Results 1 to 10 of 10
  1. #1
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    This letter contains a virus...

    I'm suddenly getting a slew of spam which I can see contains the following at the top:

    <code> +-------------------------------------------+
    Warning! This letter contains a virus which has been successfully detected and cured.
    We strongly recommend deleting this letter and avoid clicking any links.
    +-------------------------------------------+
    [RBN Networks Antivirus]</code>

    I'm not opening them, and my spam-catcher is catching them, but I'm curious if anyone here knows the origin of the message. (Googling brings up a few speculative ideas.)

  2. #2
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: This letter contains a virus...

    I haven't seen any, but just so I can start carefully watching MailWasher, is that message at the top of the body or is it in the headers of the email?

  3. #3
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: This letter contains a virus...

    Top of the body.

  4. #4
    3 Star Lounger
    Join Date
    Sep 2001
    Location
    Prescott, Arizona, USA
    Posts
    286
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: This letter contains a virus...

    I have gotten a few too.

    I think they are hoping for the same outcome of the "Wet Paint" sign. You just have to touch it to see if it really is wet. So....maybe I will open this to just see what it is.....
    Michael

  5. #5
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: This letter contains a virus...

    Hi Leif,
    Sorry, but at first I had to smile; if you are recommending me to delete the "letter" - why are you sending me it (letting it trough) in the first place?

    Obviously it must be inserted in the body, but by who (since a "letter" can travel quite a bit and trough different networks). I am leaning towards what westerneagle say.

    If not my own ISP (who will not deliver), most else do delete/do not deliver email containing virus/worms. But this ... say it's detected and "cured", sending it along, then recommend to not open it. <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: This letter contains a virus...

    This one appears to have been doing the rounds since the 16th of this month. According to this thread on CastleCops, the e-mails contain a link without display text to a .php but nobody seems to know yet what the real purpose is.

  7. #7
    3 Star Lounger
    Join Date
    Sep 2001
    Location
    Prescott, Arizona, USA
    Posts
    286
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: This letter contains a virus...

    Ha! In googleing around, I found this guys statement....

    'If I could get the spammer I’d snap each of his fingers off and use them to make him(or her, I shouldn’t discriminate in this matter) even less comfortable than having their fingers snapped off one at time would.

    Death to spam, pain and misery to spammers."

    Wow! I thinketh he is mad.... <img src=/S/mad.gif border=0 alt=mad width=15 height=15>
    Michael

  8. #8
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,421
    Thanks
    33
    Thanked 195 Times in 175 Posts

    Re: This letter contains a virus...

    We had a few of these about a week ago, but either I've arranged their automatic deletion so I don't even see them or they have stopped sending them.

    I would question the accuracy of the statement:
    This letter contains a virus which has been successfully detected and cured.
    unless they actually meant "contained"!
    BATcher

    Time prevents everything happening all at once...

  9. #9
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: This letter contains a virus...

    Perhaps it's a new kind of spam that is designed to clog up the internet with people asking "What does it mean?" and "Why are they using such bad grammar?".

    It seems to be working so far <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

  10. #10
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: This letter contains a virus...

    "What does it mean?" and "Why are they using such bad grammar?".
    <img src=/S/mice.gif border=0 alt=mice width=50 height=25> <img src=/S/compute.gif border=0 alt=compute width=40 height=20> <img src=/S/mice.gif border=0 alt=mice width=50 height=25> <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

    As to what BATcher says; it could have been a Freudian slip, parapraxis, <img src=/S/bingo.gif border=0 alt=bingo width=15 height=22> <img src=/S/grin.gif border=0 alt=grin width=15 height=15> from those spammers, but on the other hand, they are not known for their good command in different languages.

    Seriously, I did not think about it the first time I looked at it, since the message and situation were odd enough, but if "RBN" in "RBN Networks Antivirus" has anything to do with (and it seems very likely) Russian Business Network (RBN), then it's (even more) obviously something to delete and if needed use some filter to remove, but you already do that.

    RBN has been doing all sorts of bad things, and who knows what they are up to. Testing addresses. Adding to the uncertainty if they are bad or not by using "Networks Antivirus". Perhaps we will know in some weeks or month, when another attack is mentioned in the news.

    About Russian Business Network at SANS Internet Storm Center.

    Security fix - Brian Krebs on Computer Security. Blog at The Washington Post:
    Taking on the Russian Business Network, October 13, 2007
    Mapping the Russian Business Network, October 13, 2007
    The Russian Business Network Responds, October 16, 2007

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •