cancel
Showing results for 
Search instead for 
Did you mean: 

Dodgy email reproduced below.....

xon
Grafter
Posts: 45
Registered: 31-07-2007

Dodgy email reproduced below.....

From:
Customer Support Robot <fcyg@bc.edu>
Sent: Thu Apr 26 19:55
To:
xxxx@xxxxxxxx.co.uk
Priority: Normal
Subject:
[-SPAM-] rojan Detected!
Type: Attachments

Envelope-to: xxxx@xxxxxxxx.co.uk
Delivery-date: Wed, 25 Apr 2007 15:58:21 +0000
Received: from c-71-225-211-238.hsd1.pa.comcast.net ([71.225.211.238])
by pih-sunmxcore12.plus.net with smtp (PlusNet MXCore v2.00) id 1Hgjso-00023X-KM
for xxxx@xxxxxxxx.co.uk; Wed, 25 Apr 2007 15:58:21 +0000
Received: from eyg ([32.153.189.157])
by c-71-225-211-238.hsd1.pa.comcast.net (8.13.5/8.13.5) with SMTP id l3QIw55H003917;
Thu, 26 Apr 2007 11:58:05 -0700
Message-ID: <4630F58C.2070304@bc.edu>
Date: Thu, 26 Apr 2007 11:55:08 -0700
From: Customer Support Robot <fcyg@bc.edu>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: xxxx@xxxxxxxx.co.uk
Subject:T[-SPAM-] rojan Detected!
Content-Type: multipart/mixed;
boundary="------------060207070300010500070606"
x-open-relay: 71.225.211.238 is in a black list at bl.spamcop.net
X-PN-Spam-Filtered: by PlusNet MXCore (v3.00)
X-ClamSpam: Found

Dear Customer,

Our robot has detected an abnormal activity from your IP address on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment.
We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked.
We archived the patch because the worm can modify unpacked exe files. You have to open archive file, enter password and run patch immediately.

Password: did86

Customer Support Robot

rar attachment


It is quite convincing I think and may well fool a lot of your clients especially because it somehow manages to get around the PN [-SPAM-] marker. Beware everyone.
6 REPLIES
Plusnet Help Team
Plusnet Help Team
Posts: 17,624
Thanks: 610
Fixes: 158
Registered: 05-04-2007

Dodgy email reproduced below.....

Looking at the email headers and body provided it appears that the [-SPAM-] tag is present.
This simply looks like another form of SPAM and should be disregarded. No matter how good SPAM protection is there is always the possibility that one or two emails can sneak through.
If this post resolved your issue please click the 'This fixed my problem' button
 Chris Parr
 Plusnet Help Team
xon
Grafter
Posts: 45
Registered: 31-07-2007

Dodgy email reproduced below.....

Hi

The [-SPAM-} marker although present in the body of the email header does not show up in webmail. That is to say that your clients will receive this email but with "No Subject" instead of [-SPAM-] or anything else in the subject area.

Tricky huh!
Community Veteran
Posts: 1,160
Thanks: 1
Registered: 01-08-2007

Dodgy email reproduced below.....

I had one of these from a different source. As we only have Macs here which aren't affected (or infected!) by Windows worms, with a hardware firewall and all fully stealthed, it was pretty obviously a hoax, so went straight into Trash.

Has anyone scanned the attachment to see if it's a Trojan?
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
xon
Grafter
Posts: 45
Registered: 31-07-2007

Dodgy email reproduced below.....

If you feel brave enough I will forward it to you and you could have a go at unpacking and scanning it. Personally I would not bother with it.

The file name is "bugfix-60363.rar" which sadly does not show any results when googled for!
Community Veteran
Posts: 1,160
Thanks: 1
Registered: 01-08-2007

Dodgy email reproduced below.....

The one I got is called patch-27786.rar. I've scanned it with Clam AV which declared it virus free, but didn't try opening it at all - or rather stopped trying to open it when it asked for the password. I don't think I want anyone else's to look at!
Plusnet user since November 2003
Currently on Unlimited Fibre Extra and Unlimited UK & Mobile Calls
N/A

Re: Dodgy email reproduced below.....

Quote
You have to open archive file, enter password and run patch immediately.


Something of a Russian twinge there...eastern European at any rate.