Just got the following, an html file with an executable attached. It would appear to me that there is a large chance that this is malware, and the 'explanation' is just a clever bit of social engineering. Anybody else seen this? I don't recall ever getting any email from this sender prior to this.
To [EMAIL PROTECTED]: Who the hell are you? "Ignore the warning,and select 'continue'" my ass! >Return-Path: <[EMAIL PROTECTED]> >Received: from herald.cc.purdue.edu (herald.cc.purdue.edu [128.210.11.29]) > by plushie.suespammers.org (8.11.3/8.11.3) with ESMTP id h1KGLBE32557 > for <[EMAIL PROTECTED]>; Thu, 20 Feb 2003 08:21:11 -0800 >Received: from Vgikc (tark-c-248.resnet.purdue.edu [128.211.222.248]) > by herald.cc.purdue.edu (8.12.7/8.12.7/herald) with SMTP id h1KGL9Ov020135 > for <[EMAIL PROTECTED]>; Thu, 20 Feb 2003 11:21:09 -0500 (EST) >Date: Thu, 20 Feb 2003 11:21:09 -0500 (EST) >Message-Id: <[EMAIL PROTECTED]> >From: heiliger <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Worm Klez.E immunity >MIME-Version: 1.0 >Content-Type: multipart/alternative; > boundary=IW5m5k1t1sDQURt79f51 >Status: > >--IW5m5k1t1sDQURt79f51 >Content-Type: text/html; >Content-Transfer-Encoding: quoted-printable > ><HTML><HEAD></HEAD><BODY> > ><FONT>Klez.E is the most common world-wide spreading worm.It's very dangerous by >corrupting your files.<br> >Because of its very smart stealth and anti-anti-virus technic,most common AV software >can't detect or clean it.<br> >We developed this free immunity tool to defeat the malicious virus.<br> >You only need to run this tool once,and then Klez will never come into your PC.<br> >NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor >maybe cry when you run it.<br> >If so,Ignore the warning,and select 'continue'.<br> >If you have any question,please <a href=3Dmailto:[EMAIL PROTECTED]>mail to >me</a>.</FONT></BODY></HTML> > >--IW5m5k1t1sDQURt79f51 >Content-Type: application/octet-stream; > name=bannerfilter[3].bat >Content-Transfer-Encoding: base64 >Content-ID: <Ji47h4H689F7> > >TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g >RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn <snip> End Spam <[EMAIL PROTECTED]> see http://law.spamcon.org for free suespammers.org email account _______________________________________________ spamcon-general mailing list [EMAIL PROTECTED] http://mail.spamcon.org/mailman/listinfo/spamcon-general#subscribers Subscribe, unsubscribe, etc: Use the URL above or send "help" in body of message to [EMAIL PROTECTED] Contact administrator: [EMAIL PROTECTED]
