Marcus L. Rowland (ffutures) wrote,
Marcus L. Rowland

Another cunning virus ploy

Received this tonight (read in mailwasher, needless to say with great care)

Dear user of,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For further details see the attach.

Best wishes,
The team

Needless to say "the attach" is a .pif file called morinfo, presumably a virus payload of some sort. That or Ntlworld technical support are TRULY stupid, because there is no way I'm opening an attachment of that sort.

Here's the full header, for anyone who's interested or wants to take a crack at tracing the source. I've replaced the usual HTML brackets with curly brackets in what follows and deleted my address:

Return-Path: {czVrldGLqVJAFwia@00.d0.59.f5.d0.2a}
Received: from dispatch ([]) by
(InterMail vM. 201-229-121-137-20020806) with SMTP
id {}
for {};
Thu, 4 Mar 2004 15:54:43 +0000
Date: Thu, 04 Mar 2004 08:56:56 -0700
Subject: Warning about your e-mail account.
Message-ID: {}
MIME-Version: 1.0
Content-Type: multipart/mixed;

Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened