Warning - pump and dumpers sending out trojan pointers

Discussion in 'Computer Support' started by Tester, Aug 19, 2007.

  1. Tester

    Tester Guest

    I'm getting greeting card-type spam (pointing to trojans) from the
    same IP's where I get wonderful advice about Chinese penny stocks as
    PDF attachments with the two spams being sent a few minutes apart.

    I assume the machines associated with the IP's that send the spam and
    those that host the trojans are infected. (running remote control
    servers unbeknownst to their owner.

    The victim is told about some "hot" pictures and invited to go to
    http://255.254.253.252/ (fake IP given here) which redirects through
    javascript/IE/Firefox exploits to
    http://255.254.253.252/msdataaccess.exe which is trojan.packed.13.

    I assume the pump and dump criminals don't have enough machines in
    their botnet and needs yours.

    By the way, I was told by abuse at state.or.us, after I received some
    pillz spam through their IP space that THEY had had problems with
    "greeting card"/"trojan pointer" spam.
    Tester, Aug 19, 2007
    #1
    1. Advertising

  2. Tester

    Meat Plow Guest

    On Sun, 19 Aug 2007 17:57:58 +0000, Tester wrote:

    > I'm getting greeting card-type spam (pointing to trojans) from the
    > same IP's where I get wonderful advice about Chinese penny stocks as
    > PDF attachments with the two spams being sent a few minutes apart.
    >
    > I assume the machines associated with the IP's that send the spam and
    > those that host the trojans are infected. (running remote control
    > servers unbeknownst to their owner.
    >
    > The victim is told about some "hot" pictures and invited to go to
    > http://255.254.253.252/ (fake IP given here) which redirects through
    > javascript/IE/Firefox exploits to
    > http://255.254.253.252/msdataaccess.exe which is trojan.packed.13.
    >
    > I assume the pump and dump criminals don't have enough machines in
    > their botnet and needs yours.
    >
    > By the way, I was told by abuse at state.or.us, after I received some
    > pillz spam through their IP space that THEY had had problems with
    > "greeting card"/"trojan pointer" spam.


    I've been getting these for weeks, maybe months. Worked on a laptop that
    was infected with this shit. Had a whole slew of connections established
    when I did a netstat -an in a dos box.
    Meat Plow, Aug 19, 2007
    #2
    1. Advertising

  3. Tester

    WhzzKdd Guest

    "Meat Plow" <> wrote in message
    news:...
    > On Sun, 19 Aug 2007 17:57:58 +0000, Tester wrote:
    >
    >> I'm getting greeting card-type spam (pointing to trojans) from the
    >> same IP's where I get wonderful advice about Chinese penny stocks as
    >> PDF attachments with the two spams being sent a few minutes apart.
    >>

    <snip>
    >
    > I've been getting these for weeks, maybe months.
    >

    yeah - I wonder what planet Tester has been on...
    WhzzKdd, Aug 19, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand
    Replies:
    0
    Views:
    794
    Silverstrand
    Aug 26, 2005
  2. Consultant

    OT for the dumpers

    Consultant, Nov 30, 2004, in forum: MCSE
    Replies:
    4
    Views:
    417
    =?Windows-1252?Q?Frisbee=AE?=
    Dec 1, 2004
  3. David Dawe

    99 Ranger fuel pump location???

    David Dawe, Jul 19, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    641
    David Dawe
    Jul 24, 2003
  4. fredcromer

    Toolbar 'pointers' are 5's and 6's and 8's???

    fredcromer, Apr 21, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    438
    ┬░Mike┬░
    Apr 21, 2004
  5. HD DVD Is Here, I Am Pump

    , Jan 5, 2006, in forum: DVD Video
    Replies:
    2
    Views:
    502
    Phil R.
    Jan 5, 2006
Loading...

Share This Page