WATCH OUT!!!

People are sending emails with attachements
Text is:

Hi! How are you?

I send you this file in order to have your advice

See you later!
Thanks


DO NOT open the attachement!
IMMEDIATELY delete!

Subject: michael
From: "deba"<debanoshee@webneuron.com>

Lovely worm described here:

http://webhostingtalk.com/showthread.php?&threadid=15874

Ah well...
just thought i'd share

Yeah got 5 of these today... heh Set OE to auto block attachments that may contain trojans works...

Will that block ALL attackments or just trojans?

It will probably block the .exe extension. I haven't got one yet, worst I've gotten is the 7 dwarfs story one about two times.

We have gotten like 200 of these damn thangs what a pain to delete them all..LOL

I got hordes of the 7 dwarves one. I even got a couple in other languages. A virus in multiple languages... they're getting too smart.

Its funny, people never send me virii on purpose, its usually for me to mess with...

Same with spam....

sh%t

How can I get rid of it

hotmail said it was no virus detected...how can I get it off?

Hmm

if you use hotmail you are safe
unless you downloaded the attachment and ran it...

Goto that URL I posted and download that check thing
You'll see if you're infected or not...
Looks a little strange

its a small .com (.com??? It's 2001!!) file,
however its from symantec, the same dudes as NAV...

just my $0.02

Originally posted by Eagle
its a small .com (.com??? It's 2001!!) file,

Now that I think of it,
I think they made it .com because else the worm might infect the .exe....

Cause the first 2 bytes of the file look EXACTLY like an .exe header: "MZ"

Just my $0.02

(so in other words, just a rename *.exe --> *.com)

i got a lot of those and the seven dwarfs one
i don't understand why i am getting them...i don't recognize any of the emails

Oh no. I just opened the thing.

First it tried to display as a DVD movie, that didn't work so I saved it as a .doc - a bunch of programming at the top and then the letter right at the bottom.

Don't know if it did anything... suppose I better go and check...

I got 3 of those to my personal email. I hate when I get virus's in my mail

Originally posted by davidb
I got 3 of those to my personal email. I hate when I get virus's in my mail

Really? I wonder why :D

I replied to the sender and wholla... a second later, a reply with a new subject and file, this time a .pif, arrives.

The infected PC owner sending to me must be a building contractor.

I get a no user there...Daemon must love a lot of people...

It blocks all but say .jpg and .gif... for the others you just go to options and turn the blocking off and save the file....

Getting the same one, only it's a .bat file - must have had that thing sent to my e-mail addresses 20 times this week :rolleyes:

While most of us sensible enough not to open these things I shudder to think of the millions of people who are poking that file right now...

Greg Moore

argh when will these go away?
i haven't got any seven dwarves one for a while

I've only gotten two, but both are from different sources, different subjects and different type's of files, or so it's supposed to seem:

Return-Path: <JGARCIA1988@email.msn.com>
Delivered-To: shaolin-admin@chatbase.com
Received: (qmail 3268 invoked from network); 21 Jul 2001 20:46:38 -0000
Received: from cpimssmtpu11.email.msn.com (207.46.181.86)
by ns0.u-build-it.net with SMTP; 21 Jul 2001 20:46:38 -0000
Received: from oemcomputer ([63.25.2.58]) by cpimssmtpu11.email.msn.com with Microsoft SMTPSVC(5.0.2195.3225);
Sat, 21 Jul 2001 13:47:58 -0700
From: "JGARCIA1988"<JGARCIA1988@email.msn.com>
To: admin@chatbase.com
Subject: articels of
date: Sat, 21 Jul 2001 15:55:12 -0500
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed; boundary="----109536B5_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
Return-Path: JGARCIA1988@email.msn.com
Message-ID: <CPIMSSMTPU11BEEs5VF000005cc@cpimssmtpu11.email.msn.com>
X-OriginalArrivalTime: 21 Jul 2001 20:47:59.0007 (UTC) FILETIME=[6D033AF0:01C11226]
X-UIDL: f$&"!;OB!!^9)!!&-9"!

------109536B5_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text

Hi! How are you=3F

I send you this file in order to have your advice

See you later=2E Thanks

------109536B5_Outlook_Express_message_boundary
Content-Type: application/mixed; name="articels of.doc.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="articels of.doc.com"


And:


Return-Path: <debanoshee@webneuron.com>
Delivered-To: shaolin-webmaster@chatbase.com
Received: (qmail 7695 invoked from network); 23 Jul 2001 09:33:03 -0000
Received: from unknown (HELO acid.webneuron.int) (root@63.109.244.170)
by ns0.u-build-it.net with SMTP; 23 Jul 2001 09:33:03 -0000
Received: from ZA-II.webneuron.int ([192.168.1.236])
by acid.webneuron.int (8.8.8/8.8.8) with SMTP id PAA08479
for <webmaster@chatbase.com>; Mon, 23 Jul 2001 15:09:02 +0530
Message-Id: <200107230939.PAA08479@acid.webneuron.int>
From: "deba"<debanoshee@webneuron.com>
To: webmaster@chatbase.com
Subject: Master-servant
date: Mon, 23 Jul 2001 15:01:32 +0530
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
Content-Type: multipart/mixed; boundary="----483BCEB6_Outlook_Express_message_boundary"
Content-Disposition: Multipart message
X-UIDL: nb["!#p=!!RMD"!i9O"!

------483BCEB6_Outlook_Express_message_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: message text

Hi! How are you=3F

I send you this file in order to have your advice

See you later=2E Thanks

------483BCEB6_Outlook_Express_message_boundary
Content-Type: application/mixed; name=Master-servant.doc.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=Master-servant.doc.pif


I just have my file extentions associated with Notepad, unless it's a text, HTML or image file or the like. Anything else, there's no reason to execute it, unless you specifically and intentionally do so. Otherwise, associate everything else with Notepad. I think the funniest thing about this new one, is that it's coming from sources I've no idea whom they are. I mean, it's different for most people when it comes from someone you at least know. Man, they aren't getting smarter, if you ask me.