I have temporarily blocked invoice.doc via Declude Virus. John T eServices For You
"Seek, and ye shall find!" > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami > Razvan > Sent: Monday, August 07, 2006 6:12 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] virus or spam? > > Hi Gary: > > I have seen a lot of it.. In every domain and in every userID :) > > Credit memo attached to deleted payment receipt cannot be applied to > different invoice > > ------=_NextPart_000_0001_01C6B98B.1759ED80 > Content-Type: application/msword; > name="invoice.doc" > Content-Transfer-Encoding: base64 > Content-Disposition: inline; > filename="invoice.doc" > > 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAABAAAA > NwAAAAAA > AAAAEAAANQAAAAEAAAD+////AAAAADgAAAD///////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > //////////////////////////////////////////////////////////////////////// > ///////////////////////////////////spcEAcWAJBAAA+BK/AAAAAAAAEAAAAAAABgAA > > -------------------------------- > & what is strange is I do not see any Declude headers - they show up at the > bottom of the email with no filters being run.. > > I have seen these emails starting last week.. [see attached] > > Kami > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary > Steiner > Sent: Monday, August 07, 2006 12:17 AM > To: [email protected] > Subject: [Declude.JunkMail] virus or spam? > > Today I discovered a new spam on my server that at first I thought might be > a virus. It had the subject line "Bill Summary - Invoice #36644" and > "August Payment Summary, Invoice #48729" with the number being random. It > delivers its message inside an attached word document called "invoice.doc". > When I sent it to www.virustotal.com, nothing was detected. Just to be safe > I copied it to an old Macintosh, but couldn't open it with MS Word there. I > opened the invoice.doc file with a text editor and found it contained the > standard OEM software sales pitch with a link to a web site. I'm still not > certain that it isn't a new virus hidden behind a spam. > > The header seems to contain a strange cr/lf pattern as Declude has trouble > with it and ends up putting its X-Header messages at the end of the file. > Some were picked up by RBLs some were not. > > Anyone else seen this before? > > Gary > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
