Just received a copy of Beagle-K, and I must say this is some good stuff... heh.
This is the e-mail I received:
Sender was administration@moneytronics.com.Quote:
Dear user of Moneytronics.com,
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
Pay attention on attached file.
For security reasons attached file is password protected. The password is "10186".
Have a good day,
The Moneytronics.com team http://www.moneytronics.com
Note that I own moneytronics.com...
Here's the header info:
The message came with a zipped password-protected exe-file (puotj.exe).Quote:
Return-Path: <webmaster@rewardingtraffic.com>
Delivered-To: referral@moneytronics.com
Received: (qmail 18067 invoked from network); 3 Mar 2004 17:38:48 -0000
Received: from eros.be.priorweb.net (213.193.229.18)
by ns2.priorweb.be with QMQP; 3 Mar 2004 17:38:48 -0000
Received: from webmaster@rewardingtraffic.com by eros by uid 1004 with qmail-scanner-1.20rc3
(clamscan: 0.60. Clear:RC:0:.
Processed in 1.31934 secs); 03 Mar 2004 17:38:48 -0000
Received: from unknown (HELO amanda-kv6pe0ib) (69.132.158.213)
by 0 with SMTP; 3 Mar 2004 17:38:47 -0000
Date: Wed, 03 Mar 2004 12:39:02 -0500
To: referral@moneytronics.com
Subject: Warning about your e-mail account.
From: administration@moneytronics.com
Message-ID: <hrhvllovtkcrlwbjimp@moneytronics.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------dndyiwntjxjbucdcsbyc"
X-Qmail-Scanner-Message-ID: <107833552763825642@eros>
X-Antivirus: avast! (VPS 0402-9, 03/03/2004), Inbound message
X-Antivirus-Status: Clean
Note that Avast didn't pick it up (I have the latest March 3 database).
Here's the F-Secure info on Bagle/Beagle.K.