Somebody has me in the their address book and has a virus. I have no idea who it is, but most likely if they have me in their address book, they may also have other readers of this site in their address books as well. This is a public service announcement.
Recently, I have have been getting many supposedly official-looking emails claiming to be sent from admin@elbuzzard.com or info@elbuzzard.com. Since I am the adminstrator of elbuzzard.com, I find these kind of funny. These emails are all a part of an elaborate hoax, attempting to spread a virus in the .zip attachment.
This is what the emails look like:
Dear Elbuzzard Member,
We have temporarily suspended your email account buzz@elbuzzard.com.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Elbuzzard account.Sincerely,The Elbuzzard Support Team
+++ Attachment: No Virus (Clean)
+++ Elbuzzard Antivirus – www.elbuzzard.com
It is safe to IGNORE and/or DELETE these emails.
DO NOT follow the “instructionsâ€,
DO NOT open the attachment, and
DO NOT follow the links.
The big hint should be the “+++ Attachment: No Virus (Clean)”.
I repeat: DO NOT OPEN THE ZIP ATTACHMENT. I’m tired of getting these emails.
If you are reading this, and think it may be you who opened a similar email, let me know, and I’ll help you clean your machine.
Here’s a technical description of what this virus is, from the IT department of the School District of San Francisco.
Newer, more elaborate viruses have the ability to hijack the Email Address book of the infected user. The virus uses this information to send “spoofed†emails to any of the addresses contained therein. Below is a step-by-step description of the process:
* A user’s computer is infected by the virus.
* The virus scans the email address book of the infected computer.
* The virus attempts to disguise itself as an administrator of the user’s domain by adding a phony prefix, such as, “admin†onto the user’s email domain (the bogus email might claim to be from “admin@muse.sfusd.edu”, for example.)
* Using this phony address, the virus spoofs the “From†address.
* Next, the virus sends a false message to all addresses in the user’s email address book.
* Finally, the virus is propagated to each of the email recipients, where the process is repeated again and again.
My computer is slow. Did I do it?
I dunno. I’ll get you some virus software and we’ll see.
I found some additional information here: http://ask.metafilter.com/mefi/22573
it’s not me. i swear.
I think this is a double-double hoax from Buzz
It’s that rat bastard Samir Pathak.
I did a who is on the ip address 201.160.174.19, where the mail originated. Who knows if its real or not, but they all come from the same ip range.
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 202.160.160.0 – 202.160.175.255
netname: D2V-IN
descr: D2V ISP PVT.LTD
descr: Internet Service Provider
descr: 85/8,Sampatrao Colony,
descr: Alkapuri,Vadodara.390001
country: IN
admin-c: SP680-AP
tech-c: SP680-AP
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20030623
mnt-by: APNIC-HM
mnt-lower: MAINT-IN-D2V
mnt-routes: MAINT-IN-D2V
source: APNIC
person: Samir Pathak
nic-hdl: SP680-AP
e-mail: shpathak@d2visp.com
address: 85/B Sampatrao Colony
address: Alkapuri,Vadodara 390007
address: Gujarat, INDIA
phone: +91-265-2324065
fax-no: +91-265-2322501
country: IN
changed: shpathak@d2visp.com 20050428
mnt-by: MAINT-IN-D2V
source: APNIC
i used to get those on luparmail all the time (lupar.org, my normal board with Pinky etc) we finally dumped the whole mail system and redid it like 2 weeks ago. Couldn’t have been me passing it to you tho, I emailed you from gmail. 🙁