UGN Security
Posted By: Gremelin Spoofed Mail Messages - 03/04/04 07:52 AM
I'd just like to remind everyone (who has them)) not to pay any attention to the spoofed mail messages being recieved at their UGN Security mail addresses.

Some of these messages are including an attachment which is most definatley a virus in every shape and form; note that if I ever do send you a message, it sures hell won't contain one wink ...

The following are some examples of what people may be recieving:

Message containing Virus name: W32.Beagle.A@mm
Quote:
Dear user of e-mail server "Undergroundnews.com",

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Advanced details can be found in attached file.

Kind regards,
The Undergroundnews.com team http://www.undergroundnews.com
I'm not sure what is contained in test.zip but I'm sures hell not going to open it.
Quote:
Dear user of e-mail server "Undergroundnews.com",

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Please, read the attach for further details.

For security purposes the attached file is password protected. Password is "47206".

Cheers,
The Undergroundnews.com team http://www.undergroundnews.com
Ok, a few things if you recieve a message LIKE that from UGN.

1. I don't sign a message that way, comeon, it's UGN Security if anything.
2. If you spam from your account, you don't recieve a notice, it'll be deleted on the spot.
3. Who the hell opens a message that way?
4. "Some of our clients" clients? We have clients? since when?
5. Use common sense, if you see an attachment from a non existant email address, don't open the damn thing.
Posted By: Gremelin Re: Spoofed Mail Messages - 03/04/04 08:42 AM
Virus name: W32.Beagle.A@mm
Quote:
Dear user of Undergroundnews.com gateway e-mail server,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For further details see the attach.

Best wishes,
The Undergroundnews.com team http://www.undergroundnews.com
Virus name: W32.Beagle.A@mm
Quote:
Dear user of e-mail server "Undergroundnews.com",

Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free auto-forwarding service.

Further details can be obtained from attached file.

Have a good day,
The Undergroundnews.com team http://www.undergroundnews.com
Posted By: §intå× Re: Spoofed Mail Messages - 03/04/04 10:38 AM
Okay, the jig is up. I will stop sending my trojan.... :~/
Posted By: Gremelin Re: Spoofed Mail Messages - 03/04/04 12:19 PM
wink ... Funny thing is, why the [censored] would I send myself a message saying that I violated my own rules... lol...
Posted By: Ice Re: Spoofed Mail Messages - 03/05/04 02:22 AM
i've been recieving message like that in the past= )

Rule 1 = Never open a Zip in a e-mail lol
Posted By: Digital Geek Re: Spoofed Mail Messages - 03/05/04 05:47 AM
You could open it while you're in linux. smile
Posted By: Gremelin Re: Spoofed Mail Messages - 03/05/04 06:26 AM
Quote:
Originally posted by Ice:
i've been recieving message like that in the past= )

Rule 1 = Never open a Zip in a e-mail lol
Unless you trust the person who it's from and know that they deliberatly sent it...

Quote:
Originally posted by Digital Geek:
You could open it while you're in linux. smile
2 issues with that, my linux box burnt out, and it's an exe...
Posted By: RCG8 Re: Spoofed Mail Messages - 03/20/04 08:06 AM
I was searching Google for information on "proxy-relay trojan server" and I found this thread.

I received one of these (with an attachment) from someone pretending to be from the management dept. at Yahoo.com. Here is what it read:

Quote:
Dear user of e-mail server "Yahoo.com",

Some of our clients complained about the spam (negative e-mail
content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

Pay attention on attached file.

Have a good day,
The Yahoo.com team
http://www.yahoo.com
I did not open the attachment, of course. I sent it onto Yahoo, but I thought that perhaps others would like to know about this.

Some people do not think, they merely react, when they see an attachment from a source they believe is trusted.

Anyway, that's all that I wanted to say.
Posted By: Gremelin Re: Spoofed Mail Messages - 03/20/04 08:35 AM
My one sugguestion, virus scan everything; validate headers and be sure it's meant to be sent from the source.
Posted By: Spyrios Re: Spoofed Mail Messages - 03/20/04 09:06 PM
My wife just got the same form but it said it was from Cox. she called me in and said hey how do i open this thing even though NAV was flipping out,lol. we had a long discussion about security after that. i recommend everyone turn on email scanning, NAV just deletes it as it comes in to you inbox if it is a virus.
Posted By: Gremelin Re: Spoofed Mail Messages - 08/03/04 10:23 AM
A new one; supposidly coming from noreply[at]undergroundnews[dot]com;
Subject: RETURNED MAIL: DATA FORMAT ERROR or RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS
Quote:
Dear user of undergroundnews.com, administration of undergroundnews.com would
like to let you know that.

We have detected that your account was used to send a huge amount of spam
messages during this week.
Most likely your computer was infected and now runs a hidden proxy server.

Please follow our instruction in order to keep your computer safe.

Have a nice day,
The undergroundnews.com support team.
Note, that mail address doesn't work; and we don't have a "support team"...

Note that these emails are containing viruses; do not open them.

This users IP appears to be: 200.110.12.170 (pc.200.110.12.170.millicomperu.com.pe)
Posted By: drkmercinary Re: Spoofed Mail Messages - 11/10/04 11:27 PM
I was sent one but the security system on our network computers deleted the file
You can use a racer program to find who is sending the emails I don't know the URL but of you google it there are tons of sites
Posted By: Gremelin Re: Spoofed Mail Messages - 11/11/04 06:43 AM
Not too hard to view the mail headers and report it to the ISP wink
Posted By: §intå× Re: Spoofed Mail Messages - 11/15/04 04:31 AM
http://translate.google.com/translate?hl=en&sl=es&u=h...6hl%3Den%26lr%3D%26sa%3D G

Forigen pukes
© UGN Security Forum