filth Posted April 26, 2004 Posted April 26, 2004 Just thought I better let it be known that someone is using a fake ecommerce email address (I presume its a fake 1 anyway) to send out viruses. I have just received an email from an address the headers were as follows:- Return-Path: <[email protected]> Delivered-To: 183-REMOVED Received: (qmail 25361 invoked from network); 26 Apr 2004 20:12:06 -0000 Received: from two.pairlist.net (216.92.1.93) by s3.nc99.net with SMTP; 26 Apr 2004 20:12:06 -0000 Received: from two.pairlist.net (localhost.pair.com [127.0.0.1]) by two.pairlist.net (Postfix) with ESMTP id 5620025058; Mon, 26 Apr 2004 16:07:02 -0400 (EDT) Delivered-To: [email protected] Received: from supportdesk6.net (unknown [216.47.142.171]) by two.pairlist.net (Postfix) with SMTP id 51C7325031 for <[email protected]>; Mon, 26 Apr 2004 16:03:59 -0400 (EDT) To: [email protected] From: [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------gblcowjmugulseicabnk" Subject: [OSC-ANNOUNCE] Re: Hello Sender: [email protected] Errors-To: [email protected] X-BeenThere: [email protected] X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: <mailto:[email protected]?subject=help> List-Post: <mailto:[email protected]> List-Subscribe: <http://two.pairlist.net/mailman/listinfo/osc-announce>, <mailto:[email protected]?subject=subscribe> List-Id: osCommerce Public Announcements <osc-announce.oscommerce.com> List-Unsubscribe: <http://two.pairlist.net/mailman/listinfo/osc-announce>, <mailto:[email protected]?subject=unsubscribe> List-Archive: <http://two.pairlist.net/pipermail/osc-announce/> Date: Mon, 26 Apr 2004 15:03:58 -0600 ----------gblcowjmugulseicabnk Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit and the email had an attachement called MoreInfo.zlv the only test in the email was <html><body> Read the attach.<br><br> <br> </body></html> for obvious reasons do not trust emails with such attachments
dreamscape Posted April 27, 2004 Posted April 27, 2004 these viruses have been going around for months now. They randomly generate the from field, probably from a database somewhere. The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke
Guest Posted April 28, 2004 Posted April 28, 2004 It's a vb script that builds an executable and then runs it. I don't know enough to do anything with it, but I saved the script. Someone interested in figuring out what it does? Lemme know and I'll email ya the script. I'm very curious myself.
wvmlt Posted April 29, 2004 Posted April 29, 2004 I got one recently supposedly from norton and the only thing in the text was "scanned by Norton Anti Virus please read attachment". I don't even use norton. Keith What the hell was I thinkin'?
filth Posted April 29, 2004 Author Posted April 29, 2004 ive been getting alot of these myself it was mainly just because the email address had the oscommerce email address that I posted the message here.
Harald Ponce de Leon Posted May 3, 2004 Posted May 3, 2004 Thanks to all that notified me directly about the virus - the email was sent from someone who is infected which had forged the FROM email address (which is typical for such viruses). I've locked the mailing list even tighter to make sure it doesn't happen again in the future. , osCommerce
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.