New Worm? Or horrible spam?

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.
LifesBane(4Corners)

LifesBane(4Corners)

Active Member
Sep 27, 1999
3,142
0
36
come.to
On my alternate email account, I keep getting what could be spam, but I'm not sure. The common theme seems to be disguising the sender as a "Mailer-Daemon" reply from a failed-to-send email, or similar internal one's like "Mail Delivery Subsystem".

I've had 3 so far today, but I've not sent an email off the account in like a week. One of them was only like 3k, but the other two were both 100-105k :con: (I'm not going to try to open it and find out what's really inside... Outlook Express seems to like to autodownload pictures and stuff and doesn't tell me whether there is an attachment til I open the email :p)

I checked Cert's site, but sobig doesn't seem to be using the subject lines these have... but maybe it's something else? Anyone else experiencing anything similar?
 
D

Da_Blade

Da sharpest man around!
Jan 29, 2002
210
0
0
The Netherlands
www.dablade.nl
It's sobig. The failure notifications are e-mails sent by the virus (not a worm but a virus) with your e-mail as a sender to a non-existant e-mail adress. So they get returned to you. Furthermore, something i didn't see documented anywhere is that when sending to hotmail accounts it sends under the name ".net Messenger staff" or something like it, posing the .pif as a security update....

Just don't open them, i've got a wizard rule to move them to trash box and mark them read. Don't forget anyone sharing your PC to notify them too, you never know.
 
LifesBane(4Corners)

LifesBane(4Corners)

Active Member
Sep 27, 1999
3,142
0
36
come.to
sent by the virus (not a worm but a virus) with your e-mail as a sender to a non-existant e-mail adress
Click to expand...

As in I have the virus?

Also, that thing with hotmail isn't always true, I am using Hotmail myself and actually have yet to see that particular message.
 
Nightmare

Nightmare

Only human
Sep 23, 2001
446
0
0
50
Finland
Visit site
As in the virus falsifies the sender field with addys it's picked up from all over, and the mail gets returned if it bounces. So if it used your addy the mail bounces back to you.
 
D

Da_Blade

Da sharpest man around!
Jan 29, 2002
210
0
0
The Netherlands
www.dablade.nl
The mails i've been receiving have all been sent from mailer-deamon REREDRUM (murderer). Oh and euh.... if any of you this mask & IP: h0020780e6ea3.ne.client2.attbi.com [24.218.80.41].

RUN A FOOKIN VIRUS SCANNER! :)
 
You must log in or register to reply here.
Top Bottom