Warning - new trend of attempts to infect ISP users (possibly virus)
Joel Jaeggli
joelja at darkwing.uoregon.edu
Wed Mar 3 11:18:51 UTC 2004
On Wed, 3 Mar 2004, Stephen J. Wilcox wrote:
>
> Erm is it me or are the writers of Bagle and Netsky determined to keep morphing
> their code to outwit the virus scanners.. is this a new trend in virus writing -
> beat the systems by evolving your code quicker than the security firms can
> release updates?
new trend in that it started only a decade ago?
> Steve
>
> On Tue, 2 Mar 2004, Larry Rosenman wrote:
>
> > <http://vil.nai.com/vil/content/v_101071.htm>
> >
> > W32/Bagle.[hij]@MM
> >
> >
> >
> > --On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net"
> > <william at elan.net> wrote:
> >
> > >
> > >
> > > I have just seen emails (several different kinds) pretending to be sent
> > > from 3 of my isp domains to users of those domains warning users that
> > > their email account would be disabled and asking to open a .pif
> > > attachment. I know largest ISPs probably have expierenced this but I
> > > believe what I have seen today means they are after ISPs (or possibly
> > > just after any domains with number of email addresses under them) of all
> > > sizes right at the moment. All emails we received from the same source
> > > ip - 129.59.206.187 Please check your email base for what looks like the
> > > following
> > > (in the examples I changed everything to elan.net, actually every isp
> > > domain received different example of this, only first one is exact).
> > >
> > > Example 1:
> > > ---
> > > From: management at elan.net
> > > To: xxxxx at elan.net
> > > Subject: Email account utilization warning.
> > >
> > > Hello user of Elan.net e-mail server,
> > >
> > > Your e-mail account has been temporary disabled because of unauthorized
> > > access.
> > >
> > > For further details see the attach.
> > >
> > > Best wishes,
> > > The Elan.net team http://www.elan.net
> > > ---
> > >
> > > Example 2:
> > > ---
> > > From: administration at elan.net
> > > To: xxxx at elan.net
> > > Subject: Warning about your e-mail account.
> > >
> > > Dear user of "Elan.net" mailing system,
> > >
> > > Our main mailing server will be temporary unavaible for next two days,
> > > to continue receiving mail in these days you have to configure our
> > > free auto-forwarding service.
> > >
> > > Further details can be obtained from attached file.
> > >
> > > Cheers,
> > > The Elan.net team http://www.elan.net
> > > ---
> > >
> > > Example3:
> > > ---
> > > To: xxxxx at elan.net
> > > Subject: Warning about your e-mail account.
> > > From: administration at elan.net
> > >
> > > Dear user, the management of Elan.net mailing system wants to let you
> > > know that,
> > >
> > > Some of our clients complained about the spam (negative e-mail content)
> > > outgoing from your e-mail account. Probably, you have been infected by
> > > a proxy-relay trojan server. In order to keep your computer safe,
> > > follow the instructions.
> > >
> > > Please, read the attach for further details.
> > >
> > > The Management,
> > > The Elan.net team http://www.elan.net
> > >
> > >
> >
> >
> >
> >
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the NANOG
mailing list