-
March 3rd, 2004, 07:17 PM
#1
Beagle-K...
Just received a copy of Beagle-K, and I must say this is some good stuff... heh.
This is the e-mail I received:
Dear user of Moneytronics.com,
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
Pay attention on attached file.
For security reasons attached file is password protected. The password is "10186".
Have a good day,
The Moneytronics.com team http://www.moneytronics.com
Sender was administration@moneytronics.com.
Note that I own moneytronics.com...
Here's the header info:
Return-Path: <webmaster@rewardingtraffic.com>
Delivered-To: referral@moneytronics.com
Received: (qmail 18067 invoked from network); 3 Mar 2004 17:38:48 -0000
Received: from eros.be.priorweb.net (213.193.229.18)
by ns2.priorweb.be with QMQP; 3 Mar 2004 17:38:48 -0000
Received: from webmaster@rewardingtraffic.com by eros by uid 1004 with qmail-scanner-1.20rc3
(clamscan: 0.60. Clear:RC:0:.
Processed in 1.31934 secs); 03 Mar 2004 17:38:48 -0000
Received: from unknown (HELO amanda-kv6pe0ib) (69.132.158.213)
by 0 with SMTP; 3 Mar 2004 17:38:47 -0000
Date: Wed, 03 Mar 2004 12:39:02 -0500
To: referral@moneytronics.com
Subject: Warning about your e-mail account.
From: administration@moneytronics.com
Message-ID: <hrhvllovtkcrlwbjimp@moneytronics.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------dndyiwntjxjbucdcsbyc"
X-Qmail-Scanner-Message-ID: <107833552763825642@eros>
X-Antivirus: avast! (VPS 0402-9, 03/03/2004), Inbound message
X-Antivirus-Status: Clean
The message came with a zipped password-protected exe-file (puotj.exe).
Note that Avast didn't pick it up (I have the latest March 3 database).
Here's the F-Secure info on Bagle/Beagle.K.
-
March 3rd, 2004, 08:38 PM
#2
Geeezzz...... when are we going to get a break, my gateway server is just getting hammered right now.
Cheers:
-
March 3rd, 2004, 09:14 PM
#3
Seems like a new variant or virus every few hours. I read somewhere that FSecure thinks that the virus writer is watching the AV company's web sites. When they publish a def he/she looks to see what they are keying on, alters the virus and rereleases it. Risky business if you ask me but it seems to be working. Like you DjM my servers are getting hammered with viruses too.... We got a netsky.c in before the def was avaialable that one "moron" clicked on.
Negative: we got a few of the j variant telling our users, (including my CEO), that I was cutting off their email..... Shoulda heard the whining, (especially the CEO...<LOL>, even though the attachment was "securitynotice.txt" telling them that the virus had been removed. I only emailed them all a week ago telling them how to check the attachment for a txt extension by doing a "save-as" so they could see the entire name of the attachment.....<sigh>
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
March 3rd, 2004, 09:26 PM
#4
Don't know if its been said or not, but your AV didn't catch it because it couldn't scan it.
The files are coming through in a password protected encrypted attachment.
The AV scanners simply can't open them.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
March 3rd, 2004, 09:29 PM
#5
Originally posted here by phishphreek80
Don't know if its been said or not, but your AV didn't catch it because it couldn't scan it.
The files are coming through in a password protected encrypted attachment.
The AV scanners simply can't open them.
Not the case here phish, I have my gateway configured so that if the attachment is a password protected encrypted file, it gets stripped off....no questions asked
Cheers:
-
March 3rd, 2004, 09:40 PM
#6
Junior Member
Bagle VS NetSky
Quoting a Sans Ezine:
"[Editor's Note (Tan): Bagle and NetSky are fighting with each other. In
NetSky.F, researchers found the following text: "Skynet AntiVirus -
Bagle - you are a looser!!!!" This NetSky worm variant tries to remove
Bagle worm infection if it finds it on an infected computer. And in
Bagle.K, a message is embedded saying, "Hey, NetSky, ***** off you
b*tch!"] "
Is it China VS Europe or what?
-
March 3rd, 2004, 10:06 PM
#7
Re: Bagle VS NetSky
Originally posted here by cbss
Is it China VS Europe or what? [/B]
Nope spammers vs virus writer who doesn't like spammers. Strange days indeed i guess we cheer for the lesser of two evils?
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
-
March 3rd, 2004, 10:14 PM
#8
Damn, I was just about to come back and say they must be having a virus war or stand off or something. I don't ever recall this many varients in so little time. Its getting freaking crazy!
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
March 3rd, 2004, 10:22 PM
#9
Originally posted here by phishphreek80
Damn, I was just about to come back and say they must be having a virus war or stand off or something. I don't ever recall this many varients in so little time. Its getting freaking crazy!
Mydoom just came out with a new one. W32.Mydoom.H@mm.
These guys/gals get into a pissing contest and we are the ones that suffer.
Cheers:
-
March 3rd, 2004, 11:06 PM
#10
Member
I just recieved this e-mail below. It was "supposedly" but it`s wasn`t sent from my ISP. The x`s are the names of my isp. attactched with a zip file. Clever.......
There is an e-mail circulating that comes from "support@xxxxxxxsystem.com" or "staff@xxxxxxxxsystem.com" with an attachment that contains a ZIP file. THIS IS A VIRUS! DO NOT open the attachment (usually attach.zip).
The body of the e-mail reads:
Dear user, the management of xxxxxxxsystem.com mailing system wants to let you know that,
Our antivirus software has detected a large amount of viruses outgoing from your e-mail account, you may use our free anti-virus tool to clean up your computer software.
Pay attention on attached file.
Attached file protected with the password for security reasons. Password is 23152.
Cheers,
The xxxxxxxxxx.com team.
Please notice the bad grammar and spacing issues in the body of the message;a good clue that this is a phony. This email did NOT come from our company, and the sender addresses do not exist. The addresses were "spoofed" (created and placed in there by the virus). All email address to "@xxxxxxxxx.com" or "@xxxxxxxxxxx.com" are scanned for viruses; this virus most likely came into our network from a foreign email address domain name and then propagated itself within the network.
As always, if you have questions, please call our Help Desk at xxx-xxx-xxxx. We are open from 6 am until 1am, 7 days a week.
xxxxxxx internet support
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|