Interesting email thread with passworded zip file

Discussion in 'Computer Security' started by Leythos, Mar 3, 2004.

  1. Leythos

    Leythos Guest

    Tonight I was pulling email from the account I list in my sig (it's a
    disposable account) and got two email's telling me that my email account
    had been deactivated and that the details where in an attached Zip file.
    One thing to note, the account still works fine. Both Zip files were
    different names, but were sent from the same email server.

    I called RR and they know nothing about it, I warned them and sent the
    file to so they could be on the lookout for it too.

    Now, I'm not anywhere stupid enough to open a passworded Zip file, and
    not stupid enough to fall for this childish crap, but I thought I would
    post this out there in case anyone else gets something like this:

    Return-Path: <>
    Received: from mx3.biz.rr.com ([192.168.201.29]) by fep05.biz.rr.com
    (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with
    ESMTP
    id <>
    for <>; Tue, 2 Mar 2004 23:41:06 -0500
    Received: from Hours (hours.micro.uiuc.edu [128.174.97.18])
    by mx3.biz.rr.com (8.12.10/8.12.10) with SMTP id i234f5U4002896
    for <>; Tue, 2 Mar 2004 23:41:05 -0500 (EST)
    Date: Tue, 02 Mar 2004 22:42:21 -0600
    To:
    Subject: E-mail account security warning.
    From:
    Message-ID: <>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="--------xxlqmnigdawgslfadase"

    Dear user of Rrohio.com gateway e-mail server,

    Your e-mail account has been temporary disabled because of
    unauthorized access.

    Please, read the attach for further details.

    Attached file protected with the password for security reasons.
    Password is 01747.

    Kind regards,
    The Rrohio.com team
    http://www.rrohio.com


    --
    --

    (Remove 999 to reply to me)
    Leythos, Mar 3, 2004
    #1
    1. Advertising

  2. Leythos

    kulm_nd Guest

    My ISP has already posted warnings, a virus/trojan for sure.

    --

    ************************************************

    g-w


    "Leythos" <> wrote in message
    news:...
    > Tonight I was pulling email from the account I list in my sig (it's a
    > disposable account) and got two email's telling me that my email account
    > had been deactivated and that the details where in an attached Zip file.
    > One thing to note, the account still works fine. Both Zip files were
    > different names, but were sent from the same email server.
    >
    > I called RR and they know nothing about it, I warned them and sent the
    > file to so they could be on the lookout for it too.
    >
    > Now, I'm not anywhere stupid enough to open a passworded Zip file, and
    > not stupid enough to fall for this childish crap, but I thought I would
    > post this out there in case anyone else gets something like this:
    >
    > Return-Path: <>
    > Received: from mx3.biz.rr.com ([192.168.201.29]) by fep05.biz.rr.com
    > (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with
    > ESMTP
    > id <>
    > for <>; Tue, 2 Mar 2004 23:41:06 -0500
    > Received: from Hours (hours.micro.uiuc.edu [128.174.97.18])
    > by mx3.biz.rr.com (8.12.10/8.12.10) with SMTP id i234f5U4002896
    > for <>; Tue, 2 Mar 2004 23:41:05 -0500 (EST)
    > Date: Tue, 02 Mar 2004 22:42:21 -0600
    > To:
    > Subject: E-mail account security warning.
    > From:
    > Message-ID: <>
    > MIME-Version: 1.0
    > Content-Type: multipart/mixed;
    > boundary="--------xxlqmnigdawgslfadase"
    >
    > Dear user of Rrohio.com gateway e-mail server,
    >
    > Your e-mail account has been temporary disabled because of
    > unauthorized access.
    >
    > Please, read the attach for further details.
    >
    > Attached file protected with the password for security reasons.
    > Password is 01747.
    >
    > Kind regards,
    > The Rrohio.com team
    > http://www.rrohio.com
    >
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    kulm_nd, Mar 3, 2004
    #2
    1. Advertising

  3. While still snuggled in a 'spider hole', Leythos <> scribbled:

    >Tonight I was pulling email from the account I list in my sig (it's a
    >disposable account) and got two email's telling me that my email account
    >had been deactivated and that the details where in an attached Zip file.
    >One thing to note, the account still works fine. Both Zip files were
    >different names, but were sent from the same email server.


    Those zip files contain a virus. Just delete them.






    To reply by email, remove the XYZ.

    Lumber Cartel (tinlc) #2063. Spam this account at your own risk.

    This sig censored by the Office of Home and Land Insecurity....
    Never anonymous Bud, Mar 3, 2004
    #3
  4. Leythos wrote:

    >I called RR and they know nothing about it, I warned them and sent the
    >file to so they could be on the lookout for it too.


    You may want to give the University of Illinois a heads-up as well.
    I'm sure their IT staff would be interested to know that one of their
    computers is potentially spreading malware.
    Micheal Robert Zium, Mar 3, 2004
    #4
  5. Leythos

    Leythos Guest

    In article <>, mrozium@XSPAMX-
    yahoo.com says...
    > Leythos wrote:
    >
    > >I called RR and they know nothing about it, I warned them and sent the
    > >file to so they could be on the lookout for it too.

    >
    > You may want to give the University of Illinois a heads-up as well.
    > I'm sure their IT staff would be interested to know that one of their
    > computers is potentially spreading malware.


    I sent it to last night with full headers and the actual
    email's.

    --
    --

    (Remove 999 to reply to me)
    Leythos, Mar 3, 2004
    #5
  6. Leythos

    Jon Sturgeon Guest

    On Wed, 03 Mar 2004 05:02:12 GMT, Leythos <> wrote:

    >Tonight I was pulling email from the account I list in my sig (it's a
    >disposable account) and got two email's telling me that my email account
    >had been deactivated and that the details where in an attached Zip file.
    >One thing to note, the account still works fine. Both Zip files were
    >different names, but were sent from the same email server.


    Most likely W32/Bagle.j@MM - more info at:
    http://vil.nai.com/vil/content/v_101071.htm

    >I called RR and they know nothing about it,


    No surprise there then :)

    Jon
    Jon Sturgeon, Mar 3, 2004
    #6
  7. Leythos

    ShadowDragon Guest

    "Jon Sturgeon" <> wrote in message
    news:...
    > On Wed, 03 Mar 2004 05:02:12 GMT, Leythos <> wrote:
    >
    > Most likely W32/Bagle.j@MM - more info at:
    > http://vil.nai.com/vil/content/v_101071.htm


    Actually it's probably K. I got three of those myself today.
    ShadowDragon, Mar 4, 2004
    #7
  8. I've gotten tons of these, but it was quite obvious that it wasn't real. I
    own several domain names, and I kept getting "Dear user of <domain> gateway
    e-mail server" and messages signed as "The <domain> team"

    I'm sure a shitload of people are falling for or freaking out about it
    though.

    "Leythos" <> wrote in message
    news:...
    > Tonight I was pulling email from the account I list in my sig (it's a
    > disposable account) and got two email's telling me that my email account
    > had been deactivated and that the details where in an attached Zip file.
    > One thing to note, the account still works fine. Both Zip files were
    > different names, but were sent from the same email server.
    >
    > I called RR and they know nothing about it, I warned them and sent the
    > file to so they could be on the lookout for it too.
    >
    > Now, I'm not anywhere stupid enough to open a passworded Zip file, and
    > not stupid enough to fall for this childish crap, but I thought I would
    > post this out there in case anyone else gets something like this:
    >
    > Return-Path: <>
    > Received: from mx3.biz.rr.com ([192.168.201.29]) by fep05.biz.rr.com
    > (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with
    > ESMTP
    > id <>
    > for <>; Tue, 2 Mar 2004 23:41:06 -0500
    > Received: from Hours (hours.micro.uiuc.edu [128.174.97.18])
    > by mx3.biz.rr.com (8.12.10/8.12.10) with SMTP id i234f5U4002896
    > for <>; Tue, 2 Mar 2004 23:41:05 -0500 (EST)
    > Date: Tue, 02 Mar 2004 22:42:21 -0600
    > To:
    > Subject: E-mail account security warning.
    > From:
    > Message-ID: <>
    > MIME-Version: 1.0
    > Content-Type: multipart/mixed;
    > boundary="--------xxlqmnigdawgslfadase"
    >
    > Dear user of Rrohio.com gateway e-mail server,
    >
    > Your e-mail account has been temporary disabled because of
    > unauthorized access.
    >
    > Please, read the attach for further details.
    >
    > Attached file protected with the password for security reasons.
    > Password is 01747.
    >
    > Kind regards,
    > The Rrohio.com team
    > http://www.rrohio.com
    >
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
    Anthony Brant, Mar 5, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. catchmerevisited

    in response to an interesting thread

    catchmerevisited, Apr 26, 2004, in forum: Firefox
    Replies:
    2
    Views:
    455
    catchmerevisited
    May 8, 2004
  2. k*
    Replies:
    14
    Views:
    1,561
    Robert de Brus
    Jul 15, 2003
  3. Aspired

    force passworded logon in outlook XP

    Aspired, Aug 5, 2006, in forum: Software
    Replies:
    0
    Views:
    720
    Aspired
    Aug 5, 2006
  4. Replies:
    4
    Views:
    789
    Plato
    Jun 26, 2006
  5. smily
    Replies:
    0
    Views:
    1,263
    smily
    Jul 8, 2010
Loading...

Share This Page