ut ooh: Your internet access is going to get suspended -

Recently I received the bogus email alert, refer to ENCL(2) which included a zipped attachment. The file upon further inspection with ClamXAv actually contained a trojan. For more information take a look at ENCL(1) hopefully you didn’t open the zipped file and install the trojan.

ENCLOSURE (1) Output of AntiVirus Engine

Downloads/user-EA49943X-activities.zip: Trojan.Goldun-278 FOUND
———– SCAN SUMMARY ———–
Known viruses: 421882
Engine version: 0.93.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.03 MB
Time: 14.324 sec (0 m 14 s)

ClamXav v1.1.1 – ClamAV 0.93.3/8227/Fri Sep 12 07:48:22 2008 – ClamXav

One or more infected files were found, but were left where they are. You can either deal with them yourself, or scan again with the preferences set to move them into a different folder.

ENCLOSURE (2) Original email received complete with long headers

From: “ICS Monitoring Team” <uucp@chase-signs.com>
Date: September 11, 2008 3:34:05 PM EDT
To: “client” <m@someplace.com>
Subject: Your internet access is going to get suspended
Message-Id: <03718.liew@indra>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=”5BA1334CDBC9DEA”

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

Reader Interactions

Leave a Reply Cancel reply