoring Team” <email hidden; JavaScript is required>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
dip.t-dialin.net is the dial-up part of t-Online (Deutsche Telkom) I think.
in.ml.com is a spoofed Merrill Lynch address which is kindov ironic given it’s profile in the last few weeks!
If anyone can tell me different I’d be pleased to know. I’m just starting to investigate how headers work….
Amazon Related:
- Adware And Spyware Such A Pain Spywares and adwares are not only annoying but more often than not tend to damage...
- Computer Viruses that Come a Callin' Every day new computer viruses are created to annoy us and to wreck havoc on...
- Home Network Security [/caption] Home Computer security 1. What is computer security? Computer security is the process of...
- Internet Security 2010 Scam Viciously ATTACKS "Protected" Computers, Scamming Uninformed Computer Users! Internet Security 2010 computer malware attacks my two "protected" computers, leading me to abandon the...
- Kaspersky Internet Security 2010 Features: Keeps your money and identity safe. Protects against bank account fraud. Safeguards against online...
- Apple’s New Tablet To Be Baptized iSlate? Let’s Dig A Little Deeper Nice scoop by MacRumors, which reportedly retrieved historical evidence that Apple has acquired the domain...
- Stiga T0591 Premium 2-Player Table Tennis Set User Reviews Send this to a friend Stiga T0591 Premium 2-Player Table Tennis Set Manufacturer:...