homepage Welcome to WebmasterWorld Guest from 54.243.12.156
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Is this one of you guys? - spotting spam/virus mail
Nick_W




msg:279957
 5:32 pm on Oct 15, 2002 (gmt 0)

Think I'm being spammed but it is from a web design compay.

Msg reads:

Hey Nick, just got a blank email from you buddy, what's up?

_-------

Any thoughts...?

Nick

 

engine




msg:279958
 5:49 pm on Oct 15, 2002 (gmt 0)

Nick, it's not one of those Bugbear virus messages, is it? It takes all kinds of stuff off the hard drive and rearranges it into a well known word or phrase.

Nick_W




msg:279959
 5:54 pm on Oct 15, 2002 (gmt 0)

Well, it's multi-part which makes me suspicious to start with. Here's the interesting portion:


------=_NextPart_000_0002_01C27437.50879000
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

eJ8+IiwRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCgAPAAoAKAAAAAIAJgEB
A5AGAHAGAAAnAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA
A.... and so on....

I'm on Linux so it doesn't worry me, in fact I don't even know what bugbear is but I dislike this kind of thing...

Nick

Mark_A




msg:279960
 5:55 pm on Oct 15, 2002 (gmt 0)

Well I can report that I am getting increased spam from web design companies too.

Some is definately not bugbear - Thought about response telling them how stupid they are but the bin wastes less of my time :-)

Better not have anything to do with the various containers I popped my card into at the pubcon... no one could be that stupid could they?

engine




msg:279961
 5:56 pm on Oct 15, 2002 (gmt 0)

Nick, check out the bugbear news story here. [news.bbc.co.uk]

My antivirus systems zap everything before I get the chance to see it. A good thing really.

[edited by: engine at 5:58 pm (utc) on Oct. 15, 2002]

cornwall




msg:279962
 5:57 pm on Oct 15, 2002 (gmt 0)

Try feeding "winmail.dat" into Google

The Horses Mouth, so to speak comes up with

This article describes how either an Exchange Server administrator or end users can prevent the Winmail.dat attachment from being sent to Internet users when using the Microsoft Exchange Internet Mail Connector (IMC).

When an end user sends mail to the Internet from an Exchange Windows or Outlook client, a file attachment called Winmail.dat may be automatically added to the end of the message if the recipient's client cannot receive messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange Server RTF information for the message, and may appear to the recipient as a binary file. It is not useful to non-Exchange Server recipients.


Mark_A




msg:279963
 6:01 pm on Oct 15, 2002 (gmt 0)

Nick_W I think the inclusion of winmail.dat means someone on MS is trying to send a richtext email.

Check google for winmail.dat

engine




msg:279964
 6:16 pm on Oct 15, 2002 (gmt 0)

I reckon this originates from a bugbear message. The fact that it comes from a MS client suggests this to me.

Stick with me on this, someone with the virus has Nick_W's e-mail address and possibly the other guy. Bugbear takes all this info and throws it together into a partly credible message addressed from Nick_W. It could also send nonsense, too. Neither you nor the other party would neccessarily have the bugbear virus on your system, only the originator may have it. It's very difficult to track the originator down.

korkus2000




msg:279965
 6:45 pm on Oct 15, 2002 (gmt 0)

I agree with engine.

eJ8+IiwRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCgAPAAoAKAAAAAIAJgEB
A5AGAHAGAAAnAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA

That looks like an asci representation of an executable. All viruses I get have that hog wash at the end like the email parsed the attachment like text.

Nick_W




msg:279966
 6:49 pm on Oct 15, 2002 (gmt 0)

Yep, figures.

I'm using Mutt (hardcore text based client) and I've had plenty of this kind before. just not in this 'so clickable' format.

Thanks everyone..

Nick

Trisha




msg:279967
 8:51 pm on Oct 17, 2002 (gmt 0)

I've been getting more spam from web design companies also, but I didn't go to pubcon, I doubt that is where it's from.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved