[NTLUG:Discuss] Reporting viruses

Greg Edwards greg at nas-inet.com
Wed Sep 10 16:27:39 CDT 2003 

Thomas Cameron wrote:
> Unless you have a smoking gun and suffer a pecuniary loss well into the 10's
> or even 100's of thousands of dollars, don't bother with the FBI.  They do
> not have the manpower to chase down little things like this, and trying to
> get them to do so will only make you frustrated.

I'm not considering the FBI.  This is probably a virus in somebodies 
system.  I doubt the originator would have included the company name, 
phone number, and fax while telling me that they just infected my system 
with a virus.  The header tells me that this did not originate with the 
 From sender.

Here's the message, I've removed all of the crap and multi part header 
directives that were embedded in it.


=======================================================================

 From abuseebzsa at evocash.com  Tue Sep  9 23:44:58 2003
Return-Path: <abuseebzsa at evocash.com>
Received: from 24.153.250.20 (rrcs-sw-24-153-250-20.biz.rr.com 
[24.153.250.20])
         by mrytle.nas-inet.com (8.12.6/8.12.6) with SMTP id h8A4ispA026351
         for <webmaster at nas-inet.com>; Tue, 9 Sep 2003 23:44:57 -0500
To: <webmaster at nas-inet.com>
From: "Amos" <abuseebzsa at evocash.com>
Subject: Ver Important
X-Priority: 1
Reply-To: abuseebzsa at evocash.com
Message-Id: <dBQu.0 at 7dYn>
Date: Wed, 10 Sep 2003 13:44:33 -0600
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-MSMail-Priority: High
Mime-Version: 1.0
Status: RO
X-Status:
X-Keywords:
X-UID: 299

If you were dumb enough to open this email then you will find a WORM has 
executed itself through your mailbox and by the time you read this into 
your hard-drive. This is PAYBACK for the Virus you disguised in the 
email you sent to us recently which destroyed our hard-drive and back-up 
system. This costs us thousands of dollars and we lost a lot of 
irreplaceable files on our system.

Now it's your turn to have your computer infected. This WORM it is 
undetectable by AntiVirus software and it will drive your computer crazy 
because it's always hiding and causing havoc in your system. Using your 
computer recovery disks will not remove the problem cause it still stays 
on your computers Motherboard. This will proabably cost you a new 
computer and I sincerely hope this teaches you a lesson not to send 
people nasty viruses again.

Evocash Administration Inc.
Phone: +1 767 4499922
Fax:   +1 767 4499922

       Start  Auto Execute  WORM
       Start  Auto Execute  WORM
       Start  Auto Execute  WORM
       Start  Auto Execute  WORM
       Start  Auto Execute  WORM




hxxp://%6e%62%6d%64%71%7a%79@%6d%65%6d%62%72%65%73.%6c%79%63%6f%73.%66%72/%6c%75%74%69%6e%65%74%74%65/%65%6e%63%79%63%6c%6f/%73%65%72%70%65%6e%74.%67%69%66
hxxp://%6e%62%6d%64%71%7a%79@%6d%65%6d%62%72%65%73.%6c%79%63%6f%73.%66%72/%6c%75%74%69%6e%65%74%74%65/%65%6e%63%79%63%6c%6f/%73%65%72%70%65%6e%74.%67%69%66
hxxp://%6e%62%6d%64%71%7a%79@%6d%65%6d%62%72%65%73.%6c%79%63%6f%73.%66%72/%6c%75%74%69%6e%65%74%74%65/%65%6e%63%79%63%6c%6f/%73%65%72%70%65%6e%74.%67%69%66
hxxp://%6e%62%6d%64%71%7a%79@%6d%65%6d%62%72%65%73.%6c%79%63%6f%73.%66%72/%6c%75%74%69%6e%65%74%74%65/%65%6e%63%79%63%6c%6f/%73%65%72%70%65%6e%74.%67%69%66
hxxp://%6e%62%6d%64%71%7a%79@%6d%65%6d%62%72%65%73.%6c%79%63%6f%73.%66%72/%6c%75%74%69%6e%65%74%74%65/%65%6e%63%79%63%6c%6f/%73%65%72%70%65%6e%74.%67%69%66
hxxp://%6e%62%6d%64%71%7a%79@%6d%65%6d%62%72%65%73.%6c%79%63%6f%73.%66%72/%6c%75%74%69%6e%65%74%74%65/%65%6e%63%79%63%6c%6f/%73%65%72%70%65%6e%74.%67%69%66

=====================================================================================================

-- 
Greg Edwards
New Age Software, Inc. - http://www.nas-inet.com
======================================================
Galactic Outlaw        - http://goutlaw.nas-inet.com
   The ultimate cyberspace adventure!

More information about the Discuss mailing list