PDA

View Full Version : Anybody get these emails?

bothered
30 Jan 2006, 6:28pm
I got a strange email today. It came with an attachment that was called 'article'. Here is copy of the email -
Hello,

We have been trying to get through to you on the phone today but you must be out at work, your photograph was forwarded to us as part of an article we are publishing for our February edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We've attached the photo with the article here.

Kind regards,

Jamie Andrews
Editor
www.TotalBusiness.com

I have no idea what it is about and usually just bin anything I'm unsure about but I was curious. I scanned the attachment with avast and it was clean so I opened it. It was a zip file that ended with a PDF document, I tried to open the PDF, It didn't open and the PDF icon dissapeared after a few seconds. It is still there where I unzipped it to and properties say it an application. I have just had another very similar email, here's a copy -

Hello,

Your photograph has reached editing stage as part of an article we are publishing for our February edition of the Guardians business section. Can you check over the format and get back to us with your approval or any changes?
If the picture is not to your liking then please send a preferred one. We've attached the photo with the article here.

Kind regards,

William Morrison
Editor
www.Guardian.com

Differant company name but obviously the same thing. I have done a virus scan and all my spyware stuff etc and found nothing. The second one had the attachment but I've left that alone.
Should I be worried?
madmat
30 Jan 2006, 6:40pm
Don't be afraid, be very afraid. That's how rootkits and other malicious scripts get passed on and some of those don't get seen as a virus simply because they're too new.

I'd keep a very close eye on my PC for a while. Sorry about that but this falls under the class of "You should have known better"...for someone to be writing an article about you don't you think they'd have contacted you before hand to get permission and for quotes?
deicist
30 Jan 2006, 7:26pm
Sounds like this fella:

Stinx.N trojan (http://www.sophos.com/virusinfo/analyses/trojstinxn.html)

if you look under 'description' one of the emails you recieved is there.
SpywareShooter
1 Feb 2006, 11:43pm
Can you foreward one of the emails to me for analysis (spywareshooter@yahoo.com)? If this is a new trojan or worm out in the wild I want to get some info on it before everyone comes rushing in asking about it.
bothered
2 Feb 2006, 8:18am
Can you foreward one of the emails to me for analysis (spywareshooter@yahoo.com)? If this is a new trojan or worm out in the wild I want to get some info on it before everyone comes rushing in asking about it.
Sorry but it has all been cleaned out. I had two emails and later understanding wife got another. I'm not sure if Avast stopped mine but it did stop the one wife got. I did an online scan with Panda and that found one which it asked to be sent to them so they could investigate it. I got this email back from them -

Dear client,

After analysing the message you sent to PandaLabs, we inform you that a new
malware was detected in it.

A Panda ActiveScan update, shortly available, will successfully detect and
delete this threat from your computer.
The files C:\Documents and Settings\dad\Local Settings\Temporary Internet
Files\Content.IE5\WLIB4X6F\bk[1].jpg, C:\WINDOWS\system32\winzrs32.exe belong to
the worm Bck/Breplibot.M, due to the nature of the files, they can only be
deleted.

The following advice will help you to eliminate the Bck/Breplibot.M and protect
yourself against it in future.
Visit our web page with information about the malware:
http://www.pandasoftware.com/virus_info/enc/overview.aspx?idvirus=106918
Follow the instructions on how to eliminate the malware:
http://www.pandasoftware.com/virus_info/enc/solution.aspx?idvirus=106918

If your computer has Windows Millennium or Windows XP installed, you can find
information to permanently remove all trace of the virus in the following URL:
Windows Milenium
http://www.pandasoftware.com/support/card.aspx?id=17&IdIdioma=2
Windows XP
http://www.pandasoftware.com/support/card.aspx?id=18&IdIdioma=2 -

When wife got her email it was detected and cleaned by Avast, that one had
the same text and 'photo' attachment as the two I had, which is why I think Avast may have stopped mine infecting though it didn't give me any warning. Avast hadn't updated between the emails.
Hope this is some use to you spywareShooter.
RichD
12 Feb 2006, 6:19pm
Hello.

I work on secondment doing database work for a local authority and a guy who works in another department had this exact same e-mail. He forwarded it to a girl who sits near me and asked to look at it and try and sort out a picture. She had the same problems you are talking about and asked me to have a look because she couldn't get it to work. On closer inspection the .PDF file was very small (I can’t remember the exact size but only a couple of kb if that). Pictures even when PDFed are bigger than that. I then also noticed that the file extension was in fact an .exe but the icon was the Adobe Acrobat Icon. It was then that I became a little suspicious and suggested she try to trace the origins as this would seem a plausible way for virus' to be spread. The guy who received the original e-mail reported it to IT support and they confirmed it was a virus. Couldn't tell you anymore but I would certainly get rid of all trace of it and run some checks.

Hope this helps