I got this in my inbox today:
Ladies and Gentlemen,
Downloading of Movies, MP3s and Software is illegal and punishable by law.

We hereby inform you that your computer was scanned under the IP 61.63.179.199 . The contents of your computer were confiscated as an evidence, and you will be indicated. In the next days, you'll get the charge in writing. In the Reference code: #38672, are all files, that we found on your computer.

The sender address of this mail was masked, to protect us against mail bombs.


- You get more detailed information by the Federal Bureau of Investigation -FBI-
- Department for "Illegal Internet Downloads", Room 7350
- 935 Pennsylvania Avenue
- Washington, DC 20535, USA
- (202) 324-3000

The Sender email was r3dkod@localhost.dot.net (:rolleyes: )
There was also an attatchment (which Outlook blocked) called refcode38672.scr

Also, my IP has never been 61.63.179.199. They have always started with 200.something.something.something


The headers looked like this (my notes in red):

Return-Path: <r3dkod@localhost.dot.net>
Delivered-To: herron-f-sean@herron-family.com
(not me real e-mail. Anyways, the Herron-Family,com E-mail Server isn't even on my PC, it's on a shared server some 200 miles away)
Received: (qmail 55952 invoked from network); 24 Dec 2003 11:15:00 -0000
Received: from unknown (HELO SERVER.net)(that looks suspicious) (80.146.99.161)
by 0 with SMTP; 24 Dec 2003 11:15:00 -0000
From: r3dkod@localhost.dot.net
To: sean@herron-family.com
Subject: You use illegal File Sharing ...
X-MailScanner: Scanned
Importance: Normal
X-Mailer: XSMTP
Message-ID: <62346763610839.81693qmailV02.48@localhost.dot.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=SERVER_e4b624460152fbc3679"
This is a multi-part message in MIME format.




It looks spoofed to me. Does anyone think the attatchment is a virus? I couldn't identify it, but I dunno. If it was from the FBI, anyway, wouldn't they need a warrent or something to hack past 3 firewalls into my computer and take a look? And how would they know to use an email address who's server is not even remotly connected to that computer (and send it to a bogus email, and have my catchall get it?). And why would they spoof the email address?

Spam and/or virus. .scr is technically a screensaver, but that means it's an executable extension. Delete and ignore.

It's a virus. Delete, DO NOT OPEN THE ATTACHMENT.

Email Deleted, and Virus check run!

That was the Sober.C (http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.c@mm.html) virus.

-Jeff

Got it too.

Decided to UnPlug my 'Net, and run the file for fun.

Man, the code in this thing is nice. But, there is a bad memory leak.

Virus writers, they don't come good these days. :)

(Fun before a Windows Re-Install) :)

Got another one today, same virus, from the same IP, only this time in a letter from Pokemon or something


PS: MM
You live life on the edge, dude! :fez:

Between that and those darned Ebay and Paypal spoof emails...I dunno...

Good thing my junk email filter is working so well...dont even see 'em now...heh heh.

-Demigod

Originally posted by MonorailMan
Got it too.

Decided to UnPlug my 'Net, and run the file for fun.

Man, the code in this thing is nice. But, there is a bad memory leak.

Virus writers, they don't come good these days. :)

(Fun before a Windows Re-Install) :)

Must be nice to have a "cleanroom" machine to let viruses run loose on and analyze them for fun... :geek: And who said the skript kiddies have to write them well? Most of them are assembled from bits and pieces. If they were written by experts, they wouldn't be easy to stop.

I just had to go buy a new desktop box (Gloat: HP pavilion a375c package at Costco - P4HT-3 Ghz, 512MB/160GB, DVD+RW/CD-RW and DVD-ROM drives, NVidia GeForce FX5200, media card reader, 19" LCD monitor)...

Unfortunately, it was because both the 1 1/2 year old laptop (HP P3M 1.3 Ghz) and the 4 year old Desktop (Compaq Athlon 1.1 Ghz) died, and both need to be fixed - the desktop so I can build a Linux boxen to learn on (and play with), or use the old P2-266 Mhz...

(Or the "Don't Divide, Pentium-90 Inside", or the 486DX-33, or the loaded IBM PC-XT, or a loaded TI 99/4A... We have the makings of a nice antique computer museum here...)

Had to do it now - tax time will be here way too soon :eek: and I'm nowhere near done Quicken-ing everything, let alone ready for Turbo-Taxing...

:fez: --<< Bruce >>--

Hmm. On my machines, most viruses and Trojans just sit there and gibber. Must have something to do with the lack of Windoze, and the lack of any other Microsloth (actually, I prefer another euphemism, one involving a Yiddish term for the male anatomy) products less than 15 years old.

Advantage: Macintosh and Linux.

Originally posted by Bruce Bergman
Must be nice to have a "cleanroom" machine to let viruses run loose on and analyze them for fun... :geek:

Another way to do that is to run VMWare (http://www.vmware.com) .. Can turn off networking in the instance, and it uses virtual disks, so no damage.

Then you can just 'rollback' the image to previrus, and it's exactly the same.

Nice for running mulitple OS's, too.

Originally posted by hbquikcomjamesl
Hmm. On my machines, most viruses and Trojans just sit there and gibber. Must have something to do with the lack of Windoze, and the lack of any other Microsloth (actually, I prefer another euphemism, one involving a Yiddish term for the male anatomy) products less than 15 years old.

Advantage: Macintosh and Linux.

Who said I don't use Linux or Mac? I love my old iMac (even though its like a PowerPC 322 MHz...), and I love my Linux box. I just use Windows for many things too ;)