neophytemedia
03-03-2004, 02:25 PM
Just wanted to share this new approach.
This is the email received today.
" Dear user, the management of Neophytemedia.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please follow the instructions.
For details see the Attach.
In order to read the attach you have to use the following password: 36572
Cheers,
The Neophytemedia.com team "
So here goes my comment:
Nice try, :)
First of all i would like to specify that Neophytemedia.com is in no way associated with the production, distribution of such emails. We're fighting viruses, spamming or aliens that threaten our servers. :) Keep in mind that your own domain is spoofed in the sent email. So the message may come from: staff@yourdomain.com, management@yourdomain.com or any other.
If this email was received by someone who has no experience in email decoding or be skeptical enough to ask a supervisor might fell for it. When we decoded the whole email we found out quite a few interesting things.
The email was sent through SMTP server:
24.88.245.103 (rdu88-245-103.nc.rr.com)
The attachment contains a Trojan horse.
" I-Worm.Netsky.d " or an updated version of it
The worm copies itself to %WinDir% under the name "winlogon.exe".
It adds the following key to the system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \]
"ICQ Net" = "%windir%\winlogon.exe"
the attached file name was: "document.pif"
this worm really seems to be the new Mydoom as it spreads really fast.
Make sure you do not open / save / or download the attachment unless you know what you're doing.
Neophyte Media (The real team)
http://www.neophytemedia.com
This is the email received today.
" Dear user, the management of Neophytemedia.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please follow the instructions.
For details see the Attach.
In order to read the attach you have to use the following password: 36572
Cheers,
The Neophytemedia.com team "
So here goes my comment:
Nice try, :)
First of all i would like to specify that Neophytemedia.com is in no way associated with the production, distribution of such emails. We're fighting viruses, spamming or aliens that threaten our servers. :) Keep in mind that your own domain is spoofed in the sent email. So the message may come from: staff@yourdomain.com, management@yourdomain.com or any other.
If this email was received by someone who has no experience in email decoding or be skeptical enough to ask a supervisor might fell for it. When we decoded the whole email we found out quite a few interesting things.
The email was sent through SMTP server:
24.88.245.103 (rdu88-245-103.nc.rr.com)
The attachment contains a Trojan horse.
" I-Worm.Netsky.d " or an updated version of it
The worm copies itself to %WinDir% under the name "winlogon.exe".
It adds the following key to the system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \]
"ICQ Net" = "%windir%\winlogon.exe"
the attached file name was: "document.pif"
this worm really seems to be the new Mydoom as it spreads really fast.
Make sure you do not open / save / or download the attachment unless you know what you're doing.
Neophyte Media (The real team)
http://www.neophytemedia.com