Warning - new trend of attempts to infect ISP users (possibly virus)

• Previous message (by thread): Warning - new trend of attempts to infect ISP users (possibly virus)
• Next message (by thread): Warning - new trend of attempts to infect ISP users (possibly virus)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<http://vil.nai.com/vil/content/v_101071.htm>

W32/Bagle.[hij]@MM



--On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net" 
<william at elan.net> wrote:

>
>
> I have just seen emails (several different kinds) pretending to be sent
> from 3 of my isp domains to users of those domains warning users that
> their email account would be disabled and asking to open a .pif
> attachment. I know largest ISPs probably have expierenced this but I
> believe what I  have seen today means they are after ISPs (or possibly
> just after any  domains with number of email addresses under them) of all
> sizes right at  the moment. All emails we received from the same source
> ip - 129.59.206.187 Please check your email base for what looks like the
> following
> (in the examples I changed everything to elan.net, actually every isp
> domain received different example of this, only first one is exact).
>
> Example 1:
> ---
> From: management at elan.net
> To: xxxxx at elan.net
> Subject: Email account utilization warning.
>
> Hello  user  of Elan.net e-mail server,
>
> Your e-mail account has  been temporary disabled  because  of unauthorized
> access.
>
> For further details see the  attach.
>
> Best wishes,
>    The Elan.net team                               http://www.elan.net
> ---
>
> Example 2:
> ---
> From: administration at elan.net
> To: xxxx at elan.net
> Subject: Warning about your e-mail account.
>
> Dear user of "Elan.net" mailing system,
>
> Our main mailing server  will be temporary  unavaible  for next two days,
> to  continue receiving mail in these  days you  have  to  configure  our
> free auto-forwarding service.
>
> Further details  can be  obtained  from attached  file.
>
> Cheers,
>    The Elan.net team                             http://www.elan.net
> ---
>
> Example3:
> ---
> To: xxxxx at elan.net
> Subject: Warning about your e-mail account.
> From: administration at elan.net
>
> Dear user, the management of Elan.net mailing system wants to let you
> know that,
>
> Some of our clients complained  about the spam (negative e-mail content)
> outgoing from your e-mail account. Probably, you have been  infected by
> a  proxy-relay trojan  server. In order to keep  your  computer safe,
> follow the instructions.
>
> Please, read  the attach for further details.
>
> The Management,
>      The  Elan.net team                             http://www.elan.net
>
>



-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler at lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040302/30f2a02d/attachment.sig>

• Previous message (by thread): Warning - new trend of attempts to infect ISP users (possibly virus)
• Next message (by thread): Warning - new trend of attempts to infect ISP users (possibly virus)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]