|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Warning - new trend of attempts to infect ISP users (possiblyvirus)
<http://vil.nai.com/vil/content/v_101071.htm> W32/Bagle.[hij]@MM --On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net" <[email protected]> wrote: I have just seen emails (several different kinds) pretending to be sent from 3 of my isp domains to users of those domains warning users that their email account would be disabled and asking to open a .pif attachment. I know largest ISPs probably have expierenced this but I believe what I have seen today means they are after ISPs (or possibly just after any domains with number of email addresses under them) of all sizes right at the moment. All emails we received from the same source ip - 129.59.206.187 Please check your email base for what looks like the following (in the examples I changed everything to elan.net, actually every isp domain received different example of this, only first one is exact). Example 1: --- From: [email protected] To: [email protected] Subject: Email account utilization warning. Hello user of Elan.net e-mail server, Your e-mail account has been temporary disabled because of unauthorized access. For further details see the attach. Best wishes, The Elan.net team http://www.elan.net --- Example 2: --- From: [email protected] To: [email protected] Subject: Warning about your e-mail account. Dear user of "Elan.net" mailing system, Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service. Further details can be obtained from attached file. Cheers, The Elan.net team http://www.elan.net --- Example3: --- To: [email protected] Subject: Warning about your e-mail account. From: [email protected] Dear user, the management of Elan.net mailing system wants to let you know that, Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions. Please, read the attach for further details. The Management, The Elan.net team http://www.elan.net -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [email protected] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 Attachment:
pgp00002.pgp
|