Welcome to WebmasterWorld Guest from 50.19.190.144

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Is this one of you guys? - spotting spam/virus mail

     
5:32 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member nick_w is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 4, 2002
posts:5044
votes: 0


Think I'm being spammed but it is from a web design compay.

Msg reads:

Hey Nick, just got a blank email from you buddy, what's up?

_-------

Any thoughts...?

Nick

5:49 pm on Oct 15, 2002 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22282
votes: 236


Nick, it's not one of those Bugbear virus messages, is it? It takes all kinds of stuff off the hard drive and rearranges it into a well known word or phrase.
5:54 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member nick_w is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 4, 2002
posts:5044
votes: 0


Well, it's multi-part which makes me suspicious to start with. Here's the interesting portion:


------=_NextPart_000_0002_01C27437.50879000
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

eJ8+IiwRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCgAPAAoAKAAAAAIAJgEB
A5AGAHAGAAAnAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA
A.... and so on....

I'm on Linux so it doesn't worry me, in fact I don't even know what bugbear is but I dislike this kind of thing...

Nick

5:55 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 15, 2001
posts:1436
votes: 0


Well I can report that I am getting increased spam from web design companies too.

Some is definately not bugbear - Thought about response telling them how stupid they are but the bin wastes less of my time :-)

Better not have anything to do with the various containers I popped my card into at the pubcon... no one could be that stupid could they?

5:56 pm on Oct 15, 2002 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22282
votes: 236


Nick, check out the bugbear news story here. [news.bbc.co.uk]

My antivirus systems zap everything before I get the chance to see it. A good thing really.

[edited by: engine at 5:58 pm (utc) on Oct. 15, 2002]

5:57 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 5, 2002
posts:1713
votes: 0


Try feeding "winmail.dat" into Google

The Horses Mouth, so to speak comes up with

This article describes how either an Exchange Server administrator or end users can prevent the Winmail.dat attachment from being sent to Internet users when using the Microsoft Exchange Internet Mail Connector (IMC).

When an end user sends mail to the Internet from an Exchange Windows or Outlook client, a file attachment called Winmail.dat may be automatically added to the end of the message if the recipient's client cannot receive messages in Rich Text Format (RTF). The Winmail.dat file contains Exchange Server RTF information for the message, and may appear to the recipient as a binary file. It is not useful to non-Exchange Server recipients.

6:01 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 15, 2001
posts:1436
votes: 0


Nick_W I think the inclusion of winmail.dat means someone on MS is trying to send a richtext email.

Check google for winmail.dat

6:16 pm on Oct 15, 2002 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22282
votes: 236


I reckon this originates from a bugbear message. The fact that it comes from a MS client suggests this to me.

Stick with me on this, someone with the virus has Nick_W's e-mail address and possibly the other guy. Bugbear takes all this info and throws it together into a partly credible message addressed from Nick_W. It could also send nonsense, too. Neither you nor the other party would neccessarily have the bugbear virus on your system, only the originator may have it. It's very difficult to track the originator down.

6:45 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member korkus2000 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 20, 2002
posts:3732
votes: 0


I agree with engine.

eJ8+IiwRAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANIHCgAPAAoAKAAAAAIAJgEB
A5AGAHAGAAAnAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAADAC4AAAAAAAMANgAA

That looks like an asci representation of an executable. All viruses I get have that hog wash at the end like the email parsed the attachment like text.

6:49 pm on Oct 15, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member nick_w is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 4, 2002
posts:5044
votes: 0


Yep, figures.

I'm using Mutt (hardcore text based client) and I've had plenty of this kind before. just not in this 'so clickable' format.

Thanks everyone..

Nick

8:51 pm on Oct 17, 2002 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 12, 2002
posts:565
votes: 0


I've been getting more spam from web design companies also, but I didn't go to pubcon, I doubt that is where it's from.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members