Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
February
S M T W T F S
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#33418 - 03/04/04 07:52 AM Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
I'd just like to remind everyone (who has them)) not to pay any attention to the spoofed mail messages being recieved at their UGN Security mail addresses.

Some of these messages are including an attachment which is most definatley a virus in every shape and form; note that if I ever do send you a message, it sures hell won't contain one ...

The following are some examples of what people may be recieving:

Message containing Virus name: W32.Beagle.A@mm
Quote:
Dear user of e-mail server "Undergroundnews.com",

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Advanced details can be found in attached file.

Kind regards,
The Undergroundnews.com team http://www.undergroundnews.com
I'm not sure what is contained in test.zip but I'm sures hell not going to open it.
Quote:
Dear user of e-mail server "Undergroundnews.com",

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Please, read the attach for further details.

For security purposes the attached file is password protected. Password is "47206".

Cheers,
The Undergroundnews.com team http://www.undergroundnews.com
Ok, a few things if you recieve a message LIKE that from UGN Security.

1. I don't sign a message that way, comeon, it's UGN Security if anything.
2. If you spam from your account, you don't recieve a notice, it'll be deleted on the spot.
3. Who the hell opens a message that way?
4. "Some of our clients" clients? We have clients? since when?
5. Use common sense, if you see an attachment from a non existant email address, don't open the damn thing.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
Sponsored Links
#33419 - 03/04/04 08:42 AM Re: Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
Virus name: W32.Beagle.A@mm
Quote:
Dear user of Undergroundnews.com gateway e-mail server,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For further details see the attach.

Best wishes,
The Undergroundnews.com team http://www.undergroundnews.com
Virus name: W32.Beagle.A@mm
Quote:
Dear user of e-mail server "Undergroundnews.com",

Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free auto-forwarding service.

Further details can be obtained from attached file.

Have a good day,
The Undergroundnews.com team http://www.undergroundnews.com


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#33420 - 03/04/04 10:38 AM Re: Spoofed Mail Messages
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland
Okay, the jig is up. I will stop sending my trojan.... :~/


My New site OpenEyes
Top
#33421 - 03/04/04 12:19 PM Re: Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
... Funny thing is, why the fuck would I send myself a message saying that I violated my own rules... lol...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#33422 - 03/05/04 02:22 AM Re: Spoofed Mail Messages
Joined: Nov 2002
Posts: 1,146
Ice Offline
UGN News Staff
Ice Offline
UGN News Staff

Joined: Nov 2002
Posts: 1,146
Canada
i've been recieving message like that in the past= )

Rule 1 = Never open a Zip in a e-mail lol


Good artists copy, great artists
steal.

-Picasso
Top
#33423 - 03/05/04 05:47 AM Re: Spoofed Mail Messages
Joined: Sep 2002
Posts: 553
Digital Geek Offline
UGN Super Poster
Digital Geek Offline
UGN Super Poster

Joined: Sep 2002
Posts: 553
Cluj-Napoca, Romania
You could open it while you're in linux.

Top
#33424 - 03/05/04 06:26 AM Re: Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
Quote:
Originally posted by Ice:
i've been recieving message like that in the past= )

Rule 1 = Never open a Zip in a e-mail lol
Unless you trust the person who it's from and know that they deliberatly sent it...

Quote:
Originally posted by Digital Geek:
You could open it while you're in linux.
2 issues with that, my linux box burnt out, and it's an exe...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#33425 - 03/20/04 08:06 AM Re: Spoofed Mail Messages
Joined: Mar 2004
Posts: 1
RCG8 Offline
Junior Member
RCG8 Offline
Junior Member

Joined: Mar 2004
Posts: 1
California, USA
I was searching Google for information on "proxy-relay trojan server" and I found this thread.

I received one of these (with an attachment) from someone pretending to be from the management dept. at Yahoo.com. Here is what it read:

Quote:
Dear user of e-mail server "Yahoo.com",

Some of our clients complained about the spam (negative e-mail
content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

Pay attention on attached file.

Have a good day,
The Yahoo.com team
http://www.yahoo.com
I did not open the attachment, of course. I sent it onto Yahoo, but I thought that perhaps others would like to know about this.

Some people do not think, they merely react, when they see an attachment from a source they believe is trusted.

Anyway, that's all that I wanted to say.

Top
#33426 - 03/20/04 08:35 AM Re: Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
My one sugguestion, virus scan everything; validate headers and be sure it's meant to be sent from the source.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#33427 - 03/20/04 09:06 PM Re: Spoofed Mail Messages
Joined: Mar 2004
Posts: 419
Spyrios Offline
UGN Member
Spyrios Offline
UGN Member

Joined: Mar 2004
Posts: 419
VA
My wife just got the same form but it said it was from Cox. she called me in and said hey how do i open this thing even though NAV was flipping out,lol. we had a long discussion about security after that. i recommend everyone turn on email scanning, NAV just deletes it as it comes in to you inbox if it is a virus.


D, world destruction
Over and overture
N, do I need
Apostrophe T, need this torture?-They Might Be Giants
Top
#33428 - 08/03/04 10:23 AM Re: Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
A new one; supposidly coming from noreply[at]undergroundnews[dot]com;
Subject: RETURNED MAIL: DATA FORMAT ERROR or RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS
Quote:
Dear user of undergroundnews.com, administration of undergroundnews.com would
like to let you know that.

We have detected that your account was used to send a huge amount of spam
messages during this week.
Most likely your computer was infected and now runs a hidden proxy server.

Please follow our instruction in order to keep your computer safe.

Have a nice day,
The undergroundnews.com support team.
Note, that mail address doesn't work; and we don't have a "support team"...

Note that these emails are containing viruses; do not open them.

This users IP appears to be: 200.110.12.170 (pc.200.110.12.170.millicomperu.com.pe)


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#33429 - 11/10/04 11:27 PM Re: Spoofed Mail Messages
Joined: Oct 2004
Posts: 16
drkmercinary Offline
Junior Member
drkmercinary Offline
Junior Member

Joined: Oct 2004
Posts: 16
http://www.muhs.edu/
I was sent one but the security system on our network computers deleted the file
You can use a racer program to find who is sending the emails I don't know the URL but of you google it there are tons of sites

Top
#33430 - 11/11/04 06:43 AM Re: Spoofed Mail Messages
Joined: Feb 2002
Posts: 7,194
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,194
Portland, OR; USA
Not too hard to view the mail headers and report it to the ISP


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#33431 - 11/15/04 04:31 AM Re: Spoofed Mail Messages
Joined: Dec 2002
Posts: 3,255
§intå× Offline
§intå× Offline



Joined: Dec 2002
Posts: 3,255
Maryland


My New site OpenEyes
Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics43,855
Posts79,029
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 37,018
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 1 guest and 0 spiders.
Latest News