Gesenix Mining
  2110 active members
  245 are online

Year

19

Day

298

Time

18:16:00

Guest
Login
snewsgnewsmessagegeneralfactioninventorycombatroom
Message CentreRPG CentreQuestion Centre
Archives » possible email virus from swcombine.com
Just thought I would let you know that I just recieved an email supposedly from veynom@swcombine.com with an attachment.

The attachment was called our_secret.zip I deleted the file rather then scan, so can't tell you which virus it was.

Here is the property information which may or may not help you.

Return-Path:
Received: by cpms01.int.iprimus.net.au (7.0.036)
id 425D734A01910936 for adam7one@iprimus.com.au; Tue, 3 May 2005 17:25:49 +1000
Received: from oxfpjo.com (4.244.27.124) by mx01.iprimus.com.au (7.0.040)
id 4264052800B91E42 for adam7one@iprimus.com.au; Tue, 3 May 2005 17:25:50 +1000
From: Veynom@swcombine.com
To: qmail@iprimus.com.au
Date: Tue, 03 May 2005 06:31:52 UTC
Subject: Re:
Importance: Normal
X-Priority: 3 (Normal)
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="f00dbb5df08.f6e14ea4c55"
Content-Transfer-Encoding: 7bit
This is a multi-part message in MIME format.


____________

Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, beer in one hand - kebab in the other, body thoroughly used up, totally worn out and screaming "WOO HO
As you can see in the header information this mail never was sent from SWC servers.

This is instead a classic case of spoofing.
Someone with the mail veynom@swcombine.com and your mail in their adress book has been infected and the virus spreads itself by fake mails.
If you look at the tags you see it was in fact sent from an australian user.

The best way to protect yourself is get a good anitvirus and always check headers for sender server before opening attackements.

--Redbat@work


Edited By: Redbat on Year 6 Day 154 8:26
Ranofer Zedlav

You've got to be kidding me....silly people trying to pretend they're Veynom.........


Dverol Nact

I kinda got one, called 'postmaster@swcombine.com'

I also got one from 'admin@swc-akheton.com' which is funny, cus I haven't set up that email, and one from another SW sim.

This someone you pissed off Vey?


Darek Xearz

I'm guessing a SWC player has become infected. I received several directed at the personal I account I use for all SWC matters and directed at my galactic market email.


Terrin Nastil

I recently received several e-mails claiming to be from reliable sources with attachments, to the e-mail address I have set for my darkness account also. So it seems that some one might possibly have access to the e-mail account listings.


I normally dont check my email...unless i need to so :) im safe


____________

\"Photobucket\"
Ben Camden

It's not likely someone who did something...

Most likely is a bot scanning, and findong either some e-mails, or some usernames that it can attach to a domain...


____________

gold1.gifRGC-3.pnggold2.gif
Senior Governor Ben Camden
Regional Government
Andy Skyfighter

I've got 6 mails like that from several addresses, only address of them that had something to do with the combine was centrepoint's.


Dverol Nact

got a couple more, this is the message I got:

This is an automatically generated E-Mail Delivery Status Notification.

Mail-Header, Mail-Body and Error Description are attached



*** Server-AntiVirus: No Virus (Clean)
*** "SWC-AKHETON" Anti-Virus
*** http://www.swc-akheton.com

We don't actually have a Server-AntiVirus installed... well, none that I know of, and if it was it'd be Quasar Networks not SWC-Akheton :|

I also noticed that they sent the email to 'Recipient@swc-akheton.com', which means I'm getting it as the default mail account for broken emails with the swc-akheton domain.

I think the virus in the message was W32.Sober.O@mm, checked it on Symantec, and it came up with this:

http://sarc.com/avcenter/venc/data/w32.sober.o@mm.html

and by looking at where it gets the emails from, it might just be one member of the combine infected, with some of the pages in the cache... that's why we're being targeted.

*shrugs* dunno what we can do about it though.



Karellen

I got one similar to Dverol's, but since it went to my yahoo account, it had "Yahoo" Anti-Virus and then www.yahoo.com.

I don't have to worry anyway; *pats his Mac*


Kell Archis

Oh, then go see what Hacktool.Underhand is all about Karellen :)


____________

kell-sig-new.jpg
Saul Blackgate

Hey guys, i got one to, supposedly from 'admin@swc-akheton.com' with an attachment named ''our_secret.zip'' i also got one from another address but i deleted it, i remember reading, ''ok, heres the user account info''?? with an attachment saying account.zip i scanned it, and it was something like ''wormblaster6785''???? so i deleted that too, they both also said ''virus free'' in the text.


Edited By: Saul Blackgate on Year 6 Day 158 4:18
____________

Saul Blackgate, Bounty Hunter