Re: Yet another way to obtain a virus. New virus disguised as PayPal e-mail

From: Gunilla (Gun_at_yahoo.com)
Date: 11/16/03 

Date: Sun, 16 Nov 2003 02:59:03 +0100

Hi David.

No, I didn't know that! Thank you for open my eyes. I guess I need to be
better in reading information. ;-))
I just mean that another "heads up" is not to despise.

However, I read that post from AZC but must admit that I didn't follow that
link. ;-(

Thanks.

Gunilla.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:u1AF5M%23qDHA.2820@TK2MSFTNGP10.phx.gbl...
> Ok did you know there are viruses that also pose as updates from Symantec
?
> Two examples...
>
> The Trojan; "W32/Sdbot.18976" -
http://vil.nai.com/vil/content/v_100727.htm
> The worm; "W32/Kickin@MM" - http://vil.nai.com/vil/content/v_100290.htm
>
> So again, there is nothing new about this kind of Human Engineering
technique.
>
> Then there was the previous post...
> "AVERT Virus Advisory: W32/Mimail.i@MM UPGRADE" posted by: Andrew Z
Carpenter
> posted at 0847hrs on Friday. While it doesn't state how the virus is
propagated, it has the
> link to the McAfee's library page on the infector. In know I received
that AVERT
> notification on Friday AM and applied the EXTRA.DAT to my network
immediately.
>
> I guess its the subject that got me and more or less my reply is based
upon that subject
> line.
> It is a new variant of a relatively new infector, but its techniques are
hardly new.
>
> Dave
>
>
>
>
> "Gunilla" <Gun@yahoo.com> wrote in message
news:OQBWVs9qDHA.2964@tk2msftngp13.phx.gbl...
> | Of course there is something new about this info LuckyStrike has
provided as
> | it usual is delivered as an email pretending to be from Microsoft or as
a
> | Mail Delivery Status Notification.
> |
> | It can be to gain for all to know that it can be delivered as an email
from
> | PayPal this time and not just from Microsoft. I didn't know that, it was
> | news to me and surely to many others. Sorry David if I misunderstand you
but
> | don't you agree that it can be good news to know this?
> |
> | Regards / Gunilla.
> |
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:%23XK97i5qDHA.2716@TK2MSFTNGP09.phx.gbl...
> | > LuckyStrike:
> | >
> | > There is nothing new about the virus except its name and how it goes
about
> | it infecting
> | > platforms.
> | >
> | > The W32/Mimail.i@MM is another is a series in Mass Mailing worms that
> | search your PC for
> | > email addresses and uses those addresses for propagation using a
built-in
> | SMTP engine.
> | > Nothing new there.
> | >
> | > The worm uses both a masquerade and Human Engineering to get you to
> | execute the attachment.
> | > Again nothing new.
> | >
> | > The only part that is new is how the Human Engineering aspect is
triggered
> | by invoking and
> | > using the name PayPal and the payload of stealing credit card info and
> | sending the encrypted
> | > information to hard coded email addresses
> | >
> | > Nothing about this latest infector is unexpected.
> | >
> | > Dave
> | >
> | >
> | >
> | >
> | > "LuckyStrike" <LS@smokedamagedfurniture.youcandriveitawaytoday.com>
wrote
> | in message
> | > news:utxYiw1qDHA.1948@TK2MSFTNGP12.phx.gbl...
> | > | This was brought to my attention in another NG. Seems that an email
> | message
> | > | can arrive from "Pay Pal" which is not as it seems.
> | > |
> | > | "A computer virus that camouflages itself as a message from PayPal
has
> | > | started spreading among home users, antivirus companies said on
Friday."
> | > |
> | > | http://zdnet.com.com/2100-1105_2-5107764.html
> | > | --
> | > |
> | > | LuckyStrike
> | > | LS@smokedamagedfurniture.youcandriveitawaytoday.com
> | > | --------------------------------------------------------------------
> | > |
> | > |
> | > |
> | >
> | >
> |
> |
> | ---
> | Outgoing mail is certified Virus Free.
> | Checked by AVG anti-virus system (http://www.grisoft.com).
> | Version: 6.0.541 / Virus Database: 335 - Release Date: 2003-11-15
> |
> |
>
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.541 / Virus Database: 335 - Release Date: 2003-11-15

Relevant Pages

  • Re: Started all over.
    ... If you want to post a link to the wav file, ... so I went back and looked at the html presentation the one guy made. ... >>> Outgoing mail is certified Virus Free. ...
    (microsoft.public.powerpoint)
  • RE: Why repost this? (was Re: [OT] Humour)
    ... >It is used reflexively for emphasis as in the dictionary definition "for ... >Yes, I understand that it is a reflexive pronoun, but it appears to ... >>Outgoing mail is certified Virus Free. ...
    (comp.os.vms)
  • Re: Cartes du Ciel
    ... "starlord" wrote in message ... > After someone replayed and told me what to look at, I opened it up and found> it had been fried, so returned it to trash bin. ... > Outgoing mail is certified Virus Free. ...
    (sci.astro.amateur)
  • Re: Started all over.
    ... Michael Koerner [MS PPT MVP] ... > Don Manning ... >>> Outgoing mail is certified Virus Free. ...
    (microsoft.public.powerpoint)
  • RE: dijkstra algorithm by object oriented
    ... But i don't know if i'm going in the rigth way. ... Incoming mail is certified Virus Free. ... Checked by AVG anti-virus system. ... Outgoing mail is certified Virus Free. ...
    (comp.lang.python)