_GOTOBOTTOM
Site Talk
Site announcements, comments, or feedback about the site.
Virus Warning (for staff email mainly)
staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
Visit this Community
New Hampshire, United States
Joined: December 15, 2001
KitMaker: 12,571 posts
Armorama: 6,599 posts
Posted: Sunday, June 26, 2005 - 07:26 AM UTC
I just got this email....


Quoted Text


Dear user jim.starkweather,

It has come to our attention that your Armorama User Profile ( x ) records are out of date. For further details see the attached document.

Thank you for using Armorama!
The Armorama Support Team



+++ Attachment: No Virus (Clean)
+++ Armorama Antivirus - www.armorama.com



It contained a virus....


Quoted Text


****************** McAfee VirusScan ************************
******* Alert generated at: Sunday, June 26, 2005 12:17:10 PM *********
*********************************************************************

McAfee VirusScan has detected a potential threat in this e-mail
sent by [email protected].

The following actions were attempted on each suspicious part:

The attachment "account-report.zip" is infected with the Generic Malware.a!zip Trojan(s).
This attachment has been deleted to complete the clean process.


We strongly recommend that you report this virus-related activity
to [email protected].



Of course McAfee's warning to report the virus to the return email is rather silly as "[email protected]" did not send this email. It was sent by....


Quoted Text

Address lookup
canonical name c529cf321.cable.wanadoo.nl.
aliases
addresses 82.156.243.33


Domain Whois record
Queried whois.nic.nl with "wanadoo.nl"...

Rights restricted by copyright. See
http://www.domain-registry.nl/whois.php

Domain name:
wanadoo.nl (first domain)

Status: active

Registrant:
Wanadoo Nederland B.V.
Muiderstraat 1
1011 PZ AMSTERDAM
Netherlands

Domicile:
N/A

Committed to ADR: no

Administrative contact:
J.J. de Pins
+31 (0)205355555
[email protected]

Registrar:
Wanadoo Nederland B.V.
Muiderstraat 1
1011 PZ AMSTERDAM
Netherlands

Technical contact:
. EuroNet Domein Administratie
+31 (0)205355444
[email protected]

Technical contact:
. Domein Administratie
+31 (0)205355444
[email protected]

Domain nameservers:
ns.euro.net 194.134.0.12
ns.euronet.nl 194.134.0.67

Date registered: 05-01-1999
Record last updated: 09-09-2002

Record maintained by: NL Domain Registry


Network Whois record
Queried whois.ripe.net with "-B -G 82.156.243.33"...

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

inetnum: 82.156.0.0 - 82.156.255.255
netname: WANADOO-CABLE
descr: Wanadoo Nederland
descr: Muiderstraat 1
descr: 1011 PZ Amsterdam
country: NL
admin-c: EIAR1-RIPE
tech-c: EIAR1-RIPE
status: ASSIGNED PA
notify: [email protected]
mnt-by: EURONET-MNT
changed: [email protected] 20031123
source: RIPE

route: 82.156.0.0/15
descr: Wanadoo Nederland
origin: AS5390
mnt-by: EURONET-MNT
changed: [email protected] 20031119
source: RIPE

role: EuroNet Internet Administrative Role Account
address: Wanadoo Nederland BV (formerly EuroNet Internet BV)
address: Network Department
address: Muiderstraat 1
address: 1011 PZ Amsterdam
address: The Netherlands
phone: +31 20 535 5555
fax-no: +31 20 535 5400
e-mail: [email protected]
admin-c: AW2096-RIPE
admin-c: RK31337-RIPE
tech-c: BL78
tech-c: FB1141-RIPE
tech-c: GD31337-RIPE
tech-c: HT772-RIPE
nic-hdl: EIAR1-RIPE
remarks: In case of abuse issues, please contact [email protected]
mnt-by: EURONET-MNT
changed: [email protected] 20011101
changed: [email protected] 20030109
changed: [email protected] 20030902
changed: [email protected] 20040116
changed: [email protected] 20050404
source: RIPE



DNS records
name class type data time to live
c529cf321.cable.wanadoo.nl IN A 82.156.243.33 86400s (1.00:00:00)
wanadoo.nl IN MX preference: 100
exchange: smtp-in.wanadoo.nl
900s (00:15:00)
wanadoo.nl IN NS ns.euro.net 86400s (1.00:00:00)
wanadoo.nl IN NS ns.euronet.nl 86400s (1.00:00:00)
wanadoo.nl IN A 194.134.35.183 900s (00:15:00)
wanadoo.nl IN SOA server: ns.euro.net
email: hostmaster.euro.net
serial: 2005062001
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 3600
86400s (1.00:00:00)
33.243.156.82.in-addr.arpa IN PTR c529cf321.cable.wanadoo.nl 86400s (1.00:00:00)



Don't ya just love the Internet and all the 17 year old hackers trying to make a name for themselves?

If anyone else gets this please let me know or post it here. I have to admit the email generation routine is very clever to insert the domain name into the email in addition to the username. It makes it look so personalized.

Thanks,
Jim
BroAbrams
Visit this Community
Washington, United States
Joined: October 02, 2002
KitMaker: 1,546 posts
Armorama: 1,081 posts
Posted: Sunday, June 26, 2005 - 07:45 AM UTC
jim I know this is always frustrating but whenever I get this kind of stuff I always remember this story:

http://www.i-am-bored.com/bored_link.cfm?link_id=10199
 _GOTOTOP