Results 1 to 7 of 7

Thread: another approach?

  1. #1
    kreepz
    Guest

    another approach?

    went to my hotmail account to check my email and found the following
    email....



    Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
    been blocked by our security service. Your credit card issuing bank has
    halted the transaction by the demand of the Federal Criminal Investigation
    Service (case No. 20721 since the recipient has been undergoing the
    international retrieval by the InterPol. Please contact the closest Western
    Union office and make sure you have your ID card, the credit card that was
    used for making the payment, and the invoice file with you. (The invoice
    file is attached to this message; please print it out and hand it to our
    agent.) You can find the address of the closest Western Union agent on our
    website at http://www.westernunion.com Thank you!attached:MTCN.zip 56.kb
    which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have any
    info on it? google only returns 4 results but no information about it.



  2. #2
    1PW
    Guest

    Re: another approach?

    On 09/10/2008 09:29 AM, kreepz sent:
    > went to my hotmail account to check my email and found the following
    > email....
    >
    >
    >
    > Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
    > been blocked by our security service. Your credit card issuing bank has
    > halted the transaction by the demand of the Federal Criminal Investigation
    > Service (case No. 20721 since the recipient has been undergoing the
    > international retrieval by the InterPol. Please contact the closest Western
    > Union office and make sure you have your ID card, the credit card that was
    > used for making the payment, and the invoice file with you. (The invoice
    > file is attached to this message; please print it out and hand it to our
    > agent.) You can find the address of the closest Western Union agent on our
    > website at http://www.westernunion.com Thank you!attached:MTCN.zip 56.kb
    > which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have any
    > info on it? google only returns 4 results but no information about it.
    >
    >


    Hello:

    If you have downloaded attachment, you might consider sending it to:

    <http://www.virustotal.com/>

    but do not open it. After sending the suspected attachment to the
    above, delete it.

    If you have *not* downloaded the attachment, no harm will come to you,
    but delete it from your hotmail account.

    If you have no knowledge of the transaction, and you do have a credit
    card, you would do well to contact your credit card issuer for
    validation of recent charges. If the credit card issuer, and you, agree
    that no fraudulent charges have been made against your account, consider
    the email to be a phishing scam with an added nasty payload. If a
    suspected fraudulent charge has been made, challenge it immediately
    with the credit card issuer.

    The malware, you describe above, seems to be only a few days in the
    wild. However, it may be a variant of a similar one.

    While all this is fresh in your memory, check your system for good
    protection on all fronts. After checking their update status, perhaps a
    full system scan, using all your protection applications, is in order.

    Thank you kindly for this informative posting. Please reply with a post
    as to your results so others may benefit.

    Best wishes to you

    --
    1PW

    @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

  3. #3
    David H. Lipman
    Guest

    Re: another approach?

    From: "kreepz" <(remove" _-" to reply)kreepz86_-_-_@gmail.com>

    | went to my hotmail account to check my email and found the following
    | email....



    | Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
    | been blocked by our security service. Your credit card issuing bank has
    | halted the transaction by the demand of the Federal Criminal Investigation
    | Service (case No. 20721 since the recipient has been undergoing the
    | international retrieval by the InterPol. Please contact the closest Western
    | Union office and make sure you have your ID card, the credit card that was
    | used for making the payment, and the invoice file with you. (The invoice
    | file is attached to this message; please print it out and hand it to our
    | agent.) You can find the address of the closest Western Union agent on our
    | website at http://www.westernunion.com Thank you!attached:MTCN.zip 56.kb
    | which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have any
    | info on it? google only returns 4 results but no information about it.



    These are UPS and FedEX and it now looks looks like they are using Western Union as the
    body of a Social Engineering attempt to get you infected.

    The headers will give this away. If you use a webmail interface instead of a PC based
    email client and you can't view headers then, well you should consider switching to an
    email client.

    What do you want to know ? Specifics about the Zbot ?

    http://us.mcafee.com/virusInfo/defau...virus_k=149589

    http://www.trendmicro.com/vinfo/viru...=zbot&alt=zbot

    http://www.f-secure.com/v-descs/troj..._zbot_hs.shtml
    http://www.f-secure.com/v-descs/troj...w32_zbot.shtml
    http://www.f-secure.com/v-descs/troj..._zbot_go.shtml


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



  4. #4
    Ari
    Guest

    Re: another approach?

    On Wed, 10 Sep 2008 09:29:09 -0700, kreepz wrote:

    > Thank you!attached:MTCN.zip 56.kb
    > which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have any
    > info on it? google only returns 4 results but no information about it.


    http://scanner.virus.org/

  5. #5
    Duh_OZ
    Guest

    Re: another approach?

    Ahh, the good old Zbots. I've had many 'hooks' associated with them,
    latest was about some plane ticket I bought.

    Not too pleased as NOD32 missed a few ;-(

    And no I wasn't infected, but did submit the obvious infected .exe's
    to virustotal and any missed ones directly to Eset (zipped, and
    password protected with infected).


  6. #6
    Discovery
    Guest

    Re: another approach?

    so funny~~American...Too Smart..
    "kreepz" <(remove" _-" to reply)kreepz86_-_-_@gmail.com> 写入消息新闻:yBSxk.12916$L_.1527@flpi150.ffdc.sbc.com...
    > went to my hotmail account to check my email and found the following
    > email....
    >
    >
    >
    > Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
    > been blocked by our security service. Your credit card issuing bank has
    > halted the transaction by the demand of the Federal Criminal Investigation
    > Service (case No. 20721 since the recipient has been undergoing the
    > international retrieval by the InterPol. Please contact the closest
    > Western Union office and make sure you have your ID card, the credit card
    > that was used for making the payment, and the invoice file with you. (The
    > invoice file is attached to this message; please print it out and hand it
    > to our agent.) You can find the address of the closest Western Union agent
    > on our website at http://www.westernunion.com Thank you!attached:MTCN.zip
    > 56.kb which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone
    > have any info on it? google only returns 4 results but no information
    > about it.
    >
    >




  7. #7
    kreepz
    Guest

    Re: another approach?

    thanx for the info and feedback ipw! it is very much appreciated.


    "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message
    news:DtadnTzsBL0HulXVnZ2dnUVZ_gadnZ2d@comcast.com...
    > On 09/10/2008 09:29 AM, kreepz sent:
    >> went to my hotmail account to check my email and found the following
    >> email....
    >>
    >>
    >>
    >> Hello! Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has
    >> been blocked by our security service. Your credit card issuing bank has
    >> halted the transaction by the demand of the Federal Criminal
    >> Investigation
    >> Service (case No. 20721 since the recipient has been undergoing the
    >> international retrieval by the InterPol. Please contact the closest
    >> Western
    >> Union office and make sure you have your ID card, the credit card that
    >> was
    >> used for making the payment, and the invoice file with you. (The invoice
    >> file is attached to this message; please print it out and hand it to our
    >> agent.) You can find the address of the closest Western Union agent on
    >> our
    >> website at http://www.westernunion.com Thank you!attached:MTCN.zip 56.kb
    >> which was detected: Trojan program Trojan-Spy.Win32.Zbot.ero anyone have
    >> any
    >> info on it? google only returns 4 results but no information about it.
    >>
    >>

    >
    > Hello:
    >
    > If you have downloaded attachment, you might consider sending it to:
    >
    > <http://www.virustotal.com/>
    >
    > but do not open it. After sending the suspected attachment to the
    > above, delete it.
    >
    > If you have *not* downloaded the attachment, no harm will come to you,
    > but delete it from your hotmail account.
    >
    > If you have no knowledge of the transaction, and you do have a credit
    > card, you would do well to contact your credit card issuer for
    > validation of recent charges. If the credit card issuer, and you, agree
    > that no fraudulent charges have been made against your account, consider
    > the email to be a phishing scam with an added nasty payload. If a
    > suspected fraudulent charge has been made, challenge it immediately
    > with the credit card issuer.
    >
    > The malware, you describe above, seems to be only a few days in the
    > wild. However, it may be a variant of a similar one.
    >
    > While all this is fresh in your memory, check your system for good
    > protection on all fronts. After checking their update status, perhaps a
    > full system scan, using all your protection applications, is in order.
    >
    > Thank you kindly for this informative posting. Please reply with a post
    > as to your results so others may benefit.
    >
    > Best wishes to you
    >
    > --
    > 1PW
    >
    > @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]




Similar Threads

  1. Gas Prices
    By Sava700 in forum General Discussion Board
    Replies: 1252
    Last Post: 01-20-15, 04:20 PM
  2. Using PSEXEC and VBS script with WSUS
    By scj6771 in forum Software Forum
    Replies: 2
    Last Post: 11-14-07, 02:52 PM
  3. my flight on Google Earth...
    By mountainman in forum General Discussion Board
    Replies: 10
    Last Post: 06-06-07, 05:17 PM
  4. Totally new broadband networking approach
    By Panda in forum General Broadband Forum
    Replies: 0
    Last Post: 03-13-07, 03:23 PM
  5. Teen tries new approach against RIAA
    By Comtrad in forum General Discussion Board
    Replies: 9
    Last Post: 01-31-07, 04:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •