Fake Symantec message in Portugese



Phil Weldon
07-09-2005, 10:49 PM
More notification of an oddity than a question -

I recieve Portugese language spam on a regular basis, and now comes fake
Symantec notices (in Portugese) of a bugbear variant infection (as best as I
can translate) and that gives a friendly URL pointing to webpage that
purports to clean the infection (but that is actually a webpage served by
AOL UK.) The webpage attempts to send and induce execution of W32.Jeffo
(Symantc nomenclature.) So, alright, W32.Jeffo is old, but talk about
globalization!

Phil Weldon

Galen
07-09-2005, 10:49 PM
In news:mBrre.3611$eM6.311@newsread3.news.atl.earthlink.net,
Phil Weldon <notdiscosed@example.com> had this to say:

My reply is at the bottom of your sent message:

> More notification of an oddity than a question -
>
> I recieve Portugese language spam on a regular basis, and now comes
> fake Symantec notices (in Portugese) of a bugbear variant infection
> (as best as I can translate) and that gives a friendly URL pointing
> to webpage that purports to clean the infection (but that is actually
> a webpage served by AOL UK.) The webpage attempts to send and induce
> execution of W32.Jeffo (Symantc nomenclature.) So, alright,
> W32.Jeffo is old, but talk about globalization!
>
> Phil Weldon

I see you don't use your email address in the newsgroups. (Good idea but to
really mess things up you should try something like
@example.com.notapplicable to make sure the spam that's sent from your
domain isn't actually headed to a real URL owned by someone like example.com
who might be paying for bandwidth or having troubles of their own with
spam.) So that's not the reason your getting it. Do they have the same
subject line? If so then it should be pretty easy to filter them out if it's
a problem. At one point I was getting a LARGE amount of Asian spam. (I don't
know which language, never did figure that one out) and instead decided to
set up a filter that deleted anything that didn't contain a, e, i, o, or u
figuring if anyone sent me anything that obtuse in English I didn't want to
read it anyhow. But yeah, the internet belongs to no country and spam/UCE
knows no boundaries I suppose. Pity that there's no legislation enacted
world-wide enacting standardized form of retribution. Worse still, I don't
see anything happening to thwart the evils of the 'net being embraced by
each and every country on the globe in the near future. My crystal ball
doesn't see anything even remotely close to adequate in the distant future
beyond the betterment of current filtration techniques.

Galen
--

"And that recommendation, with the exaggerated estimate of my ability
with which he prefaced it, was, if you will believe me, Watson, the
very first thing which ever made me feel that a profession might be
made out of what had up to that time been the merest hobby."

Sherlock Holmes

Phil Weldon
07-09-2005, 10:49 PM
'Galen' wrote, in part:

I see you don't use your email address in the newsgroups. (Good idea but to
really mess things up you should try something like
@example.com.notapplicable to make sure the spam that's sent from your
domain isn't actually headed to a real URL owned by someone like example.com
"

The domain 'example.com' is reserved, and cannot be assigned, though I
suppose that 'invalid.com' might be a better choice (see RFC 2606, Section
3.)

For a while, I got a few emails per week in Chinese, but that was related to
an email exchange with a manufacturer in China. I suppose those emails
could be considered legitimate, but being unable to read Chinese, I couldn't
tell. At any rate, the trickle soom dried up, and none were infected. A
good portion of the Portuguese emails are an attempt to spread malware.

Phil Weldon

"Galen" <galennews@gmail.com> wrote in message
news:%23DuFRHOcFHA.3280@TK2MSFTNGP09.phx.gbl...
> In news:mBrre.3611$eM6.311@newsread3.news.atl.earthlink.net,
> Phil Weldon <notdiscosed@example.com> had this to say:
>
> My reply is at the bottom of your sent message:
>
>> More notification of an oddity than a question -
>>
>> I recieve Portugese language spam on a regular basis, and now comes
>> fake Symantec notices (in Portugese) of a bugbear variant infection
>> (as best as I can translate) and that gives a friendly URL pointing
>> to webpage that purports to clean the infection (but that is actually
>> a webpage served by AOL UK.) The webpage attempts to send and induce
>> execution of W32.Jeffo (Symantc nomenclature.) So, alright,
>> W32.Jeffo is old, but talk about globalization!
>>
>> Phil Weldon
>
> I see you don't use your email address in the newsgroups. (Good idea but
> to really mess things up you should try something like
> @example.com.notapplicable to make sure the spam that's sent from your
> domain isn't actually headed to a real URL owned by someone like
> example.com who might be paying for bandwidth or having troubles of their
> own with spam.) So that's not the reason your getting it. Do they have the
> same subject line? If so then it should be pretty easy to filter them out
> if it's a problem. At one point I was getting a LARGE amount of Asian
> spam. (I don't know which language, never did figure that one out) and
> instead decided to set up a filter that deleted anything that didn't
> contain a, e, i, o, or u figuring if anyone sent me anything that obtuse
> in English I didn't want to read it anyhow. But yeah, the internet belongs
> to no country and spam/UCE knows no boundaries I suppose. Pity that
> there's no legislation enacted world-wide enacting standardized form of
> retribution. Worse still, I don't see anything happening to thwart the
> evils of the 'net being embraced by each and every country on the globe in
> the near future. My crystal ball doesn't see anything even remotely close
> to adequate in the distant future beyond the betterment of current
> filtration techniques.
>
> Galen
> --
>
> "And that recommendation, with the exaggerated estimate of my ability
> with which he prefaced it, was, if you will believe me, Watson, the
> very first thing which ever made me feel that a profession might be
> made out of what had up to that time been the merest hobby."
>
> Sherlock Holmes
>

Galen
07-09-2005, 10:49 PM
In news:BjGre.4015$eM6.3045@newsread3.news.atl.earthlink.net,
Phil Weldon <notdiscosed@example.com> had this to say:

My reply is at the bottom of your sent message:

> The domain 'example.com' is reserved, and cannot be assigned, though I
> suppose that 'invalid.com' might be a better choice (see RFC 2606,
> Section

Nice! I did not know that. (There's loads of stuff I don't know by the way.)
Quite some time back before I started using a real email address (a few
years ago or so) I was using @mshome.net for similar reasons. Thanks for
sharing that. I didn't know it was reserved, makes sense that it would be.

Galen
--

"And that recommendation, with the exaggerated estimate of my ability
with which he prefaced it, was, if you will believe me, Watson, the
very first thing which ever made me feel that a profession might be
made out of what had up to that time been the merest hobby."

Sherlock Holmes


Fake Symantec message in Portugese