[meteorite-list] Clues about the latest virus
From: Mark Miconi <mam602_at_meteoritecentral.com>
Date: Thu Apr 22 09:47:14 2004 Message-ID: <050601c176fe$b7fd8320$04f20541_at_fwlr1.az.home.com> This is a multi-part message in MIME format. ------=_NextPart_000_0503_01C176C4.0B4ABEC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Here are some of the detail of the Virus that is spreading fast and can = NOT be stopped by the usual methods but is VERY EASY TO INDENTIFY. I am send this to others off the Meteorite list and apologize to the = list for sending this off topic message....HOWEVER THIS IS NOT THE RUN OF THE MILL VIRUS. We sell on Ebay and receive about 100 emails a day, our client base is = being infected at an alarming rate. IT IS MUTATING and now carries invalid = addresses as camoflage. I know this as I have been in contact with email admins around the country. AGAIN MY APOLOGIES TO THE LIST, BUT ANTI-VIRUS SOFTWARE AND A FIREWALL = WILL NOT STOP IT! The virus that I spoke of is spreading very fast. You will recognize it = when you highlight a message in your inbox and it immediately tries to open a file. Your Email should ask before opening any type of file without an extension...if not you are f**ked. As soon as you highlight the infected email it will open the popup = window and ask whether to open or save to disk. The file it will show has been pretty consistant and is EA4DMGP9p no extension is given. It has = mutated and now carries an attachment with it. The last 2 have carried = ATTO1137.txt and ATTO1156.txt with a size of ZERO bytes. IT IS ALSO CARRYING OLD EMAIL ADDRESSES THAT NO LONGER EXIST AS WHO TO = REPLY TO. This thing is spreading like a wild fire. IF you get an email that when = you highlight it it immediately asks to try to save it or open it....cancel = the box and delete the file. Anyone in my immediate family and friends with questions please feel = free to call me....Scott you may get this warning twice and I apologize. Anyone on the list call contact me off the list and I will tell you what = I know. PLEASE WARN EVERYONE YOU KNOW! Bright Blessings to all, Mark ----- Original Message -----=20 From: John Gwilliam=20 To: meteorite-list_at_meteoritecentral.com=20 Cc: dandre10_at_cybertrails.com=20 Sent: Monday, November 26, 2001 4:37 PM Subject: [meteorite-list] Clues about the latest virus Hello List Members, I know there is a policy on the list about NOT talking about viruses, = but the latest one is a sneaky little devil that doesn't have to be an = attached file to infect your computer. Maybe we can get some better information from our friendly computer = wizard in Holbrook, Dave Andrews. Dave? I got a copy of it today and here is how my anti virus program = identified it. "C:\ Eudora Pro\EMBEDDED\news_doc.Doc.scr ...........is infested with = the Badtrans.B_at_mm virus". =20 This bugger is embedded in the document. You don't have to open = anything to get the virus. It is coming from two sources: Email from Nick Trikilis - nickt_at_ohio.net There is no message in = the subject line. And, there is no attachment...because the virus is = embedded. see the ohio.net? Read on. The other source is an email from Rick Nowak - = internationalmeteoritesociety_at_yahoo.com His email says "check out my website at" = www.***ohio.net***/nickt/ims (i have added the asterisks so as to not = create a viable URL link).=20 See the "nickt" in the address string? My guess is it is Nick = Trikilis. And both involve"ohio.net" Update your anti-virus protection and DON'T visit the web site = mentioned. Best Regards, John Gwilliam John Gwilliam Meteorites PO Box 26854 Tempe AZ 85285 http://www.meteoriteimpact.com=20 ------=_NextPart_000_0503_01C176C4.0B4ABEC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Here are some of the detail of the = Virus that is=20 spreading fast and can NOT<BR>be stopped by the usual methods but is = VERY EASY=20 TO INDENTIFY.<BR><BR>I am send this to others off the Meteorite list and = apologize to the list<BR>for sending this off topic message....HOWEVER = THIS IS=20 NOT THE RUN OF THE<BR>MILL VIRUS.<BR><BR>We sell on Ebay and receive = about 100=20 emails a day, our client base is being<BR>infected at an alarming rate. = IT IS=20 MUTATING and now carries invalid email<BR>addresses as camoflage. I know = this as=20 I have been in contact with email<BR>admins around the = country.<BR><BR>AGAIN MY=20 APOLOGIES TO THE LIST, BUT ANTI-VIRUS SOFTWARE AND A FIREWALL = WILL<BR>NOT STOP=20 IT!<BR><BR>The virus that I spoke of is spreading very fast. You will = recognize=20 it when<BR>you highlight a message in your inbox and it immediately = tries to=20 open a<BR>file. Your Email should ask before opening any type of file = without=20 an<BR>extension...if not you are f**ked.<BR><BR>As soon as you highlight = the=20 infected email it will open the popup window<BR>and ask whether to open = or save=20 to disk. The file it will show has been<BR>pretty consistant and is=20 EA4DMGP9p no extension is given. It has mutated<BR>and now carries = an=20 attachment with it. The last 2 have carried ATTO1137.txt<BR>and = ATTO1156.txt=20 with a size of ZERO bytes.<BR><BR>IT IS ALSO CARRYING OLD EMAIL = ADDRESSES THAT=20 NO LONGER EXIST AS WHO TO REPLY<BR>TO.<BR><BR>This thing is spreading = like a=20 wild fire. IF you get an email that when you<BR>highlight it it = immediately asks=20 to try to save it or open it....cancel the<BR>box and delete the=20 file.<BR><BR>Anyone in my immediate family and friends with questions = please=20 feel free to<BR>call me....Scott you may get this warning twice and I=20 apologize.<BR><BR>Anyone on the list call contact me off the list and I = will=20 tell you what I<BR>know.<BR><BR>PLEASE WARN EVERYONE YOU = KNOW!<BR><BR>Bright=20 Blessings to all,<BR><BR>Mark<BR></FONT></DIV> <BLOCKQUOTE=20 style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: = 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A href=3D"mailto:jkgdiver_at_primenet.com" = title=3Djkgdiver_at_primenet.com>John=20 Gwilliam</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20 href=3D"mailto:meteorite-list_at_meteoritecentral.com"=20 = title=3Dmeteorite-list_at_meteoritecentral.com>meteorite-list@meteoritecentr= al.com</A>=20 </DIV> <DIV style=3D"FONT: 10pt arial"><B>Cc:</B> <A=20 href=3D"mailto:dandre10_at_cybertrails.com"=20 title=3Ddandre10_at_cybertrails.com>dandre10@cybertrails.com</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Monday, November 26, 2001 = 4:37=20 PM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [meteorite-list] Clues = about the=20 latest virus</DIV> <DIV><BR></DIV>Hello List Members,<BR>I know there is a policy on the = list=20 about NOT talking about viruses, but the latest one is a sneaky little = devil=20 that doesn't have to be an attached file to infect your = computer.<BR><BR>Maybe=20 we can get some better information from our friendly computer wizard = in=20 Holbrook, Dave Andrews. Dave?<BR><BR>I got a copy of it today = and here=20 is how my anti virus program identified it.<BR><BR>"C:\ Eudora=20 Pro\EMBEDDED\news_doc.Doc.scr ...........is infested with the = Badtrans.B_at_mm=20 virus". <BR><BR>This bugger is embedded in the document. You = don't have=20 to open anything to get the virus.<BR><BR>It is coming from two=20 sources:<BR><BR>Email from Nick Trikilis - = nickt_at_ohio.net =20 There is no message in the subject line. And, there is no=20 attachment...because the virus is embedded.<BR><BR>see the = ohio.net? =20 Read on.<BR><BR>The other source is an email from Rick Nowak -=20 internationalmeteoritesociety_at_yahoo.com<BR><BR>His email says "check = out my=20 website at" <A = href=3D"http://www.***ohio.net***/nickt/ims"=20 eudora=3D"autourl">www.</A>***ohio.net***/nickt/<A=20 href=3D"http://www.***ohio.net***/nickt/ims" = eudora=3D"autourl">ims</A> (i=20 have added the asterisks so as to not create a viable URL link).=20 <BR><BR> See the "nickt" in the address string? My guess is = it is=20 Nick Trikilis.<BR><BR>And both involve"ohio.net"<BR><BR>Update your = anti-virus=20 protection and <B><U>DON'T </U>visit the web site=20 mentioned</B>.<BR><BR>Best Regards,<BR><BR>John = Gwilliam<BR><BR><BR><BR><BR> <DIV>John Gwilliam Meteorites</DIV> <DIV>PO Box 26854</DIV> <DIV>Tempe AZ 85285</DIV><A = href=3D"http://www.meteoriteimpact.com/"=20 EUDORA=3D"AUTOURL">http://www.meteoriteimpact.com</A> = </BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0503_01C176C4.0B4ABEC0-- Received on Mon 26 Nov 2001 11:48:11 PM PST |
 StumbleUpon del.icio.us reddit Yahoo MyWeb
|