WARNING - DONOT Open it

Pages: 1

WARNING - DONOT Open it
(Click here to view the original thread with full colors/images)

Posted by: admin

Someone is sending out SPAM using a fake address staff@ hphyips.com

It is NOT from HpHYIPs. If you rec. it DELETE the e-mail and DONT open the attached file it probably contains a virus or trojan

The attached file is called TextFile.zip (12KB)

Quote:

Dear user of Hphyips.com,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Further details can be obtained from attached file.

For security reasons attached file is password protected. The password is "60178".

Have a good day,
The Hphyips.com team http://www .hphyips. com

Posted by: Linda D

I too received the same email but from my mail server (or so I thought).
***********
Return-Path: <vixne@parks.lv>
Received: from your-o0kwkw9jwc ([192.168.1.3]) by mta008.verizon.net
(InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
id <20040303025814.IBTK1485.mta008.verizon.net@your -o0kwkw9jwc>
for <dayleyls@gte.net>; Tue, 2 Mar 2004 20:58:14 -0600
Received: from your-o0kwkw9jwc (24.45.107.105) by sc012pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <4-982-98-982-192114-2-1078282689> for mta008.verizon.net; Tue, 2 Mar 2004 20:58:15 -0600
Date: Tue, 02 Mar 2004 21:58:23 -0500
To: dayleyls@gte.net
Subject: Notify about using the e-mail account.
From: administration@gte.net
Message-ID: <vykmfjwfylpltkxnviv@gte.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------mepudqjlvlpndeewtsqf"

----------mepudqjlvlpndeewtsqf
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Dear user, the management of Gte.net mailing system wants to let you know that,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For details see the attached file.

In order to read the attach you have to use the following password: 17447.

Have a good day,
The Gte.net team http://www.gte.net
**********
I also received the following:

Return-Path: <boardsetup@viraladboard.com>
Received: from u3q5m7 ([192.168.1.4]) by mta020.verizon.net
(InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
id <20040303023647.EZRC1454.mta020.verizon.net@u3q5m7 >
for <dayleyls@gte.net>; Tue, 2 Mar 2004 20:36:47 -0600
Received: from u3q5m7 (65.2.100.86) by sc013pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with SMTP id <4-5780-98-5780-159735-1-1078281406> for mta020.verizon.net; Tue, 2 Mar 2004 20:36:47 -0600
Date: Wed, 03 Mar 2004 21:37:55 -0500
To: dayleyls@gte.net
Subject: E-mail account security warning.
From: staff@gte.net
Message-ID: <prvkbatdvkqsvkhdgqv@gte.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------awxopdsqbdyfdorcvghu"

----------awxopdsqbdyfdorcvghu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Dear user of "Gte.net" mailing system,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

Pay attention on attached file.

For security purposes the attached file is password protected. Password is "14615".

Cheers,
The Gte.net team http://www.gte.net
**********
Thanks Phil, for posting yours. Because I do use gte.net, I did think it was authentic. But since I have my mail set to never open attachments, I would have called them first to verify the above information.

I included the headers on the emails I received because, I'm not a 'techie', lol, so if anyone can use the info to see how these are being sent, go for it.

Linda D

Posted by: jeminc

The attached file contains the "Bagle X" virus.

I also got one of these - supposedly from my isp re their mail server being down over the next few days. It also had a password to use on the attachment. I never opened the attachment but I did forward the email to my isp - I thought this was someone targeting their customers. I guess the message varies as does the "source" which I believe is spoofed.

:evil:

Posted by: betrdanevr

And somebody is faking the same message supposedly from Yahoo, too! :evil: