Re: exploit virus; weird emails o/t

[ Follow Ups ] [ Post Followup ] [ Henna For Hair ~ Discussion Forum ] [ FAQ ]

Posted by Pierre on August 14, 2004 at 12:39:59:

In reply to: exploit virus; weird emails o/t posted by Pam F. on August 14, 2004 at 11:39:59:

: Has anyone else here gotten the bloodhound exploit virus? I
: recently (last week) received a weird email from someone claiming to
: be a Dr. Abraham Amarachukwu (in Nigeria) who claimed to have
: millions of dollars in an offshore account involving crude oil that
: he wanted me to help him with??? Then, after that, my homepage was
: changed to (http://default-homepage-network.com/newspynotice.html).

Do you mean that your home page, the one you write, was overwritten by the
contents of that webpage? What is your own homepage URL? That page has some
obfuscated Javascript in which a Javascript string, encoded in hex, is written to the
page in the browser.

It's unlikely that the 419 letter was the source of the infection.

: Don't open that or you will get it! Actually, this was on my
: husbands computer that that happened, where I sometimes read my
: email as well. The properties on that page included: javascript,
: addictivetechnologies.net/dmo/js/comfirmemCraft1.js"></script>.

What do you mean by "the properties on that page"? The malware is probably not
that URL but the obfuscated code.

: That is what the Norton Antivirus said it was, I think. NT said it
: was Bloodhound Exploit malware. I did a trace on it using the trace
: feature on the Norton Firewall program page and it said that it came
: from: Pierre Ruessell (sp?) in Montreal, Quebec, Canada; it gives
: addresses and phone numbers there as well! Does anyone know what
: this is about? I am only putting this here because of a post
: Catherine made about viruses she was getting before she left on her
: trip so I supposed maybe someone else here might have had these same
: things on their computers???

I haven't the foggiest idea what you traced or what info you got by tracing. Did
you run the whois command on an IP address that you found in the headers of an
email? Did you run the traceroute program on an IP address? What exactly did you
do? Send me the email (or at least its headers) and I'll analyze it.

Do yourself a favor. Ditch the Windows box and get a Linux box. It's much safer
and more versatile.

Follow Ups

Re: exploit virus; weird emails o/t Pam F. 15:30:40 8/14/2004 (7)
- Re: exploit virus; weird emails o/t Pierre 18:10:38 8/14/2004 (3)
  - Re: exploit virus; weird emails o/t Pam F. 19:02:02 8/14/2004 (2)
    - Re: exploit virus; weird emails o/t Pierre 19:39:59 8/14/2004 (1)
      - Re: exploit virus; weird emails o/t Pam F. 15:02:16 8/15/2004 (0)
- RE. re above Pam F. 16:32:06 8/14/2004 (2)
  - Re: RE. re above Justine Willowhawk 08:05:28 8/15/2004 (1)
    - Re: RE. re above Pam F. 15:06:50 8/15/2004 (0)

Post Followup

Name:
E-Mail:
Subject:
: : Has anyone else here gotten the bloodhound exploit virus? I : : recently (last week) received a weird email from someone claiming to : : be a Dr. Abraham Amarachukwu (in Nigeria) who claimed to have : : millions of dollars in an offshore account involving crude oil that : : he wanted me to help him with??? Then, after that, my homepage was : : changed to (http://default-homepage-network.com/newspynotice.html). : : Do you mean that your home page, the one you write, was overwritten by the : contents of that webpage? What is your own homepage URL? That page has some : obfuscated Javascript in which a Javascript string, encoded in hex, is written to the : page in the browser. : : It's unlikely that the 419 letter was the source of the infection. : : : Don't open that or you will get it! Actually, this was on my : : husbands computer that that happened, where I sometimes read my : : email as well. The properties on that page included: javascript, : : addictivetechnologies.net/dmo/js/comfirmemCraft1.js"></script>. : : What do you mean by "the properties on that page"? The malware is probably not : that URL but the obfuscated code. : : : That is what the Norton Antivirus said it was, I think. NT said it : : was Bloodhound Exploit malware. I did a trace on it using the trace : : feature on the Norton Firewall program page and it said that it came : : from: Pierre Ruessell (sp?) in Montreal, Quebec, Canada; it gives : : addresses and phone numbers there as well! Does anyone know what : : this is about? I am only putting this here because of a post : : Catherine made about viruses she was getting before she left on her : : trip so I supposed maybe someone else here might have had these same : : things on their computers??? : : I haven't the foggiest idea what you traced or what info you got by tracing. Did : you run the whois command on an IP address that you found in the headers of an : email? Did you run the traceroute program on an IP address? What exactly did you : do? Send me the email (or at least its headers) and I'll analyze it. : : Do yourself a favor. Ditch the Windows box and get a Linux box. It's much safer : and more versatile.
Optional link URL:
Link title:
Optional image URL: