I received three messages in my home e-mail account containing unusual files. The messages were writen in English, so it's not from one of my close contacts and it probably came from people on one of the forum I'm member of (although I generally don't advertise that specific address in my profile). I didn't activated these files (one is a .bat, the others are .pif and .sr) since I don't know who sent them to me and what damage they might do.

All three messages were in the style : "I hope you'll like this tool." Since my test system is down for now, I don't plan to take the chance of double clicking on any of them (and since I don't open my mail with Outlook, I don't think I risk anything from Outlook-specific macro nuisance).

If any of you wants to send me anything, please clearly identify yourself and explain in detail the utility/file/whatever you send me. Otherwise, it will go down the drain and you'll have wasted your time.

Thanks

Not from me Coug (at least I hope not). It didn't come from hlmcompany.com, did it?

Nope. I got this the other day though.



Return-Path&#58; <reply@seekercenter.net>
Delivered-To&#58; twilson@netconnect.com.au
Received&#58; &#40;qmail 2876 invoked by uid 1087&#41;; 8 May 2002 10&#58;57&#58;55 -0000
Delivered-To&#58; twilson-tea@redhill.net.au
Received&#58; &#40;qmail 2872 invoked by uid 620&#41;; 8 May 2002 10&#58;57&#58;55 -0000
Received&#58; from reply@seekercenter.net by ren.netconnect.com.au with qmail-scanner-0.94 &#40;uvscan&#58; v4.1.40/v4201. . Clean. Processed in 1.071633 secs&#41;; 08/05/2002 20&#58;57&#58;54
Received&#58; from unknown &#40;HELO tiantang163&#41; &#40;211.101.236.162&#41;
by 0 with SMTP; 8 May 2002 10&#58;57&#58;54 -0000
From&#58; "Vanessa Lintner" <reply@seekercenter.net>
Subject&#58; I have visited WWW.STORAGEFORUM.NET and noticed that ...
To&#58; tea@redhill.net.au
Content-Type&#58; text/html;
Sender&#58; Vanessa Lintner <reply@seekercenter.net>
Reply-To&#58; "Vanessa Lintner" <vanessa@seekercenter.net>
Date&#58; Wed, 8 May 2002 19&#58;00&#58;53 +0800
X-Priority&#58; 3
X-Library&#58; Business Promotion

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
.stbtm &#123;
BACKGROUND-COLOR&#58;#cecbde; BORDER-BOTTOM&#58; #665b8e 1px solid; BORDER-LEFT&#58; #ffffff 1px solid; BORDER-RIGHT&#58; #665b8e 1px solid; BORDER-TOP&#58; #ffffff 1px solid; COLOR&#58; #000000; FONT-SIZE&#58; 12pt; HEIGHT&#58; 26px; WIDTH&#58; 120px; clip&#58; rect&#40; &#41;&#125;
.stedit &#123;
background-color&#58;#484C68; white-space&#58; nowrap; border&#58; #000000; BORDER-BOTTOM&#58; #ffffff 1px solid; BORDER-LEFT&#58; #ffffff 1px solid; BORDER-RIGHT&#58; #ffffff 1px solid; BORDER-TOP&#58; #ffffff 1px solid; FONT-SIZE&#58; 10pt; color&#58; #CCCCCC; font-weight&#58; bold&#125;

</style>
</head>
<BODY leftMargin=0 onload="" topMargin=0 marginheight="0" marginwidth="0" bgcolor="#FFFFFF">

<table width="778" border="0" cellspacing="0" cellpadding="0">
<tr>

<td height="233" width="21"></td>

<td height="233" colspan="3" width="757">
<table width="621" border="0" cellspacing="0" cellpadding="0" align="left">
<tr>

<td width="373" height="64">
<table width="373" border="0" cellspacing="0" cellpadding="0" background="http&#58;//image.seekercenter.net/letter_bg.jpg" height="327">
<tr>

<td>


<font face=Arial size=2>
</font> <font face=Arial size=2><font face="Verdana, Arial, Helvetica, sans-serif" color="#000000">Hello,



I have visited www.storageforum.net ('http&#58;//www.storageforum.net') and noticed that your website is not listed on some search engines.
I am sure that through our service the number of people who visit your website will definitely increase. SeekerCenter (http&#58;//www.seekercenter.net/index.php)
is a unique technology that instantly submits your website
to over 500,000 search engines and directories
-- a really low-cost and effective way to advertise your site.
For more details please go to SeekerCenter.net (http&#58;//www.seekercenter.net/index.php).



Give your website maximum exposure today!

Looking forward to hearing from you.



<table border=0 width=100%><TR><TD width=50%>
<font face="Verdana, Arial, Helvetica, sans-serif" size=2 color="#000000">Best
Regards,

Vanessa Lintner

Sales &amp; Marketing

www.SeekerCenter.net (http&#58;//www.seekercenter.net/index.php)</font></font></font>
<TD><td width=50%>
<div align="center" valign=middle>
<form target=_blank action=http&#58;//www.seekercenter.net method=POST>
<input type="submit" name="Submit" value="Signup Now!!!" class="stbtm">
</form>
</div>
</TD>
</TR>
</table>
</td>
</tr>
</table>
</td>

<td width="242" height="64" valign="bottom">
<table width="257" border="0" cellspacing="0" cellpadding="0">

<tr>
<td colspan="3" height="2"></td>
</tr>
<tr>
<td colspan="3" height="3">



http&#58;//image.seekercenter.net/letter_top01.jpg</p>
</td>
</tr>
<tr>
<td colspan="3">http&#58;//image.seekercenter.net/letter_right01.jpg<A target=_blank Href ="http&#58;//www.storageforum.net"><IMG Src =http&#58;//image2.seekercenter.net/image162a/1/88/img422.jpg Border=0 width="256" height="184"></A>http&#58;//image.seekercenter.net/letter_left01.jpg</td>
</tr>

<tr>
<td colspan="3" height="80" background="http&#58;//image.seekercenter.net/letter_bottom01.jpg">
<table width="326" border="0" cellspacing="0" cellpadding="0" height="80">
<tr>
<td width="36" height="43"></td>
<td width="157" height="43"></td>
<td width="134" height="43"></td>
</tr>
<tr>
<td width="36" height="2"></td>
<td width="157" height="2"></td>
<td width="134" height="2"></td>
</tr>
</table>

</td>
</tr>
<tr> </tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>

Not me Coug. Just delete them.

So did you contact Vanessa Litner (Lintner) from Sales and Marketing?

If it's not from you three guys (no Buck, it wasn't from the address you gave), then I don't think it's from anyone here as you are the only ones who know this address, along with Doug, Tim Zak and perhaps Andrew (not sure).

No clue who it was. Thanks for replying.

Post the full headers, Coug.

Tea, I got the same exact message the other day, I thought it was some type of spam so it went in the trash.

I've setup the e-mail on this forum so that it is web based and other sites can't consume all of your addresses. Unless they have found a way, any mail that comes from clicking on the mail button will look like it was from me (webmaster I believe), or storageforum.net. It will also clearly indicate that it is from SF and also who the person was that sent it.

Coug, I did not send you any mail either, and I did not give out the address. In fact, I don't even recall your e-mail address, maybe I've sent you message through PM and through xoops.

Nor I.

If .sr is instead .scr, this is a known method of trojan attack. Screensavers are not considered tools. :)

The other two go without saying.

That looks like a variant on the Nimbda virus that went around last year.

I don't have the full header. The first message comes from drcItaahwnns@omi.o, the second is from winlnist@hotmail.com and the last one is from ...hey wait a second, it's from a place in Québec. The file in the last message is called Et.scr. I know the provider so I can probably retrace the person who sent it. If it's a virus, a crowbar and a hood together aren't very expensive :twistd:

Is it possible to contact Hotmail so that they close an account if it's proven that the user used it in shaddy ways? I guess that yes.