- Sikreci
- Mar 23, 2006
-
|
I have a question kind of related to this thread. Are there/have there been any known ways for a virus to spread via e-mail without the use of an attachment or embedded image/audio/video/java/etc.?
deviant. posted:
I got a fun little trojan downloader from a hacked JPG a little while ago. Apparently that's the favored vector of WoW gold farmers.
|
#
¿
Dec 16, 2008 07:31
|
|
- Adbot
-
ADBOT LOVES YOU
|
|
|
#
¿
May 21, 2024 05:32
|
|
- Sikreci
- Mar 23, 2006
-
|
Hillridge posted:
Crap, still seeing goougly links in google.
I found some info on it, but nothing helpful.
|
|
#
¿
Dec 26, 2008 06:40
|
|
- Sikreci
- Mar 23, 2006
-
|
I got a couple odd entries in my event log today, the source listed as "crypt32". The messages logged were:
Successful auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt>
and
Successful auto update of third-party root certificate:: Subject: <CN=Certum CA, O=Unizeto Sp. z o.o., C=PL> Sha1 thumbprint: <6252DC40F71143A22FDE9EF7348E064251B18118>
Google wasn't much help, does this look suspicious to anyone? It looks legitimate enough, but anything involving the words "root certificate" is a little unsettling. I think around the time it was logged I was installing the latest GIMP, but I can't imagine why GIMP would need to do anything involving a root certificate. I saw a couple similar messages the other day when I installed Quake Live as well (which I shrugged off because it installed PunkBuster which does some wierd poo poo that might involve root certificates), but other than that, I haven't seen any events like this in all the years I've been using XP on my desktops.
Edit: VVV Thanks, and just suspicious of any sudden changes in the status quo I guess.
Sikreci fucked around with this message at 19:49 on Feb 25, 2009
|
|
#
¿
Feb 25, 2009 19:36
|
|
- Sikreci
- Mar 23, 2006
-
|
This is just a little bit off topic, but I've gotten a couple stranger than usual emails lately and I can't make sense of it. Here's the raw text of the email from Gmail, scrubbed of personal info of course.
There's three things that make this seem really really strange, though. First of all, I've never heard of this person and I didn't actually receive a message on my Facebook account. Not particularly unusual if it was just a spoofed email, but that's the other thing, looking over all the headers and stuff, it looks completely legitimate. Finally, I don't use this email with my Facebook account, I have a completely different email tied to my Facebook account, so why would Facebook be sending any messages at all to that account?
After looking this email over and over again for about 15 minutes, I copy-pasted one of the links to reply since it pointed to www.facebook.com and I figured it couldn't do any damage, and it just redirected me back to www.facebook.com. I went back through all my privacy and security settings too, nothing changed there.
I got another similar "hey let's have sex" sort of message as well as this one, same deal, looked legit. It's pretty obvious these are spam messages of some sort, but I can't figure out why they're being sent by Facebook itself to a non-Facebook email I have, and what they're designed to accomplish once they arrive. Normally I'd just ignore stuff like this and be on my way, but the fact it seems to be getting sent by Facebook itself is a little bit worrying.
code:Delivered-To: (my email account)@gmail.com
Received: by 10.42.224.133 with SMTP id io5cs224109icb;
Sat, 11 Jun 2011 07:16:40 -0700 (PDT)
Received: by 10.42.82.75 with SMTP id c11mr3020437icl.92.1307801800122;
Sat, 11 Jun 2011 07:16:40 -0700 (PDT)
Return-Path: <notification+zj4o_9j=z=9y@facebookmail.com>
Received: from mx-out.facebook.com (outappmail003.snc4.facebook.com
[66.220.144.157])
by mx.google.com with ESMTP id t10si14571243icu.40.2011.06.11.07.16.39;
Sat, 11 Jun 2011 07:16:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of
notification+zj4o_9j=z=9y@facebookmail.com designates 66.220.144.157
as permitted sender) client-ip=66.220.144.157;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
notification+zj4o_9j=z=9y@facebookmail.com designates 66.220.144.157
as permitted sender)
smtp.mail=notification+zj4o_9j=z=9y@facebookmail.com; dkim=pass
header.i=@facebookmail.com
Return-Path: <notification+zj4o_9j=z=9y@facebookmail.com>
DKIM-Signature: v=1; a=rsa-sha256; d=facebookmail.com;
s=s1024-2011-q2; c=relaxed/simple;
q=dns/txt; i=@facebookmail.com; t=1307801799;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=V8QvMllSxNCRRYt/+drup4UylqNWjXPEpgC4uNka6yg=;
b=uyUVnTQHJ7x8nWJAXS(intentionally obfuscated)EkbbKeFqwvKYJB2pRQ9x25T
23AfwTRCtWaXUFwUH6vTPEDlP3HDb2/ubATO1jyghshOnAzTr7Trzji+Zzh1dRIK
NcxwES/akTamAG+MGkyvHZtFzMsRG353A0iBEX5g114=;
Received: from [10.62.111.33] ([10.62.111.33:41282])
by smout030.snc4.facebook.com (envelope-from
<notification+zj4o_9j=z=9y@facebookmail.com>)
(ecelerity 2.2.2.45 r(34222M)) with ECSTREAM
id CC/24-18426-7C873FD4; Sat, 11 Jun 2011 07:16:39 -0700
X-Facebook: from zuckmail ([MTI3LjAuMC4x])
by www.facebook.com with HTTP (ZuckMail);
Date: Sat, 11 Jun 2011 07:16:39 -0700
To: (my email account)@gmail.com
From: "Susan Weber" <notification+zj4o_9j=z=9y@facebookmail.com>
Reply-to: noreply <noreply@facebookmail.com>
Subject: Remember me?Check my wall!I have news for you
Message-ID: <5baee0e1da5334b8a947b84f20@www.facebook.com>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Notify: msg; from=100002402548948; t=2185750606137;
mailid=45d75f5G5af6cG2f019G0
X-FB-Internal-Notiftype: msg
Errors-To: notification+zj4o_9j=z=9y@facebookmail.com
X-FACEBOOK-PRIORITY: 1
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_5bae(intentionally obfuscated)f20"
--b1_5ba(intentionally obfuscated)f20
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Susan sent (my email account)@gmail.com a message on Facebook.
To reply to this message, follow the link below:
http://www.facebook.com/p.php?i=3D2548948&k=3DZW2(intentionally obfuscated)&oid=3D218137
--b1_5baee(intentionally obfuscated)7b84f20
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Facebook</title>
<meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8">
</head>
<body style=3D"margin: 0px; padding:0px;" dir=3D"ltr">
<!-- container table is 98% b/c yahoo mail needs 1% to display right =
-->
<table width=3D"98%" border=3D"0" cellspacing=3D"0" =
cellpadding=3D"10"><tr><td width=3D"100%" style=3D"font-family: 'lucida =
grande', tahoma, verdana, arial, sans-serif;"><table cellpadding=3D"0" =
width=3D"532"><tr><td colspan=3D"2" height=3D"25" =
style=3D"background-color: #3b5998;"><div style=3D"margin-right: 18px; =
padding-left: 9px; font-family: 'lucida grande', tahoma, verdana, arial, =
sans-serif; color: #fff;"><span style=3D"font-weight: bold; =
letter-spacing: -0.02em; font-size: =
16px;">facebook</span></div></td></tr><tr><td align=3D"left" =
bgcolor=3D"#ffffff" width=3D"100" style=3D"padding: 10px 5px 10px 9px;" =
valign=3D"top"><div> <img src=3D"http://profile.ak.fbcdn.net/static-ak/rsr=
c.php/v1/yV/r/Xc3RyXFFu-2.jpg" style=3D"border :1px solid #c0c0c0;" =
width=3D"100" alt=3D"" /> </div><div style=3D"text-align:right; =
font-size:13px; padding-top:3px;">Susan Weber</div><div =
style=3D"text-align: right; font-size: 11px; color: #777777;">7:16am Jun =
11th</div></td><td align=3D"left" bgcolor=3D"#ffffff" style=3D"padding: =
9px 0px 10px 10px; font-size:11px;" valign=3D"top" width=3D"400"><div =
style=3D"color: #333333; font-size: 15px; font-weight: bold;">Remember =
me?Check my wall!I have news for you</div><div>To (my email account)@gmail.com<div =
style=3D"border-bottom: 1px solid #ccc; line-height:5px;"> </div><div =
style=3D"padding-top: 5px;"><br /><br />To reply to this message, follow =
this link:<br /><a href=3D"http://www.facebook.com/p.php?i=3D1000024025489=
48&k=3DZ6E3Y3S2W2ZOVFLJP(intentionally obfuscated)&oid=3D2185750606=
137">http://www.facebook.com/p.php?i=3D100002402548948&k=3DZ6E3Y3S2W2Z=
O(intentionally obfuscated)&oid=3D2185750606137</a></div></td></tr=
><tr><td></td><td style=3D"padding-left: 10px;"><div =
style=3D"border-top:1px solid #eee; text-align:left; color: #666666; =
padding: 5px 0px 0px 1px; font-size: 11px; font-family: 'lucida grande', =
tahoma, verdana, arial, sans-serif;">If you do not wish to receive this =
type of email from Facebook in the future, please click <a =
href=3D"http://www.facebook.com/o.php?k=3D57e5dc&u=3D105332556&a=
mp;mid=3D45df(intentionally obfuscated)">here</a> to =
unsubscribe.<br/>Facebook, Inc. P.O. Box 10005, Palo Alto, CA =
94303</div></td></tr></table></td></tr></table></body></html>
--b1_5baee0e(intentionally obfuscated)2c947b84f20--
Sikreci fucked around with this message at 23:55 on Jun 14, 2011
|
|
#
¿
Jun 14, 2011 05:31
|
|
#
¿
Dec 16, 2008 07:31
