Is anybody else getting these viruses?

For discussions about security.
Message
Author
User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

Is anybody else getting these viruses?

#1 Post by obxjerry »

I've gotten 3 emails with attachments I would suspect contain viruses. The zip file opens to a 77312 byte .exe file. All 3 come from package delivery companies; UPS, DHL and FedEx. I did contact UPS and they said in part; "Our UPS fraud group is aware of this malicious e-mail." If anybody wants them I haven't used them. Geez, I love Puppy.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
Moose On The Loose
Posts: 965
Joined: Thu 24 Feb 2011, 14:54

Re: Is anybody else getting these viruses?

#2 Post by Moose On The Loose »

obxjerry wrote:I've gotten 3 emails with attachments I would suspect contain viruses. The zip file opens to a 77312 byte .exe file. All 3 come from package delivery companies; UPS, DHL and FedEx. I did contact UPS and they said in part; "Our UPS fraud group is aware of this malicious e-mail." If anybody wants them I haven't used them. Geez, I love Puppy.
It is very common for people who want to do bad things to try to be someone you trust. I can't count how many times I have received an email from Microsoft with the latest updates or a message from a band I don't deal with telling me I needed to sign in and correct my profile or something. In every case, they weren't from where they claimed, except for perhaps the Microsoft one depending on how you define things.

User avatar
technosaurus
Posts: 4853
Joined: Mon 19 May 2008, 01:24
Location: Blue Springs, MO
Contact:

#3 Post by technosaurus »

I always find it amusing to run
strings some_virus.exe
just to see if the programmer left any interesting comments.
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#4 Post by obxjerry »

Whoa, over my head. I'll guess and say I save the file and in a console type strings file name.exe. Is that even close?
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
technosaurus
Posts: 4853
Joined: Mon 19 May 2008, 01:24
Location: Blue Springs, MO
Contact:

#5 Post by technosaurus »

exactly, keep in mind that I run with pfix=ram with all drives unmounted
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#6 Post by obxjerry »

I got another one from UPS this morning. The oldest 2 will no longer open. The virus scan on my email stops them and says they are a virus. The strings peek didn't work, it says no file or document. I still have 2 if anybody wants them. You could do a friend a real favor if they need a little push to make them leave M$.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#7 Post by Makoto »

Most of the virus scanners seem to have no problems detecting them, so the email providers' scanners probably will detect them. They're still making the rounds, though.

I'll admit I haven't seen one since last year, however. :|

As for using strings, it might help to redirect the output to a text file (I mention this, because I was doing that this afternoon. :D), too. I'm not sure if it gets strings in EXEs and binaries that I see a lot of, which are the ones with nulls in between each character (T_e_x_t__l_i_k_e__t_h_i_s, basically).

strings whatever.exe > whatever.txt
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

User avatar
racepres
Posts: 529
Joined: Sat 17 Jan 2009, 02:48
Location: Central Michigan, US
Contact:

#8 Post by racepres »

obxjerry wrote:I got another one from UPS this morning. .
Drive on down there and ask 'em WTH.
Just a Thought, cause I know that they are right on the south side.
Nah!!! I'm just funnin' ya!!
RP

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#9 Post by obxjerry »

I've gotten 2 more, both from UPS. It looks like I'm settling in to a one a day routine. I can't believe nobody wants any of these. Why should I have so many when other, more deserving people have none, especially considering I can't use any of them since I run Puppy?
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#10 Post by 8-bit »

Depending on what mail software you use and your service provider, you should be able to block those incoming email addresses.

I use msn hotmail and It has an option called sweep that will block all incoming emails from addresses you select.

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#11 Post by Makoto »

obxjerry: Are you sure your email provider/ISP doesn't have an option to forward spam/virus mails to them, for inspection or to somehow take action, etc.? I think there was a third-party option (police? government?) where you could forward the mails, for reasons like that.

Well, they might want them, anyway. :)
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

bugman

#12 Post by bugman »

i got one today,
Dear customer.

The parcel was sent your home address.

And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you.

© 1994-2011 United Parcel Service of America, Inc.

T1YLUGH6I2Cu48r0GiW

[UPSnotify.rar application/octet-stream (5.7KB)]
i have no idea what kind of person would be fooled by such a lame effort . . .

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#13 Post by obxjerry »

Since I had no takers on the viruses, I marked them all as spam. I think Yahoo must have sent in a guided missile strike because I've gotten no more virus emails.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
tubeguy
Posts: 1320
Joined: Sat 29 Aug 2009, 01:04
Location: Park Ridge IL USA
Contact:

#14 Post by tubeguy »

bugman wrote:i got one today,
Dear customer.

The parcel was sent your home address.

And it will arrive within 7 business day.

More information and the tracking number are attached in document below.

Thank you.

© 1994-2011 United Parcel Service of America, Inc.

T1YLUGH6I2Cu48r0GiW

[UPSnotify.rar application/octet-stream (5.7KB)]
i have no idea what kind of person would be fooled by such a lame effort . . .
I've gotten those at work and wrote rules to block them. I've never had one get through gmail though.
[b]Tahr Pup 6 on desktop, Lucid 3HD on lappie[/b]

User avatar
d4p
Posts: 439
Joined: Tue 13 Mar 2007, 02:30

#15 Post by d4p »

not sure, is that something to do with the fraudulent certificates?
http://blog.mozilla.com/security/2011/0 ... follow-up/

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#16 Post by obxjerry »

I'm still getting them and now I'm getting them from the IRS. It says in part;

We recived your tax return. However, we are unable to process the return as field.

Our records indicate that the person identifiedas the primary taxpayer or spouse on the tax return did not provided all the required documents shown on the tax form. Our records are based on information received from the Social Security Administration.

Based on this information, the tax account for the individual has been locked


It sounds like the government don't it? Spells like them too.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

User avatar
puppyluvr
Posts: 3470
Joined: Sun 06 Jan 2008, 23:14
Location: Chickasha Oklahoma
Contact:

#17 Post by puppyluvr »

:D Hello,
Heck, send me one...
I`ll run it in a locked down wine and see what I get...
IDK why, but I never am lucky enough to get one...
You must be special... :wink:
Close the Windows, and open your eyes, to a whole new world
I am Lead Dog of the
Puppy Linux Users Group on Facebook
Join us!

Puppy since 2.15CE...

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#18 Post by obxjerry »

puppyluvr, I tried to email you 2. They came up as unable to be sent MAILER-DAEMON due to containing Possible Novarg virus. If you still want them, sent me an idea.
It may be that my sole purpose in life is simply to serve as a warning to others

Meddle Not In The Affairs Of Dragons For You Are Crunchy And Taste Good With Ketchup

I'd rather be sailing

postfs1

#19 Post by postfs1 »

To reedit up to date.
Last edited by postfs1 on Mon 28 Mar 2016, 00:39, edited 1 time in total.

Jasper

#20 Post by Jasper »

Hi obxjerry,

Can you zip the data file and send it as an email attachment?

If you add a password then put it in the body of the email.

My regards

Post Reply