Evil E-mails?Follow

Got and email, make it easy heres the text:



From : <administration@allakhazam.com>
Sent : Tuesday, March 2, 2004 11:37 PM
To : Invisible@allakhazam.com
Subject : Important notify about your e-mail account.

| | | Junk E-Mail | Inbox


--------------------------------------------------------------------------------

Attachment : TextDocument.zip (17 KB)

Dear user, the management of Allakhazam.com mailing system wants to let you
know that,

Your e-mail account has been temporary disabled because of unauthorized
access.

For details see the attach.

For security purposes the attached file is password protected. Password is
"11577".

The Management,
The Allakhazam.com team
http://www.allakhazam.com



----------------------------------------------------

Okay, so I'm pretty damn sure it bogus, but I'd thought I'd check. I also recived one apparently from college with the exact same general topis, and the attachment it the same size. Plus its passwprd protected so virus scans from hotmail can not scan it. I just want to amke sure its a bad one, and if it is you may wanna make another warning for people maybe. Its a pretty clever one.

I'm a hardware man, define header info.

I got 2 of them

1) Return-path: <Nadenu@allakhazam.com>
Received: from mta19.srv.hcvlny.cv.net
(mta19.srv.hcvlny.cv.net [167.206.5.113]) by mstr4.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HTZ007L4GPSNK@mstr4.srv.hcvlny.cv.net> for
gamezrme@optonline.net; Tue, 02 Mar 2004 23:34:40 -0500 (EST)
Received: from www1.allakhazam.com (www1.allakhazam.com [216.155.41.199])
by mta19.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <0HTZ00EBBGPCJ5@mta19.srv.hcvlny.cv.net> for
gamezrme@optonline.net (ORCPT gamezrme@optonline.net); Tue,
02 Mar 2004 23:34:25 -0500 (EST)
Received: from DRGRAY (far3278.urh.uiuc.edu [130.126.218.108])
by www1.allakhazam.com (8.12.8/8.12.2) with SMTP id i234Yhkr071314 for
<johnnny@allakhazam.com>; Tue, 02 Mar 2004 23:34:43 -0500 (EST)
Date: Tue, 02 Mar 2004 22:34:33 -0600
From: staff@allakhazam.com
Subject: Notify about using the e-mail account.
To: johnnny@allakhazam.com
Message-id: <jpuocaqdveaiwjhnlkb@allakhazam.com>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_uBVQ6l3jH4EZbsuPROsDOg)"
Original-recipient: rfc822;gamezrme@optonline.net


--Boundary_(ID_uBVQ6l3jH4EZbsuPROsDOg)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT

Dear user of e-mail server "Allakhazam.com",

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.

For details see the attach.

For security reasons attached file is password protected. The password is "11577".

Kind regards,
The Allakhazam.com team http://www.allakhazam.com

--Boundary_(ID_uBVQ6l3jH4EZbsuPROsDOg)
Content-type: application/octet-stream; name=Document.zip
Content-transfer-encoding: base64
Content-disposition: attachment; filename=Document.zip


2)Content-type: message/rfc822

Return-path: <johnnny@allakhazam.com>
Received: from www1.allakhazam.com ([216.155.41.199])
by mc12-f3.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Tue,
02 Mar 2004 20:35:57 -0800
Received: from DRGRAY (far3278.urh.uiuc.edu [130.126.218.108])
by www1.allakhazam.com (8.12.8/8.12.2) with SMTP id i234Yhkr071320 for
<Skeeter@allakhazam.com>; Tue, 02 Mar 2004 23:34:43 -0500 (EST)
Date: Tue, 02 Mar 2004 22:34:33 -0600
From: administration@allakhazam.com
Subject: Email account utilization warning.
To: Skeeter@allakhazam.com
Message-id: <jnoxhedpkdvfyyfejge@allakhazam.com>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_+frWGtnJDkb2S+GZaLOp4g)"
X-OriginalArrivalTime: 03 Mar 2004 04:35:57.0755 (UTC)
FILETIME=[05BF68B0:01C400D9]


--Boundary_(ID_+frWGtnJDkb2S+GZaLOp4g)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT

Dear user of Allakhazam.com gateway e-mail server,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

Advanced details can be found in attached file.

Attached file protected with the password for security reasons. Password is 11577.

The Management,
The Allakhazam.com team http://www.allakhazam.com

--Boundary_(ID_+frWGtnJDkb2S+GZaLOp4g)
Content-type: application/octet-stream; name=Information.zip
Content-transfer-encoding: base64
Content-disposition: attachment; filename=Information.zip

Happy hunting Kaolian!

I got one today supposedly from my ISP. My virus program killed it before I even saw it. But as soon as I read the body I knew it was garbage. Its very straightforward crap. "Due to improper use your email account will be terminated in 3 days. Please see attachment." If this is all the info they give in the body and there is an attachment then its bogus. Thats for anyone who may not be running an anti virus program. Delete the attachment immediately. DO NOT OPEN IT!

If it were real, your ISP or any other provider of service will most likely call you by your real name. They will provide much more detail in the body. And they will give you contact information within the body. They will never send an attachment. And they will never ask for your user name or password.

Perhaps you should sticky something like this on all threads Mr and Mrs Admins.