| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60601 | 2005-08-06 23:52:00 | New twist on virus distribution | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 378954 | 2005-08-06 23:52:00 | The following message appeared in my mailbox this morning: Please note: All charges to your statement will appear in the name "UKCARDS LIMITED". Order Information Amount: £399.95 Currency: GBP Merchant Name: HUNTINGDON MAIL ORDER Description: iPod Music Player 40GB Customer Service Telephone: 0845 6060 234 Email: N/A Delivery Address 47 Silver Street, London, NW1 5TR You can download your purchase agreement here, please keep this safe as it is your only means to cancel the order before the expected delivery date. My initial reaction was that maybe my credit card had been compromised, but viewing the headers in Mailwasher told me otherwise. It is different enough to be worth warning about. Full headers & message below. Return-Path: <noreply@ukcards.com> Received: from sf1290-rme.xtra.co.nz ([210.86.15.143]) by avmta4-rme.xtra.co.nz with ESMTP id <20050806165335.LBLN9771.avmta4-me.xtra.co.nz@sf1290-rme.xtra.co.nz> for <*******@xtra.co.nz>; Sun, 7 Aug 2005 04:53:35 +1200 Received: from WS4 ([24.106.195.59]) by sf1290-rme.xtra.co.nz with ESMTP id <20050806165334.CKBN1516.sf1290-rme.xtra.co.nz@WS4> for <*******@xtra.co.nz>; Sun, 7 Aug 2005 04:53:34 +1200 From: noreply@ukcards.com Subject: Transaction Receipt (UKCards) To: *******@xtra.co.nz Content-Type: multipart/mixed; boundary="=_NextPart_2rfkindysadvnqw3nerasdf"; MIME-Version: 1.0 Reply-To: noreply@ukcards.com Date: Sat, 6 Aug 2005 12:53:37 -0400 X-Priority: 3 X-Library: Indy 8.0.25 Message-Id: <20050806165334.CKBN1516.sf1290-rme.xtra.co.nz@WS4> This is a multi-part message in MIME format --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: text/plain Content-Transfer-Encoding: 7bit Please note: All charges to your statement will appear in the name "UKCARDS LIMITED". Order Information Amount: £399.95 Currency: GBP Merchant Name: HUNTINGDON MAIL ORDER Description: iPod Music Player 40GB Customer Service Telephone: 0845 6060 234 Email: N/A Delivery Address 47 Silver Street, London, NW1 5TR You can download your purchase agreement here, please keep this safe as it is your only means to cancel the order before the expected delivery date. --=_NextPart_2rfkindysadvnqw3nerasdf Content-Type: application/octet-stream; name="iPod Purchase Agreement.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="iPod Purchase Agreement.zip" UEsDBBQAAAAIAMx+BjO9fvWta3wAACKvAAAbAAAAaVBvZCBQdX JjaGFzZSBBZ3JlZW1lbnQuc2Ny7FkLWI1Z91n6l2OknpqpsuCn UclVsqdFGhpFRE6R7CCUlS3zRuM9O4MyfCGIXIjPs1jEoaCTO5 h0QZaYwik6T9X/t9T0ci83memf/3fM8362mf9b57/X5rr7Xey1n7NDrE223cGDcfYf Note: Only the first few lines of the payload are included above. Anybody who rushes in to cancel their "order" will get hit. Cheers Billy 8-{) |
Billy T (70) | ||
| 378955 | 2005-08-07 00:12:00 | www.hoax-slayer.com | bartsdadhomer (80) | ||
| 378956 | 2005-08-07 00:20:00 | Good thing, I dont have a credit card, and 1/2 the world is on Spampal's blacklist :lol: | Speedy Gonzales (78) | ||
| 378957 | 2005-08-07 04:55:00 | I don't even read stuff like that. | pctek (84) | ||
| 378958 | 2005-08-07 05:05:00 | I don't even read stuff like that. One of my block sender candidates. |
Cicero (40) | ||
| 378959 | 2005-08-07 06:05:00 | You guys must live dangerously, I've never seen this before because very little of this stuff ever finds my address. I am assuming that the file "iPod Purchase Agreement.zip" carries a virus payload. Can't see why that would be included if it was simply a harmless hoax. Cheers Billy 8-{) |
Billy T (70) | ||
| 378960 | 2005-08-07 08:41:00 | Check Huntingdon Mail Order out in Google. You will find info there. It appears to be a hoax. Bas |
Bas (8454) | ||
| 378961 | 2005-08-07 10:24:00 | Check Huntingdon Mail Order out in Google. You will find info there. It appears to be a hoax. Bas Yes, we know it is a hoax Bas, but my question was: Is the zip file benign, or does it carry a virus payload for anybody who tries to open the "purchase agreement" to cancel their "order"? Nobody seems to know the answer to that question. Cheers Billy 8-{) |
Billy T (70) | ||
| 378962 | 2005-08-07 21:49:00 | Got this one today, usual zip file attachment . Couldn't find it on Hoax-Slayer, & Google didn't find it either . I see that the i-Pod hoax goes back to 2003, so maybe a new wave of these emails is about to begin . Forewarned is forearmed, and not all PF1 members are necessarily aware of this genre so it is worth adding to my original post . Cheers Billy 8-{) P . S . http://www . franchisedirect . co . uk is a legitimate site Hello, Your photograph was forwarded to us as part of an article we are publishing for our May edition of Business Review Monthly . Can you check over the format and get back to us with your approval or any changes you would like . If the photograph is not to your liking then please attach a preferred one . We have attached the photo and article here . Kind regards, John Andrews http://www . franchisedirect . co . uk |
Billy T (70) | ||
| 378963 | 2005-08-08 01:23:00 | Got this one today, usual zip file attachment. Couldn't find it on Hoax-Slayer, & Google didn't find it either. I see that the i-Pod hoax goes back to 2003, so maybe a new wave of these emails is about to begin. Forewarned is forearmed, and not all PF1 members are necessarily aware of this genre so it is worth adding to my original post. Cheers Billy 8-{) P.S. http://www.franchisedirect.co.uk is a legitimate site You are a worrier B.Just take a deep breath and all will be well. |
Cicero (40) | ||
| 1 2 | |||||