You visit illegal websites
Julian Field
MailScanner at ecs.soton.ac.uk
Mon Feb 21 11:31:46 GMT 2005
[ The following text is in the "ISO-8859-15" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
MailScanner being faked by the VXers again. Shows I must be making a
dent in the market share!
Mike wrote:
>There seems to be a new virus (or is it a hoax?) active. The subject is "You visit illegal websites" with a "From: Office at FBI.gov". Here's the text of the e-mail:
>
>==============================================
>Dear Sir/Madam,
>
>we have logged your IP-address on more than 40 illegal Websites.
>
>Important: Please answer our questions!
>The list of questions are attached.
>
>
>Yours faithfully,
>M. John Stellford
>
>
>
>++-++ Federal Bureau of Investigation -FBI-
>++-++ 935 Pennsylvania Avenue, NW, Room 2130
>++-++ Washington, DC 20535
>++-++ (202) 324-3000
>==============================================
>
>It sometimes add a footer like this:
>
>==============================================
>*-* Mail-Scanner: No Virus detected
>==============================================
>
>It can also be an e-mail from Microsoft with the request to install a patch or someone from hotmail to thank you for some registration.
>
>They all have some sort of attachment (approx. 51KB), a zip file. In the case of the FBI mail, it was "indictment_cit2515.zip".
>
>The zip file contains a .pif file (double extension, ".txt .pif" (lots of spaces between .txt and .pif). If MailScanner is configured to scan within zip files, you just be save (I guess).
>
>The file however is an executable (Has "MZ" as the first bytes in the file). I'm not sure what it does, I haven't opened it on a Windows box, I'm just too afraid...
>
>Has anyone else seen this??? I cannot find any information about this on the Internet and none of the major Anti-Virus companies have information on it.
>
>Regards,
>Mike.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list