::Forum - possible email virus from swcombine.com

Year 6 Day 153 3:55	possible email virus from swcombine.com
Zorran Black	Just thought I would let you know that I just recieved an email supposedly from veynom@swcombine.com with an attachment. The attachment was called our_secret.zip I deleted the file rather then scan, so can't tell you which virus it was. Here is the property information which may or may not help you. Return-Path: Received: by cpms01.int.iprimus.net.au (7.0.036) id 425D734A01910936 for adam7one@iprimus.com.au; Tue, 3 May 2005 17:25:49 +1000 Received: from oxfpjo.com (4.244.27.124) by mx01.iprimus.com.au (7.0.040) id 4264052800B91E42 for adam7one@iprimus.com.au; Tue, 3 May 2005 17:25:50 +1000 From: Veynom@swcombine.com To: qmail@iprimus.com.au Date: Tue, 03 May 2005 06:31:52 UTC Subject: Re: Importance: Normal X-Priority: 3 (Normal) Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="f00dbb5df08.f6e14ea4c55" Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. ____________ Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, beer in one hand - kebab in the other, body thoroughly used up, totally worn out and screaming "WOO HO

Year 6 Day 153 7:30	possible email virus from swcombine.com
Guest/Visitor	As you can see in the header information this mail never was sent from SWC servers. This is instead a classic case of spoofing. Someone with the mail veynom@swcombine.com and your mail in their adress book has been infected and the virus spreads itself by fake mails. If you look at the tags you see it was in fact sent from an australian user. The best way to protect yourself is get a good anitvirus and always check headers for sender server before opening attackements. --Redbat@work Edited By: Redbat on Year 6 Day 153 8:26

Year 6 Day 153 8:38	possible email virus from swcombine.com
Ranofer Zedlav	You've got to be kidding me....silly people trying to pretend they're Veynom.........

Year 6 Day 153 9:03	possible email virus from swcombine.com
Dverol Nact	I kinda got one, called 'postmaster@swcombine.com' I also got one from 'admin@swc-akheton.com' which is funny, cus I haven't set up that email, and one from another SW sim. This someone you pissed off Vey?

Year 6 Day 153 9:23	possible email virus from swcombine.com
Darek Xearz	I'm guessing a SWC player has become infected. I received several directed at the personal I account I use for all SWC matters and directed at my galactic market email.

Year 6 Day 153 11:29	possible email virus from swcombine.com
Terrin Nastil	I recently received several e-mails claiming to be from reliable sources with attachments, to the e-mail address I have set for my darkness account also. So it seems that some one might possibly have access to the e-mail account listings.

Year 6 Day 153 12:31	possible email virus from swcombine.com
Svith Condra	I normally dont check my email...unless i need to so :) im safe ____________

Year 6 Day 153 14:14	possible email virus from swcombine.com
Ben Camden	It's not likely someone who did something... Most likely is a bot scanning, and findong either some e-mails, or some usernames that it can attach to a domain... ____________ Governor Ben Camden Imperial Government

Year 6 Day 153 22:53	possible email virus from swcombine.com
Andy Skyfighter	I've got 6 mails like that from several addresses, only address of them that had something to do with the combine was centrepoint's.

Year 6 Day 154 2:24	possible email virus from swcombine.com
Dverol Nact	got a couple more, this is the message I got: This is an automatically generated E-Mail Delivery Status Notification. Mail-Header, Mail-Body and Error Description are attached * Server-AntiVirus: No Virus (Clean) * "SWC-AKHETON" Anti-Virus *** http://www.swc-akheton.com We don't actually have a Server-AntiVirus installed... well, none that I know of, and if it was it'd be Quasar Networks not SWC-Akheton :\| I also noticed that they sent the email to 'Recipient@swc-akheton.com', which means I'm getting it as the default mail account for broken emails with the swc-akheton domain. I think the virus in the message was W32.Sober.O@mm, checked it on Symantec, and it came up with this: http://sarc.com/avcenter/venc/data/w32.sober.o@mm.html and by looking at where it gets the emails from, it might just be one member of the combine infected, with some of the pages in the cache... that's why we're being targeted. shrugs dunno what we can do about it though.

Year 6 Day 154 16:08	possible email virus from swcombine.com
Karellen	I got one similar to Dverol's, but since it went to my yahoo account, it had "Yahoo" Anti-Virus and then www.yahoo.com. I don't have to worry anyway; pats his Mac

Year 6 Day 155 15:07	possible email virus from swcombine.com
Kell Archis	Oh, then go see what Hacktool.Underhand is all about Karellen :) ____________

Year 6 Day 157 4:17	possible email virus from swcombine.com
Saul Blackgate	Hey guys, i got one to, supposedly from 'admin@swc-akheton.com' with an attachment named ''our_secret.zip'' i also got one from another address but i deleted it, i remember reading, ''ok, heres the user account info''?? with an attachment saying account.zip i scanned it, and it was something like ''wormblaster6785''???? so i deleted that too, they both also said ''virus free'' in the text. Edited By: Saul Blackgate on Year 6 Day 157 4:18 ____________ Saul Blackgate, Bounty Hunter

	Year	Day	Time
	14	201	20:05:43

Logged in as
Guest