Third Yaha variant on this week

Discussion in 'malware problems & news' started by Krusty, Jan 7, 2003.

Thread Status:
Not open for further replies.
  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hello everybody

    I got third Yaha variant on this week. They all are as email attachements.

    1. KOF_Fighting.exe 46942

    2. KOF_The_Game.exe 46942

    3. Received
    via tmail-2001q (invoked by user imapd) for i5509510.20; Tue, 7 Jan 2003 00:14:32 +0200 (EET)

    Received
    from fe02.mail.jippii.net (fe02.mail.jippii.net [195.197.172.101]) by be60.mail.jippii.net (Postfix) with ESMTP id 79F48734A8 for <i5509510@be60.mail.jippii.net>; Tue, 7 Jan 2003 00:14:32 +0200 (EET)

    Received
    from fe.mail.jippii.net (pool-151-205-8-249.clrk.east.verizon.net [151.205.8.249]) by fe02.mail.jippii.net (8.12.3/8.12.1) with SMTP id h06METBA007293 for <XXXX@XXXXXi>; Tue, 7 Jan 2003 00:14:29 +0200 (EET)

    Message- Id
    <200301062214.h06METBA007293@fe02.mail.jippii.net>

    From
    Club Jenna <admin@clubjenna.com>

    To
    XXXXX@XXXXX

    Subject
    Screensavers from Club Jenna

    Date
    Mon,06 Jan 2003 17:14:38 PM

    X-Mailer
    Microsoft Outlook Express 5.50.4133.2400

    MIME- Version
    1.0

    Content- Type
    multipart/mixed; boundary=#r0xx#


    Hello,
    Looking for some Hardcore mind boggling action ?
    Install the attached browser software and browse
    across millions of paid hardcore sex sites for free.
    Using the software you can safely and easily browse
    across most of the hardcore XXX paid sites across the
    internet for free. Using it you can also clean all
    traces of your web browsing from your computer.

    Note:The attached browser software is made exclusivley
    for demo only. You can use the software for a limited
    time of 35 days after which you have to register it
    at our official website for its furthur use.

    Regards,
    Admin.

    Attachement: Sexy_Jenna.scr 46942

    More details at :
    http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci871701,00.html

    *Ari*
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Ari,

    Seems you have it covered - good for you!

    Numbers fortunately don't count that much - on my addy over here received 120+ infected emails today ;)

    "Be careful out there" - sounds familiar somehow :cool:.

    regards.

    paul
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Paul

    Yes, they found my "secret" email account :'( . I just reported for those "wormspams". I do not know if it helps any, atleast I tried.
    Thanks for warning, never too cautious on these days...

    And I found Randy Bells information too, Thanks for Randy !! Very Good job indeed, and we all respect that work for free more than anyone knows, or how. :)

    *Ari*
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    And Verizons reply for my report :

    Thank you for your E-mail message to Verizon Online Abuse.

    We apologize for any inconvenience the reported incident has caused you.
    Because we receive a large number of complaints each day, regretfully, a
    response to each message is not possible.

    Verizon Online Security investigates each reported incident, and will
    take the appropriate action as permitted by Verizon's Internet Access
    Agreement and Acceptable Use Policy, which can be viewed at the website
    listed below.

    Additionally, you may find the following pertinent information
    beneficial:

    To better understand the problems with Unsolicited Commercial E-mail
    ("spam"), we have provided information about filtering Spam with your
    e-mail software, answers to several frequently asked questions and links
    to some useful online information about Spam:

    http://www2.verizon.net/announcements/spam.asp
    http://www2.verizon.net/contact/spam.asp

    If you are reporting an unauthorized access attempt, please note that we
    cannot take action if the offender is not a Verizon Online Customer.
    These reports will need to be sent directly to the Internet Service
    Provider/IP space owner used by the offender.

    The following web site may be helpful in determining the owner of the
    originating IP space:

    http://www.arin.net/whois

    Additionally, for faster routing, future unauthorized access attempts
    (hacking, port probes, etc.) may be sent directly to
    security@verizon.net.

    Sincerely,
    Verizon Online Abuse
    http://www2.verizon.net/policies
    abuse@verizon.net

    *Ari*
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
Thread Status:
Not open for further replies.