Spam / Malware... (DO NOT CLICK LINKS!!!)

Discussion in 'NZ Computing' started by ~misfit~, Aug 12, 2008.

  1. ~misfit~

    ~misfit~ Guest

    Haven't seen one of these in a while, especially one so obvious:

    [begin quote, including local SpamPal process]

    Return-path: <>
    Envelope-to:
    Delivery-date: Wed, 13 Aug 2008 06:45:51 +1200
    Received: from Debian-exim by mx9.orcon.net.nz with local (Exim 4.69)
    (envelope-from <>) id 1KSysQ-0003kS-Sj for
    ; Wed, 13 Aug 2008 06:45:50 +1200
    Received: from toroon12-1177861552.sdsl.bell.ca ([70.52.189.176]) by
    mx9.orcon.net.nz with esmtp (Exim 4.69) (envelope-from
    <>) id 1KSysQ-0003hk-8j for ; Wed, 13
    Aug 2008 06:45:50 +1200
    Message-ID: <03612.gamal@alvin>
    Date: Tue, 12 Aug 2008 16:57:56 +0000
    From: "greetingcard.org" <>
    User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
    MIME-Version: 1.0
    To: "dear friend" <>
    Content-Type: text/plain; charset=iso-8859-1
    Content-Transfer-Encoding: 7bit
    X-DSPAM-Check: by mx9.orcon.net.nz on Wed, 13 Aug 2008 06:45:50 +1200
    X-DSPAM-Result: Spam
    X-DSPAM-Processed: Wed Aug 13 06:45:50 2008
    X-DSPAM-Confidence: 0.4682
    X-DSPAM-Probability: 0.9884
    Subject: **SPAM** [SPAM] You've received a greeting eCard"
    X-Antivirus: AVG for E-mail 8.0.138 [270.6.1/1608]
    X-Bayesian-Result: Spam (100)
    X-Bayesian-Words: 1.0 99 2008 99 4.69 99 7bit 99 8.0.138 99 avg 99 before 99
    card 99 checked 99 choose 99 click 99 copy 99 database 99 days 99 dear 99
    X-HTMLM: [-30] confusing links (changed)
    X-HTMLM-Score: -30
    X-SpamPal: SPAM BAYESIAN_PLUGIN BODY
    X-Antivirus: AVG for E-mail 8.0.138 [270.6.1/1608]

    Good day.
    You have received an eCard

    To pick up your eCard, choose from any of the following options:
    Click on the following link (or copy & paste it into your web browser):

    http://freaky-minds.de/e-card.exe.txt

    Your card will be aviailable for pick-up beginning for the next 30 days.
    Please be sure to view your eCard before the days are up!

    We hope you enjoy you eCard.

    Thank You!

    http://www.greetingcard.org


    No virus found in this incoming message.
    Checked by AVG - http://www.avg.com
    Version: 8.0.138 / Virus Database: 270.6.1/1608 - Release Date: 8/12/2008
    4:59 PM

    [End quote]

    I was going to say that it's rather obvious, what with that big *.exe* in
    the URL. However, I see SpamPal says "confusing links (changed)" so perhaps
    the exe was obfuscated? I wonder how many of these they send out to get one
    fool to click it?

    Cheers,
    --
    Shaun.

    DISCLAIMER: If you find a posting or message from me
    offensive, inappropriate, or disruptive, please ignore it.
    If you don't know how to ignore a posting, complain to
    me and I will be only too happy to demonstrate... ;-)
     
    ~misfit~, Aug 12, 2008
    #1
    1. Advertising

  2. ~misfit~

    Cima Guest

    On Wed, 13 Aug 2008 11:04:21 +1200, thingy <> wrote:

    >~misfit~ wrote:
    >> Haven't seen one of these in a while, especially one so obvious

    >
    >8><----
    >
    >> http://www.greetingcard.org

    >
    >These seem to be making a comeback....though not all are "greetingcard"
    >its the same thing underneath...
    >


    Getting a load of fake CNN alerts in my Gmail junk:


    Safe Browsing
    Diagnostic page for westprint.ru/

    What is the current listing status for westprint.ru/?

    Site is listed as suspicious - visiting this web site may harm your
    computer.

    Part of this site was listed for suspicious activity 2 time(s) over the past
    90 days.

    What happened when Google visited this site?

    Of the 97 pages we tested on the site over the past 90 days, 5 page(s)
    resulted in malicious software being downloaded and installed without user
    consent. The last time Google visited this site was on 08/08/2008, and the last
    time suspicious content was found on this site was on 07/15/2008.

    Malicious software includes 8 scripting exploit(s), 8 trojan(s). Successful
    infection resulted in an average of 11 new processes on the target machine.

    Malicious software is hosted on 10 domain(s), including 1-2times.com,
    neiron2009.com, p0rn-movies.com.

    6 domain(s) appear to be functioning as intermediaries for distributing
    malware to visitors of this site, including dreamtds.info, p0rn-movies.com,
    ruoo.info.

    Has this site acted as an intermediary resulting in further distribution of
    malware?

    Over the past 90 days, westprint.ru/ did not appear to function as an
    intermediary for the infection of any sites.

    Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?

    In some cases, third parties can add malicious code to legitimate sites,
    which would cause us to show the warning message.
     
    Cima, Aug 13, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. skip

    click - double click

    skip, Nov 11, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    539
  2. Mark Cranness

    Single click in scroll bar does double click

    Mark Cranness, Nov 13, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    762
  3. C A Preston

    Spam-Spam and more Spam

    C A Preston, Apr 12, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    749
    Hywel
    Apr 12, 2004
  4. Andy Morrison

    click click click

    Andy Morrison, Dec 18, 2007, in forum: Computer Support
    Replies:
    7
    Views:
    1,013
    Plato
    Dec 20, 2007
  5. Clwddncr
    Replies:
    6
    Views:
    821
    Dave - Dave.net.nz
    Feb 7, 2005
Loading...

Share This Page