Email account utilization warning.

[Guest guest]

Dear user of " .com " mailing system,

 

We warn you about some attacks on your e-mail account. Your computer may

contain viruses, in order to keep your computer and e-mail account safe,

please, follow the instructions.

 

For further details see the attach.

 

In order to read the attach you have to use the following password: 74340.

 

Sincerely,

The .com team http://www.

 

 

 

[Guest guest]

Dear Group,

 

I did not send this email, but it was probably sent by someone in the

group.

 

From what I understand, this is a somewhat typical virus email.

 

This group is configured so that all attachments are removed, so you

will not get a virus from it, but someone tried to infect our

membership. If you receive an email from me not through the group,

delete it as it is not from me.

 

All of you should be using an antivirus program anyway as there are a

lot of jerks out there, who cannot construct much in their lives, so

they feel some power in their weak little pointy heads if the can

hurt or destroy. They are typical low class losers.

 

Frank

 

 

 

, califpacific

wrote:

> Dear user of " .com " mailing system,

>

> We warn you about some attacks on your e-mail account. Your

computer may

> contain viruses, in order to keep your computer and e-mail

account safe,

> please, follow the instructions.

>

> For further details see the attach.

>

> In order to read the attach you have to use the following

password: 74340.

>

> Sincerely,

> The .com team

http://www.

>

>

>

[Guest guest]

Here are the headers for the spam/virus message sent to the group.

Anyone with some real expertise to help with these headers in the

group?

 

The group has been the target of many things to hurt it and I am

usually under attack personally in one form or another almost

continuously, not to mention the 300 spam emails a day I receive.

 

Frank

 

 

X-Apparently-califpacific via 66.218.78.170; Wed, 03

Mar 2004 17:15:55 -0800

Return-Path: <sentto-4198251-19031-1078362912-

califpacific=

Received: from 66.218.66.64 (HELO n1.grp.scd.)

(66.218.66.64) by mta237.mail.scd. with SMTP; Wed, 03 Mar

2004 17:15:55 -0800

X-eGroups-Return: sentto-4198251-19031-1078362912-

califpacific=

Received: from [66.218.66.96] by n1.grp.scd. with NNFMP; 04

Mar 2004 01:15:13 -0000

X-Sender: califpacific

X-Apparently-alternative_medicine_forum

Received: (qmail 75405 invoked from network); 4 Mar 2004 01:14:51 -

0000

Received: from unknown (66.218.66.166) by m13.grp.scd. with

QMQP; 4 Mar 2004 01:14:51 -0000

Received: from unknown (HELO bonnie) (138.88.169.121) by

mta5.grp.scd. with SMTP; 4 Mar 2004 01:14:50 -0000

alternative_medicine_forum

Message-ID: <bvkyggneatshfqgplmn >

X-eGroups-Remote-IP: 138.88.169.121

X-eGroups-administration

califpacific Add to Address Book

X--Profile: califpacific

MIME-Version: 1.0

Mailing-List: list ;

contact -owner

Delivered-mailing list

Precedence: bulk

List-Un: <-

>

Wed, 03 Mar 2004 20:14:49 -0500

Email account utilization

warning.

Reply-to:

Content-Type: multipart/alternative; boundary= " QXPYepu6zv3Bwo0JjT5-

lCFMNeSF6T2OwocyYt9 "

Content-Length: 1308

 

 

, " califpacific "

<califpacific> wrote:

> Dear Group,

>

> I did not send this email, but it was probably sent by someone in

the

> group.

>

> From what I understand, this is a somewhat typical virus email.

>

> This group is configured so that all attachments are removed, so

you

> will not get a virus from it, but someone tried to infect our

> membership. If you receive an email from me not through the group,

> delete it as it is not from me.

>

> All of you should be using an antivirus program anyway as there are

a

> lot of jerks out there, who cannot construct much in their lives,

so

> they feel some power in their weak little pointy heads if the can

> hurt or destroy. They are typical low class losers.

>

> Frank

>

>

>

> ,

califpacific

> wrote:

> > Dear user of " .com " mailing system,

> >

> > We warn you about some attacks on your e-mail account. Your

> computer may

> > contain viruses, in order to keep your computer and e-mail

> account safe,

> > please, follow the instructions.

> >

> > For further details see the attach.

> >

> > In order to read the attach you have to use the following

> password: 74340.

> >

> > Sincerely,

> > The .com team

> http://www.

> >

> >

> >

[Guest guest]

Here is the headers on another one that I received. I get quite a few

a day, but this idiot doesn't realize that my email account is

not my real email account. It is a throwaway account that I use for

groups and a public face as it is designed to attract spam, etc. away

from my real account.

 

X-Apparently-califpacific via 66.218.78.170; Wed, 03

Mar 2004 13:26:29 -0800

Return-Path: <notify-return-

califpacific=

Received: from 66.218.66.82 (HELO n26.grp.scd.)

(66.218.66.82) by mta122.mail.dcn. with SMTP; Wed, 03 Mar

2004 13:26:29 -0800

X-eGroups-Return: notify-return-

califpacific=

Received: from [66.218.66.160] by n26.grp.scd. with NNFMP;

03 Mar 2004 21:24:03 -0000

X-Sender: native_Medicine_Forum-nomail

X-Apparently--owner

Received: (qmail 66948 invoked from network); 3 Mar 2004 21:24:02 -

0000

Received: from unknown (66.218.66.216) by m20.grp.scd. with

QMQP; 3 Mar 2004 21:24:02 -0000

Received: from unknown (HELO your-ze8cxvr8tt) (24.186.157.122) by

mta1.grp.scd. with SMTP; 3 Mar 2004 21:23:56 -0000

Wed, 03 Mar 2004 16:24:05 -0500

-owner

[spam] Important notify about your e-mail account.

staff Add to Address Book

Message-ID: <qtjqrkteatwamougmun >

MIME-Version: 1.0

X-eGroups-Remote-IP: 24.186.157.122

Content-Type: multipart/mixed; boundary= " gQX-

bd6C4zUKb4d9G7nJhXQhfjvU0ah5SFrnEBC "

X-FilteredBulk: 24.186.157.122

X-eGroups-Moderators:

Content-Length: 12449

 

Frank

 

 

, " califpacific "

<califpacific> wrote:

> Dear Group,

>

> I did not send this email, but it was probably sent by someone in

the

> group.

>

> From what I understand, this is a somewhat typical virus email.

>

> This group is configured so that all attachments are removed, so

you

> will not get a virus from it, but someone tried to infect our

> membership. If you receive an email from me not through the group,

> delete it as it is not from me.

>

> All of you should be using an antivirus program anyway as there are

a

> lot of jerks out there, who cannot construct much in their lives,

so

> they feel some power in their weak little pointy heads if the can

> hurt or destroy. They are typical low class losers.

>

> Frank

>

>

>

> ,

califpacific

> wrote:

> > Dear user of " .com " mailing system,

> >

> > We warn you about some attacks on your e-mail account. Your

> computer may

> > contain viruses, in order to keep your computer and e-mail

> account safe,

> > please, follow the instructions.

> >

> > For further details see the attach.

> >

> > In order to read the attach you have to use the following

> password: 74340.

> >

> > Sincerely,

> > The .com team

> http://www.

> >

> >

> >

[Guest guest]

Hi Raine,

 

No, this person is crafting them to specifically target this group

and myself. There were 5 in a short period of time and each was

changed in a manner to try and subvert the system.

 

Fortunately, the guy doesn't really know what he is doing.

 

He shouldn't be in this group anyway, as what is wrong with him no nutrient,

herb, or other he could take is going to help him with his problems. Don't they

have a group like " Sickos Anonymous " or something somewhere that we could refer

him to so that he might " heal himself " ?

 

Frank

 

 

 

, " Raine "

<rainelovesj@s...> wrote:

> This is a worm.

> Bagle.J Virus

> Posted 03/02/2004 (Updated 03/03/2004)

> A new variant of the Bagle worm, Bagle.J, is propagating over the

Internet. The version claims to be from University email or network

administrators and directs you to open or execute an attachment.

These messages are not legitimate and should be deleted immediately.

>

> If you receive an email with an unexpected attachment, do not open

the attachment. Additionally, receiving bounce messages implying that

you have sent out copies of the virus does not mean you are infected!

If you are receiving " bounced " messages, please disregard them. Mass

mailing viruses like Bagle send themselves using random email

addresses they find on the machines they infect; correspondingly

those random addresses are the ones who receive the bounce messages.

>

> What It Looks Like

> There are several variations of the virus; below we've listed the

subject lines we've seen as well as an example copy of the message

body. While we've seen many small variations in the message body, it

will consistently (1) claim to be the Uchicago.edu " team "

or " administrators, " (2) make reference to a problem in your account,

and (3) will ask you to open or execute an attachment.

>

> Common Subject Lines

> The following are the most common subject lines associated with

this virus.

>

> E-mail account disabling warning.

> Email account utilization warning.

> E-mail account security warning.

> Important notify about your e-mail account.

> Notify about your e-mail account utilization.

> Notify about using the e-mail account.

> Warning about your e-mail account.

> Example Message Text

> The following is an example message body for this virus. There are

several variations, however they will all claim to be from

uchicago.edu and ask you to open an attachment.

>

> Dear user, the management of Uchicago.edu mailing system wants

to let you know that,

>

> Our main mailing server will be temporary unavaible for next two

days,

> to continue receiving mail in these days you have to configure

our free

> auto-forwarding service.

>

> Please, read the attach for further details.

>

> Cheers,

> The Uchicago.edu team

http://www.uchicago.edu

> Who Is Affected

> The Bagle.J worm affects Microsoft Windows 95, 98, ME, NT, 2000,

XP, and 2003; Macintosh and Unix/Linux machines are not vulnerable.

Additionally, you are only affected if you received a copy of the

message and ran the attachment; the exception to this rule is the

Outlook and Outlook Express email clients which may automatically run

attachments on preview.

>

>

> More Information

> For additional information, please visit McAfee's Bagle.J alert.

>

> McAfee W32/Bagle.J@MM Alert

>

> ¸..· ´¨¨)) -:¦:-

> ¸.·´ .·´¨¨))

> ((¸¸.·´ ..·´ -:¦:- Raine

> -:¦:- ((¸¸.·´*

>

>

>

>

>