John's Blog
Proof that anyone can do it RSS 2.0
 Tuesday, July 20, 2004
Virus writers are getting tricky...

Like many owners of private domain names, all email sent to any addresses at bowenweb.com are eventually forwarded to my email account (except those that fall victim to spam filters and filtering rules).  I was a little surprised to see the following text in a message this afternoon, though: 

Dear user of Bowenweb.com e-mail server gateway,

Your e-mail account has been temporary disabled because of unauthorized access.

Further details can be obtained from attached file.

For security purposes the attached file is password protected. Password is "10571".

Sincerely,

The Bowenweb.com team http://www.bowenweb.com

Of course, the attached .zip file has the Bagle.gen worm in it as you might expect.  I can just imagine plenty of people falling for this one, though. 

By the way, this was sent to a valid email address, so I have to guess the address was harvested from the Internet...probably the Rainbow forums. 

[edit]

8-18-2004, Another variation of the email-virus trick. 

I got an email that appeared to be from an acquaintance of mine (I recognized the sender's address).  It was a very brief message, complaining about sending messages using plain text, and giving quick instructions on how to open the attached .zip file.  Of course, the .zip file contains a virus. 

On further inspection, the email isn't from anyone I know at all...the sender's address is spoofed.  Since we both share a common interest (and, thus, our addresses can be found in the same place), these guys must have harvested both our addresses, then used his to try to get me to 'trust' the message enough to open the attachment. 

DO NOT OPEN WEIRD ATTACHMENTS, even if they appear to be from someone you know. 

Here's a screenshot of the email (I blocked out the “sender's” address with a yellow box).

[/edit]

Tuesday, July 20, 2004 1:49:39 AM UTC  #    -
Troubleshooting
Tracked by:
"1428_ministry - Calftryin.net" (1428_ministry - Calftryin.net) [Trackback]
"Giochi di Luce" (Giochi di Luce) [Trackback]
"2002_06_24 - Departurebanish.com" (2002_06_24 - Departurebanish.com) [Trackback]
"Philip Morris agrees to buy Nabisco for $14.9 billion" (Philip Morris agrees to... [Trackback]
"Mute_8977 - Calftryin.net" (Mute_8977 - Calftryin.net) [Trackback]
"Calftryin.net" (Calftryin.net) [Trackback]
"Toronto Wireless Community Network (TWCN)" (Toronto Wireless Community Network ... [Trackback]
"Gralty Automotive" (Gralty Automotive) [Trackback]
"Mannequin Madness" (Mannequin Madness) [Trackback]
"3337_backlash - Departurebanish.com" (3337_backlash - Departurebanish.com) [Trackback]
"Verreau_9420 - Calftryin.net" (Verreau_9420 - Calftryin.net) [Trackback]
"Reel Views - Angie" (Reel Views - Angie) [Trackback]
"Aluminum 2000" (Aluminum 2000) [Trackback]
"2004_02_11 - Calftryin.net" (2004_02_11 - Calftryin.net) [Trackback]
"939_awards - Calftryin.net" (939_awards - Calftryin.net) [Trackback]
"Humanist - Calftryin.net" (Humanist - Calftryin.net) [Trackback]
"3611_sixth - Calftryin.net" (3611_sixth - Calftryin.net) [Trackback]
"8266_opposition - Calftryin.net" (8266_opposition - Calftryin.net) [Trackback]
"4029 - Calftryin.net" (4029 - Calftryin.net) [Trackback]
"Voluntary_2161 - Calftryin.net" (Voluntary_2161 - Calftryin.net) [Trackback]
"6070 - Calftryin.net" (6070 - Calftryin.net) [Trackback]
"Murat - Calftryin.net" (Murat - Calftryin.net) [Trackback]
"IDEC" (IDEC) [Trackback]
"italia" (italia) [Trackback]
"buying and selling used cars" (buying and selling used cars) [Trackback]
"ab lounge ultimate" (ab lounge ultimate) [Trackback]
"Flonase AND comments" (Flonase AND comments) [Trackback]
"cypress hill insane in the brain" (cypress hill insane in the brain) [Trackback]
"vitamins minerals" (vitamins minerals) [Trackback]
"residence marmorata" (residence marmorata) [Trackback]
"Online Consultation for Provigil" (Online Consultation for Provigil) [Trackback]
"window" (window) [Trackback]
"rosary bracelets" (rosary bracelets) [Trackback]
"Jamn 945" (Jamn 945) [Trackback]
"bamboo easel" (bamboo easel) [Trackback]
"Seattle Facelift" (Seattle Facelift) [Trackback]
"black bros white hoes" (black bros white hoes) [Trackback]
"purple heart donations" (purple heart donations) [Trackback]
"alabama department of transportation" (alabama department of transportation) [Trackback]
"Cowboy Bebop Music" (Cowboy Bebop Music) [Trackback]
"industrial parts washers" (industrial parts washers) [Trackback]
"meeting facility dfw" (meeting facility dfw) [Trackback]
"microsoft project scheduler" (microsoft project scheduler) [Trackback]
"creative gift idea" (creative gift idea) [Trackback]
"pebuilder plugins" (pebuilder plugins) [Trackback]
"efx foreign exchange" (efx foreign exchange) [Trackback]
"addiction recovery program" (addiction recovery program) [Trackback]
"topamax anti inflammatory" (topamax anti inflammatory) [Trackback]
"vancouver auto electric distributor repair" (vancouver auto electric distributo... [Trackback]
"infertility vaginal scan" (infertility vaginal scan) [Trackback]
"corporate meeting solution" (corporate meeting solution) [Trackback]
"estimating program" (estimating program) [Trackback]
"hound dog" (hound dog) [Trackback]
"whirlpool washer dryer" (whirlpool washer dryer) [Trackback]
"radio online" (radio online) [Trackback]
"luther vandross here and now" (luther vandross here and now) [Trackback]
"mcse 70-294 testking" (mcse 70-294 testking) [Trackback]
"Deputy mayor Walter Greene Detroit" (Deputy mayor Walter Greene Detroit) [Trackback]
"clomid 250 mg" (clomid 250 mg) [Trackback]
"canadiens montreal" (canadiens montreal) [Trackback]
"san jose public library" (san jose public library) [Trackback]
"Insulating Ladders" (Insulating Ladders) [Trackback]
"hotelorlando" (hotelorlando) [Trackback]
"corniceantica" (corniceantica) [Trackback]
"americanosudore" (americanosudore) [Trackback]
"how do you use a multimeter" (how do you use a multimeter) [Trackback]
"English to Spanish translator" (English to Spanish translator) [Trackback]
"birthday cards" (birthday cards) [Trackback]
"pasadena restaurants" (pasadena restaurants) [Trackback]
"mobile dvd players" (mobile dvd players) [Trackback]
"graziosolesbichemerda" (graziosolesbichemerda) [Trackback]
"green bay packers fan clubs" (green bay packers fan clubs) [Trackback]
"Pray the Rosary Online" (Pray the Rosary Online) [Trackback]
"ordervaliumonline" (ordervaliumonline) [Trackback]
"Las Vegas%3A football betting" (Las Vegas%3A football betting) [Trackback]
"giochips" (giochips) [Trackback]
"dinosaur encyclopedia" (dinosaur encyclopedia) [Trackback]
"copertinacddvd" (copertinacddvd) [Trackback]
"Search Engine Optimization Firm" (Search Engine Optimization Firm) [Trackback]
"turnkey sportsbook packages" (turnkey sportsbook packages) [Trackback]
"samsunglogo" (samsunglogo) [Trackback]
"ragazzavirtuale" (ragazzavirtuale) [Trackback]
"stemma" (stemma) [Trackback]
"ridiculousamatorialistrip" (ridiculousamatorialistrip) [Trackback]
"bingo location" (bingo location) [Trackback]
"hannover" (hannover) [Trackback]
"cramer %2B mad money" (cramer %2B mad money) [Trackback]
"ufficiovillarreal" (ufficiovillarreal) [Trackback]
"find unclaimed money" (find unclaimed money) [Trackback]
"business buzzword bingo further information" (business buzzword bingo further i... [Trackback]
"contrattofranchising" (contrattofranchising) [Trackback]
"automodellismomotorescoppio" (automodellismomotorescoppio) [Trackback]
"the daily telegram obituaries" (the daily telegram obituaries) [Trackback]
"daggers and kunai knife" (daggers and kunai knife) [Trackback]
"cheat codes ps2" (cheat codes ps2) [Trackback]
"netherland dwarf rabbits" (netherland dwarf rabbits) [Trackback]
"cayon dweller" (cayon dweller) [Trackback]
"spy sweeper psguard" (spy sweeper psguard) [Trackback]
"dye producing gastropod" (dye producing gastropod) [Trackback]
"daffy us lpga" (daffy us lpga) [Trackback]
"dwayne kosiancic manitoba" (dwayne kosiancic manitoba) [Trackback]
"panasonic vdr-m30 dvd-r digital camcorder" (panasonic vdr-m30 dvd-r digital cam... [Trackback]
"haskel dyer" (haskel dyer) [Trackback]
"kodak easy share dx7630 camera soft" (kodak easy share dx7630 camera soft) [Trackback]
"pat dailey 60's,70's ,80's" (pat dailey 60's,70's ,80's) [Trackback]
"dwight schrute" (dwight schrute) [Trackback]
"ritz av and bob dvorak" (ritz av and bob dvorak) [Trackback]
"game cheats for ps2" (game cheats for ps2) [Trackback]
"san diego dwi attorney" (san diego dwi attorney) [Trackback]
"cell chaos coop ps2 splinter theory through walk" (cell chaos coop ps2 splinter... [Trackback]
"sony dvpns330sm multi region dvd player" (sony dvpns330sm multi region dvd play... [Trackback]
"snore guard" (snore guard) [Trackback]
"headrest dvd players headrest dvd players" (headrest dvd players headrest dvd p... [Trackback]
"moody wadley toyota in dyersburg" (moody wadley toyota in dyersburg) [Trackback]
"daimoku relationship karma" (daimoku relationship karma) [Trackback]
"okashina dai bouken" (okashina dai bouken) [Trackback]
"toshiba dvd-ram drive sd-w2002 support" (toshiba dvd-ram drive sd-w2002 support... [Trackback]
"cal spa ps4 manual" (cal spa ps4 manual) [Trackback]
"daiwa 130x" (daiwa 130x) [Trackback]
"dwarf korean lilac" (dwarf korean lilac) [Trackback]
"dairy heifer raising" (dairy heifer raising) [Trackback]
"celluloid heroes ray davies" (celluloid heroes ray davies) [Trackback]
"jan hendriks kollen giethoorn" (jan hendriks kollen giethoorn) [Trackback]
"daintree" (daintree) [Trackback]
"lenox daffodil vase" (lenox daffodil vase) [Trackback]
"daigunder" (daigunder) [Trackback]
"kahrs wood floor doussie dakar" (kahrs wood floor doussie dakar) [Trackback]
"multi region dvd players" (multi region dvd players) [Trackback]
"hippo eats dwarf" (hippo eats dwarf) [Trackback]
"chhabragroup.net" (chhabragroup.net) [Trackback]
"moosealleyinn.com" (moosealleyinn.com) [Trackback]
"countyyardsales.com" (countyyardsales.com) [Trackback]
"attashay.com" (attashay.com) [Trackback]
"aldhr.com" (aldhr.com) [Trackback]
"coasar.com" (coasar.com) [Trackback]
"commercialbankquotes.com" (commercialbankquotes.com) [Trackback]
"byronhinterlandaccommodation.com" (byronhinterlandaccommodation.com) [Trackback]
"chhabraproducts.com" (chhabraproducts.com) [Trackback]
"avantidesigngroup.com" (avantidesigngroup.com) [Trackback]
"tabak-meier.com" (tabak-meier.com) [Trackback]
"chhabraenterprises.com" (chhabraenterprises.com) [Trackback]
"click2chico.com" (click2chico.com) [Trackback]
"coasar.com" (coasar.com) [Trackback]
"asiacompressor.com" (asiacompressor.com) [Trackback]
"syncreticorder.com" (syncreticorder.com) [Trackback]
"brze.com" (brze.com) [Trackback]
"poexia.com" (poexia.com) [Trackback]
"combatduck.com" (combatduck.com) [Trackback]
"chhabrahotels.com" (chhabrahotels.com) [Trackback]
"cobeebooks.com" (cobeebooks.com) [Trackback]
"smartzy.com" (smartzy.com) [Trackback]
"chhabrahotels.com" (chhabrahotels.com) [Trackback]
"kstartech.com" (kstartech.com) [Trackback]
"chhabramedicalservices.com" (chhabramedicalservices.com) [Trackback]
"tabak-meier.com" (tabak-meier.com) [Trackback]
"specsites.com" (specsites.com) [Trackback]
"mpbeats.com" (mpbeats.com) [Trackback]
"clubtuxedo.com" (clubtuxedo.com) [Trackback]
"compressorasia.com" (compressorasia.com) [Trackback]
"mpbeats.com" (mpbeats.com) [Trackback]
"elite-stfu.com" (elite-stfu.com) [Trackback]
"internet-marketingpro.com" (internet-marketingpro.com) [Trackback]
"whartongcc.com" (whartongcc.com) [Trackback]
"fetishe6.com" (fetishe6.com) [Trackback]
"whartongcc.com" (whartongcc.com) [Trackback]
"whartongcc.com" (whartongcc.com) [Trackback]
"leomoctezuma.com" (leomoctezuma.com) [Trackback]
"writewithapro.com" (writewithapro.com) [Trackback]
"auctionsection.com" (auctionsection.com) [Trackback]
"wysiwygkennels.com" (wysiwygkennels.com) [Trackback]
"elite-stfu.com" (elite-stfu.com) [Trackback]
"fetishe6.com" (fetishe6.com) [Trackback]
"spaceless.net" (spaceless.net) [Trackback]
"our-specialties.com" (our-specialties.com) [Trackback]
"ladyboy6.com" (ladyboy6.com) [Trackback]
"hornypics.net" (hornypics.net) [Trackback]
"auctionsection.com" (auctionsection.com) [Trackback]
"whartongcc.com" (whartongcc.com) [Trackback]
"ladyboy6.com" (ladyboy6.com) [Trackback]
"avalon-knights.com" (avalon-knights.com) [Trackback]
"spaceless.net" (spaceless.net) [Trackback]
"namicmarketing.com" (namicmarketing.com) [Trackback]
"hornypics.net" (hornypics.net) [Trackback]
"caramigo.com" (caramigo.com) [Trackback]
"spaceless.net" (spaceless.net) [Trackback]
"our-specialties.com" (our-specialties.com) [Trackback]
"ladyboy6.com" (ladyboy6.com) [Trackback]
"emiliefan" (emiliefan) [Trackback]
"realmensproducts" (realmensproducts) [Trackback]
"supportedhost" (supportedhost) [Trackback]
"grassrootslive" (grassrootslive) [Trackback]
"disneyphiles" (disneyphiles) [Trackback]
"thelandsend" (thelandsend) [Trackback]
"zolidground" (zolidground) [Trackback]
"goshuu" (goshuu) [Trackback]
"littlephotos" (littlephotos) [Trackback]
"makemoremuscle" (makemoremuscle) [Trackback]
"clubandbarsearch" (clubandbarsearch) [Trackback]
"informationsourcerer" (informationsourcerer) [Trackback]
"personalonlinehelp" (personalonlinehelp) [Trackback]
"kokotalk" (kokotalk) [Trackback]
"ttsmerchandise" (ttsmerchandise) [Trackback]
"mckellen-capital" (mckellen-capital) [Trackback]
"massjokes" (massjokes) [Trackback]
"just-need-some-fun" (just-need-some-fun) [Trackback]
"arbitragehyips" (arbitragehyips) [Trackback]
"my-mistake" (my-mistake) [Trackback]
"aussierelated" (aussierelated) [Trackback]
"electralloyindia" (electralloyindia) [Trackback]
"cery-perle" (cery-perle) [Trackback]
"dedicatedonline" (dedicatedonline) [Trackback]
"breathmaster" (breathmaster) [Trackback]
"7neen4host" (7neen4host) [Trackback]
"alifelegacy" (alifelegacy) [Trackback]
"yourpetmedications" (yourpetmedications) [Trackback]
"sportsconferencecenter" (sportsconferencecenter) [Trackback]
"fouronthefloorcouture" (fouronthefloorcouture) [Trackback]
"thecolorpalette" (thecolorpalette) [Trackback]
"sanclementegallery" (sanclementegallery) [Trackback]
"peetschallenge" (peetschallenge) [Trackback]
"mentalcandystudios" (mentalcandystudios) [Trackback]
"buddha-reborn.com" (buddha-reborn.com) [Trackback]
"techeverywhere.com" (techeverywhere.com) [Trackback]
"superiorsatelliteinc.com" (superiorsatelliteinc.com) [Trackback]
"ebizsuite7.com" (ebizsuite7.com) [Trackback]
"ebizsuite6.com" (ebizsuite6.com) [Trackback]
"danger-z0ne-yahoo.com" (danger-z0ne-yahoo.com) [Trackback]
"creamfactoryrecord.com" (creamfactoryrecord.com) [Trackback]
"rosenortbaseball.com" (rosenortbaseball.com) [Trackback]
"donosushi.com" (donosushi.com) [Trackback]
"ezywheels.com" (ezywheels.com) [Trackback]
"flawless-hosting.net" (flawless-hosting.net) [Trackback]
"stiffeye.com" (stiffeye.com) [Trackback]
"beoh.com" (beoh.com) [Trackback]
"pontejulio.com" (pontejulio.com) [Trackback]
"mrantonio.com" (mrantonio.com) [Trackback]
"4oit.com" (4oit.com) [Trackback]
"stamps-sources.com" (stamps-sources.com) [Trackback]
"akatit.com" (akatit.com) [Trackback]
"andysmarketingtips.com" (andysmarketingtips.com) [Trackback]
"dominationradio.net" (dominationradio.net) [Trackback]
"atomsphereproductions.com" (atomsphereproductions.com) [Trackback]
"curtashendel.com" (curtashendel.com) [Trackback]
"pluriamarshalljr.com" (pluriamarshalljr.com) [Trackback]
"on-your-way-to-wealth.com" (on-your-way-to-wealth.com) [Trackback]
"teamx4.com" (teamx4.com) [Trackback]
"insane-boost.com" (insane-boost.com) [Trackback]
"spacialonline.com" (spacialonline.com) [Trackback]
"accountserverg1.net" (accountserverg1.net) [Trackback]
"valleyfortcapital.com" (valleyfortcapital.com) [Trackback]
"a1digitalphotos.com" (a1digitalphotos.com) [Trackback]
"lasvegaskorea.com" (lasvegaskorea.com) [Trackback]
"xenu-city.net" (xenu-city.net) [Trackback]
"suomiball.com" (suomiball.com) [Trackback]
"drinkingfountain.com" (drinkingfountain.com) [Trackback]
"wynnresortslimited.net" (wynnresortslimited.net) [Trackback]
"zcolumn.net" (zcolumn.net) [Trackback]
"wynnresortslimited.com" (wynnresortslimited.com) [Trackback]
"quickmatch.net" (quickmatch.net) [Trackback]
"horking.com" (horking.com) [Trackback]
"macielo.com" (macielo.com) [Trackback]
"yagerdreamteam.com" (yagerdreamteam.com) [Trackback]
"ardenmore.com" (ardenmore.com) [Trackback]
"ipayhere.com" (ipayhere.com) [Trackback]
"alsafenat.net" (alsafenat.net) [Trackback]
"webcam59.com" (webcam59.com) [Trackback]
"bugagas.com" (bugagas.com) [Trackback]
"techtikes.com" (techtikes.com) [Trackback]
"westfilies.com" (westfilies.com) [Trackback]
"speedy-chemist.com" (speedy-chemist.com) [Trackback]
"thenothingness.com" (thenothingness.com) [Trackback]
"doctorrosenthal.com" (doctorrosenthal.com) [Trackback]
"jellyfishegg.com" (jellyfishegg.com) [Trackback]
"juad-gallery.com" (juad-gallery.com) [Trackback]
"wahmcards.com" (wahmcards.com) [Trackback]
"sudanmoon.net" (sudanmoon.net) [Trackback]
"delonger.com" (delonger.com) [Trackback]
"webdesignersgalaxy.com" (webdesignersgalaxy.com) [Trackback]
"tsatskelehs.com" (tsatskelehs.com) [Trackback]
"wynnresortsinc.net" (wynnresortsinc.net) [Trackback]
"vzic.com" (vzic.com) [Trackback]
"traxxar.com" (traxxar.com) [Trackback]
"garuda-tiga.com" (garuda-tiga.com) [Trackback]
"cqiss.com" (cqiss.com) [Trackback]
"verio-asia.com" (verio-asia.com) [Trackback]
"zorrix.com" (zorrix.com) [Trackback]
"chismescalientes.com" (chismescalientes.com) [Trackback]
"chismografos.net" (chismografos.net) [Trackback]
"chamaquitas.com" (chamaquitas.com) [Trackback]
"ebarterbuy.com" (ebarterbuy.com) [Trackback]
"marijuanaseedsbanks.com" (marijuanaseedsbanks.com) [Trackback]
"platinglink.com" (platinglink.com) [Trackback]
"uccbsu.com" (uccbsu.com) [Trackback]
"onlineeducationfinder.com" (onlineeducationfinder.com) [Trackback]
"meskateboards.com" (meskateboards.com) [Trackback]
"attaquedesfans.com" (attaquedesfans.com) [Trackback]
"warhawksguild.com" (warhawksguild.com) [Trackback]
"support-client.com" (support-client.com) [Trackback]
"mssp-thailand.com" (mssp-thailand.com) [Trackback]
"musicmidtown.com" (musicmidtown.com) [Trackback]
"whitesspace.com" (whitesspace.com) [Trackback]
"investigatechina.com" (investigatechina.com) [Trackback]
"julischmidt.com" (julischmidt.com) [Trackback]
"maria69val.com" (maria69val.com) [Trackback]
"surefilm.com" (surefilm.com) [Trackback]
"purple-icing.com" (purple-icing.com) [Trackback]
"myspacehtml.net" (myspacehtml.net) [Trackback]
"cmcc-images.com" (cmcc-images.com) [Trackback]
"walshperformancegroup.com" (walshperformancegroup.com) [Trackback]
"tripleslingerie.com" (tripleslingerie.com) [Trackback]
"tmp2" (tmp2) [Trackback]
"tmp1" (tmp1) [Trackback]
"allsortsmessageboards.com" (allsortsmessageboards.com) [Trackback]
"alhamalaweb.net" (alhamalaweb.net) [Trackback]
"auction-runner.com" (auction-runner.com) [Trackback]
http://www.google.com/search?q=gzhaedud [Pingback]
http://www.google.com/search?q=gcqwqhul [Pingback]
http://www.google.com/search?q=vautasso [Pingback]
http://www.google.com/search?q=ebeujmfs [Pingback]
http://www.google.com/search?q=qqymnqaw [Pingback]
http://www.google.com/search?q=duvidfdz [Pingback]
http://www.google.com/search?q=zhadqhmm [Pingback]
Navigation
Home
Bowen Technology Services
Concinnity Solutions
Archive
<July 2004>
SunMonTueWedThuFriSat
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567
Quick Quips
    Categories
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
    About the author/Disclaimer

    Disclaimer
    The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

    © Copyright 2008
    John Bowen
    Sign In
    Statistics
    Total Posts: 152
    This Year: 3
    This Month: 0
    This Week: 0
    Comments: 164
    Themes
    Pick a theme:
    All Content © 2008, John Bowen
    Theme modified from the 'Business' theme created by Christoph De Baene (delarou)