EMail Virus attempt? Who wants to play detective?

[RickM]

I just received this Email. Sure as hell looks like an attempt to coax me into downloading some crap. What do you think?


Header first followed by body of message:

X-Apparently-To: xxxx@yahoo.com via 206.190.37.243; Thu, 15 Sep 2005 18:11:48 -0700
X-Originating-IP: [165.254.68.66]
Return-Path:
Authentication-Results: mta100.mail.re2.yahoo.com from=yahoo.com; domainkeys=neutral (no sig)
Received: from 165.254.68.66 (EHLO yahoo.com) (165.254.68.66) by mta100.mail.re2.yahoo.com with SMTP; Thu, 15 Sep 2005 18:11:48 -0700
From: Send an Instant Message admin@yahoo.com Add to Address BookAdd to Address Book
To: xxxx@yahoo.com
Subject: xjdvh
Date: Thu, 15 Sep 2005 21:11:44 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0001_5827C8E1.1DAF1A4E"
X-Priority: 3
X-MSMail-Priority: Normal
Content-Length: 33611

Dear Yahoo Member,

Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.

If you choose to ignore our request, you leave us no choice but to cancel your membership.

Virtually yours,
The Yahoo Support Team

[bryanthompson]

definitely virus attempt, without a doubt.

Been used on other hosts as well: http://www.logic.bm/pop_announcement.html

[bryanthompson]

more info: http://nl.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?VName=WORM_MYTOB.HF

[RickM]

Wow, that was quick Bryan. I can usually spot a fake when I pass the cursor over the return addresses and read the true destination on the botton address bar (Or right click for properties). This looks legit when I do this.

BTW, after spending about 10 minutes on the Yahoo site I can't locate a secuity section to report hsi type of stuff.

Thanks!

[Joeaksa]

Quote:

Originally posted by RickM
Wow, that was quick Bryan. I can usually spot a fake when I pass the cursor over the return addresses and read the true destination on the botton address bar (Or right click for properties). This looks legit when I do this.

BTW, after spending about 10 minutes on the Yahoo site I can't locate a secuity section to report hsi type of stuff.

Thanks!

You have learned the fastest way to figure these out! Passing the cursor over the address shows where its really going and if the two are not the same, something is smelly.

Wish we could find these ba$tards and put them on desert island somewhere with no internet...

JoeA

[bryanthompson]

Quote:

Originally posted by RickM
Wow, that was quick Bryan. I can usually spot a fake when I pass the cursor over the return addresses and read the true destination on the botton address bar (Or right click for properties). This looks legit when I do this.

BTW, after spending about 10 minutes on the Yahoo site I can't locate a secuity section to report hsi type of stuff.

Thanks!

It looked juuuuust well-written enough to pass for legit. If those Nigerians find a grammar checker, we're all screwed

[Z-man]

I was just sent an email stating that my Paypal account may have an unauthorized credit card attached to it.

Funny, I don't have a Paypal account, nor do I have any unauthorized cc.

I just hate these hackers...the interweb's an unsafe place...
-Z.

[pwd72s]

I've gotten some addressed to my last name from my last name...no message, just an attachment. I just dump 'em. Anybody else have that happen to them?

[Steeve]

z-man I got the exact same email the other day. I figured it was a scam, and deleted it. Then went and logged into Paypal, and all was rosy.

[RickM]

Well, this morn I reicieved the other two versions of the email. Now I have the complete set.