Good old 'card waiting' e-mail

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Haven't received a greeting card e-mail in quite some time.

Link took me to some html page that lead to:
hxxp://64.60.xxx.xxx/GreetingCardNr0410112528543.flash.exe

Submitted to Virus Total and the ones that reported malware are below:
=============
AntiVir          6.35.0.13      TR/Spy.Banker.fas
Avast           4.7.844.0     Win32:Hidewindows
DrWeb         4.33          Trojan.Flood.22016
Fortinet       2.77.0.0   W32/IrcScorp.A!tr.bdr
Ikarus         0.2.65.0    Backdoor.IRC.Zapchast
Kaspersky  4.0.2.24   not-a-virus:RiskTool.Win32.HideWindows
NOD32v2    1.1607     Win32/HideWindow
=============

IP originated to Telepacific Communication - they have been notified.


Re: Good old 'card waiting' e-mail


| Haven't received a greeting card e-mail in quite some time.
|
| Link took me to some html page that lead to:
| hxxp://64.60.xxx.xxx/GreetingCardNr0410112528543.flash.exe
|
| Submitted to Virus Total and the ones that reported malware are below:
| =============
| AntiVir       6.35.0.13      TR/Spy.Banker.fas
| Avast        4.7.844.0     Win32:Hidewindows
| DrWeb      4.33          Trojan.Flood.22016
| Fortinet       2.77.0.0   W32/IrcScorp.A!tr.bdr
| Ikarus         0.2.65.0    Backdoor.IRC.Zapchast
| Kaspersky  4.0.2.24   not-a-virus:RiskTool.Win32.HideWindows
| NOD32v2    1.1607     Win32/HideWindow
| =============
|
| IP originated to Telepacific Communication - they have been notified.

Based upon the limited detection shown on Virus Total, please send me the REAL
URL so I can
make sure all the AV companies recognize this infector.

Just remove ~nospam~ from my posted address.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Good old 'card waiting' e-mail

David H. Lipman wrote:
Quoted text here. Click to load it
Virus Total does send submitted files to the vendors, correct?

Anyway e-mail sent with the URL (still up at this time).

I zipped the file down and sent it to four different e-mail clients(you
can never have too many!) to see if their AV scanners for attachments
would catch it.   All failed.  One was Trend-Micro, another McAfee,
Norton and oops, I forget the other one D'OH.

Perusing one of the malware names it looks like it was just launched
within the last several days.


Re: Good old 'card waiting' e-mail



| Virus Total does send submitted files to the vendors, correct?
|
| Anyway e-mail sent with the URL (still up at this time).
|
| I zipped the file down and sent it to four different e-mail clients(you
| can never have too many!) to see if their AV scanners for attachments
| would catch it.   All failed.  One was Trend-Micro, another McAfee,
| Norton and oops, I forget the other one D'OH.
|
| Perusing one of the malware names it looks like it was just launched
| within the last several days.

Samples submitted to Virus Total are *only* provided to participating vendors
and they are
not supplied in a priority fashion.

There are many vendors from GEOT and Comodo to Ahnlab that are presently not
participating
with Virus Total.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Good old 'card waiting' e-mail

On that special day, Duh_OZ, (ozzy.kopec@gmail.com) said...

Quoted text here. Click to load it

This is, what *I* got as a reply


<bounce message>

This is the Postfix program at host xray-d.telepacific.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

            The Postfix program

said: 553
   sorry, your envelope sender is in my badmailfrom list (#5.7.1) (in
reply to
   RCPT TO command)
 
</bounce>

TOL is the largest ISP of Germany, and they block it, because of a
"badmailfrom list". Are they nuts?


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Site Timeline