CPF email fraud/virus???

I received a very interesting email this morning. It was from "[email protected]" . The body of the email said this:

[ QUOTE ]
Dear user of e-mail server "Candlepowerforums.com",

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

Further details can be obtained from attached file.

Kind regards,
The Candlepowerforums.com team

[/ QUOTE ]

The attached file is named "Readme.pif".

Now here's the funny part... *I* am "[email protected]"!!! And I didn't send this email. Further... *I* am "The Candlepowerforums.com team" also. Obviously, I didn't open the attachment so I have no idea what it says. My anti-virus program didn't go off when this came in but I'm not real concerned about that. I don't open anything that is sent as an attachment anyway... not even stuff from my Mom.

I did check the return path for this and it is [email protected] . Anyone wanna check that out for me and see what you come up with? /ubbthreads/images/graemlins/wink.gif

Anyway... just thought I'd let you all know that if you get this email, I didn't send it.

I actually got the same spoof e-mail from my "school's computer-services admin."

Clever disguise.

Allen
aka DumboRAT

Sacha, it seems you received this worm : W32/Bagle.j@MM

Here a link to McAfee related virus :
W32/Bagle

I hope this information help you.

Modi is a dealer here in Germany, it seems as though his computer has been infected with a worm which is now spreading itself (the attachment!). I have never dealt with Modi, but I'm pretty sure he is not behind this.

I do know Modi in person and I doubt he is behind all this - a friendly character.

K-T, it's probably not his fault !!!

See the link that I provided on my first post here, and you'll understand why if he was infected, his mail box send automaticaly email to all on his address Book !!

I know that it might not be his fault, I'll send him a note to stop by. /ubbthreads/images/graemlins/wink.gif

Doh!
I almost never open attachments, but I fell for this one. It came addressed from my isp. The body of the letter was almost identical to Sasha's. Mine didn't come through Modi though. I knew I screwed up almost as soon as I'd done it. I was searching for what virus I'd gotten and decided to check the latest cpf threads. There was my answer, and my solution thanks to FrenchyLed's link.
You guys are the best! I apologize in advance if I sent you porno spam or anything in the thirty minutes or so before I detected the virus. /ubbthreads/images/graemlins/blush.gifGary

[ QUOTE ]
FrenchyLed said:
K-T, it's probably not his fault !!!

See the link that I provided on my first post here, and you'll understand why if he was infected, his mail box send automaticaly email to all on his address Book !!

[/ QUOTE ]

it IS his fault. This one spreads by opening attachments -- obviously he (or one of his emplyees) did. This does not make him a bad person, just a person who needs training wheels on his computer.

Get him a virus scanner, a firewall, and teach him to NOT OPEN ATTACHMENTS. /ubbthreads/images/graemlins/dedhorse.gif

Yes, Sasha. It's a virus that masquerades all the return paths and sender info. I got one the other day that appeared to be from Amazon.com. The attachments are almost always either a .pif or a .zip file although it's usually an .exe masquerading as a .zip.

I use Norton Anti-Virus and it's been 100% accurate and catching things.

It's a point of view Harrkev /ubbthreads/images/graemlins/confused.gif

But, actually how many people uses an internet connected PC and don't know about virus, worm, hacker ?
It's very easy to connect to Internet, but not so easy to know all the associated risks /ubbthreads/images/graemlins/thinking.gif
Internet and data processing in general is not any more taught as before, it is a tool and people use it without necessarily having of specific knowledge.

To whom the fault?

Since I'm a goat on this one, let me add one more thing in my defense. I do run a firewall and virus protection. This spoofing thing is still new to me. When it appeared my ISP was sending a virus alert it seemed legit. I don't think I would've opened the attachment if it had been addressed from CPF. It was still stupid of me to open it and I knew better. I plead "too early to be thinking straight" on that one. Now go easy on us idiots. /ubbthreads/images/graemlins/banghead.gif

[ QUOTE ]
FrenchyLed said:
...To whom the fault?

[/ QUOTE ]

the sob who makes these things /ubbthreads/images/graemlins/mad.gif

You are not an idiot Spudman ! /ubbthreads/images/graemlins/smile.gif

Moreover I am sure that most of the visitors of CPF are not there. /ubbthreads/images/graemlins/cool.gif
While making stupidities which we learn best!! /ubbthreads/images/graemlins/grinser2.gif /ubbthreads/images/graemlins/grin.gif

Something similar hit my mailbox twice yesterday...deleted it quickly.

I hate this kinda stuff /ubbthreads/images/graemlins/frown.gif

-Jason

OOOH! The Infamous Bagle Worm. Clever little pest, ain't it?? Not clever enough to fool everyone. I haven't gotten one of these. Yet. At least I don't think so. I would have remembered this sort of email and text.

They won't run on my computer anyways. Even so, I know better than to open such things.

I got three of these yesterday. The first one ("from" AT&T) I saved the attachment ("attach.zip"), ran AVG on it (clean, according to it), and looked at it with Explorer. Since it was an .exe file inside the .zip attachment, I did not try to run it.
Let's dig in the garbage can and see if I can dumpster-dive that message up...BRB...

Dear user, the management of Att.net mailing system wants to let you know that,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

For further details see the attach.

For security reasons attached file is password protected. The password is "65121".

The Management,
The Att.net team http://www.att.net

attachment: attach.zip

Sasha,

We got the exact same thing at work here today.

Luckily, ppl around here actually listen to me, and dont open goofy attachments like that here.

It was the same though, said that *WE* were spamming ppl, and that ppl were complainning.

----

Got one at home last week also. It was rather funny.

Email read:

"Your file is attached."

... no, I didnt open it. /ubbthreads/images/graemlins/wink.gif

It was from an AOL address, something like [email protected]

using: improper. should be 'use' or 'usage'.

in next: improper. 'the' should be between these two words

wishing: improper. should be 'wish'.

the attach: improper. should be 'attachment'.

Little clues like improper words, and/or syntax errors should make people suspicious. If the notice had been legitimate, the spelling and syntax would be correct, not to mention that there would be NO attachment.

In Sasha's case above, it should be a flare lit tipoff that the attachment is Malware of some sort.

Of course, this is not to be confused with using the incorrect word, aka bare instead of bear.

/me ducks and runs from Sasha.......

/ubbthreads/images/graemlins/eek.gif