[68102] in North American Network Operators' Group
Re: Warning - new trend of attempts to infect ISP users (possibly
daemon@ATHENA.MIT.EDU (Larry Rosenman)
Tue Mar 2 22:11:28 2004
Date: Tue, 02 Mar 2004 21:06:41 -0600
From: Larry Rosenman <ler@lerctr.org>
To: "william(at)elan.net" <william@elan.net>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0403021942560.7031-100000@sokol.elan.net>
Errors-To: owner-nanog-outgoing@merit.edu
--==========BCE4ED66CD9C413A9DFA==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<http://vil.nai.com/vil/content/v_101071.htm>
W32/Bagle.[hij]@MM
--On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net"=20
<william@elan.net> wrote:
>
>
> I have just seen emails (several different kinds) pretending to be sent
> from 3 of my isp domains to users of those domains warning users that
> their email account would be disabled and asking to open a .pif
> attachment. I know largest ISPs probably have expierenced this but I
> believe what I have seen today means they are after ISPs (or possibly
> just after any domains with number of email addresses under them) of all
> sizes right at the moment. All emails we received from the same source
> ip - 129.59.206.187 Please check your email base for what looks like the
> following
> (in the examples I changed everything to elan.net, actually every isp
> domain received different example of this, only first one is exact).
>
> Example 1:
> ---
> From: management@elan.net
> To: xxxxx@elan.net
> Subject: Email account utilization warning.
>
> Hello user of Elan.net e-mail server,
>
> Your e-mail account has been temporary disabled because of =
unauthorized
> access.
>
> For further details see the attach.
>
> Best wishes,
> The Elan.net team http://www.elan.net
> ---
>
> Example 2:
> ---
> From: administration@elan.net
> To: xxxx@elan.net
> Subject: Warning about your e-mail account.
>
> Dear user of "Elan.net" mailing system,
>
> Our main mailing server will be temporary unavaible for next two days,
> to continue receiving mail in these days you have to configure our
> free auto-forwarding service.
>
> Further details can be obtained from attached file.
>
> Cheers,
> The Elan.net team http://www.elan.net
> ---
>
> Example3:
> ---
> To: xxxxx@elan.net
> Subject: Warning about your e-mail account.
> From: administration@elan.net
>
> Dear user, the management of Elan.net mailing system wants to let you
> know that,
>
> Some of our clients complained about the spam (negative e-mail content)
> outgoing from your e-mail account. Probably, you have been infected by
> a proxy-relay trojan server. In order to keep your computer safe,
> follow the instructions.
>
> Please, read the attach for further details.
>
> The Management,
> The Elan.net team http://www.elan.net
>
>
--=20
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
--==========BCE4ED66CD9C413A9DFA==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFARUvBrRNGhTxJvdYRAiJEAJ42q4NsaEqrVatw7BwEKtXcvVeSgQCdHhyJ
sHSI1PfoELer0VHknm7/aeg=
=VyKZ
-----END PGP SIGNATURE-----
--==========BCE4ED66CD9C413A9DFA==========--
