Full Disclosure mailing list archives
Fake Email
From: "Tiago Halm" <thalm () netcabo pt>
Date: Fri, 27 Feb 2004 20:58:07 -0000
Hi,
Just received an email from "me () microsoft com ve" with an attachment
"remove-lsass_tool.exe"
Headers:
----------------------------------------------------------------------
Received: from smtp.netcabo.pt ([192.168.16.2]) by VS2.hdi.tvcabo with
Microsoft SMTPSVC(5.0.2195.6713);
Thu, 26 Feb 2004 15:37:49 +0000
Received: from OEMCOMPUTER.ve ([80.104.215.25]) by smtp.netcabo.pt with
Microsoft SMTPSVC(5.0.2195.6713);
Thu, 26 Feb 2004 10:46:22 +0000
From: me () microsoft com ve
To: thalm () netcabo pt
Subject: a trojan is on your computer!
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MSMail-Priority: Normal
Message-ID: <93210073709487.53933xsmail () microsoft com ve>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="d7a124be6069b8e"
Return-Path: me () microsoft com ve
X-OriginalArrivalTime: 26 Feb 2004 10:46:23.0617 (UTC)
FILETIME=[C6EA4F10:01C3FC55]
Date: 26 Feb 2004 10:46:23 +0000
----------------------------------------------------------------------
Content:
----------------------------------------------------------------------
hello, I am from Denmark and you'll don't believe me,
but a trojan horse in on your pc.
I've scanned the network-ports on the internet. (I know, that's illegal)
And I have found your pc. Your pc is open on the internet for everybody!
Because the lsass.exe trojan is running on your system.
Check this, open the task manager and try to stop that!
You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!
On my system was this trojan, too!
And I've found a tool to kill that bad thing.
I hope that I've helped you!
greets
----------------------------------------------------------------------
Anyone else got this too? If so, has somebody made any analisys on the
attachment yet?
The attachment was blocked, so I don't have access to it :(
Regards,
Tiago Halm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fake Email Tiago Halm (Feb 27)
- Re: Fake Email martin f krafft (Feb 27)
- FW: Fake Email (Update) Tiago Halm (Feb 27)
- Re: FW: Fake Email (Update) Nick FitzGerald (Feb 27)
- AW: FW: Fake Email (Update) iss (Feb 28)
- RE: FW: Fake Email (Update) Tiago Halm (Feb 28)
- Re: FW: Fake Email (Update) Nick FitzGerald (Feb 27)
- RE: Fake Email Patrick Nolan (Feb 27)
- RE: Fake Email Aditya, ALD [Aditya Lalit Deshmukh] (Feb 28)