ANYONE GETTIN THIS IVE NEVER BEEN TO THAT SITE AND THE LINK DONT WORK

  • Thread starter Thread starter Keanu Reeves
  • Start date Start date
K

Keanu Reeves

adductedheedsbunchingrumbleimmigrate
Why did you post this message at www.sweforums.com (In the third window).
Your email was provided in comments. What does this post mean?
I'll contact your internet provider if you do not delete it in 5 hours.
Delete this information asap. Our operators will check it in 5 hours.
precessionsuckspyramidrepairerrejected
besmirchastrologycoherentlystudsslanted
ovaryScythiavillagersMalibustoutness
Sweforum team
10155 S. Knoll Circle
Highlands Ranch,
CO 80130
United States
 
Cheers m8 Just i always worry when i get stuff like that..Thought it was
some virus i had on me pc which i didnt no about looks like its just a loada
rubish.
 
Keanu Reeves said:
sorry 4 the caps in the header
Click to expand...


Me too, oh here we go with the "me toos" !

sweforums.com is registered to:

Registrant:
Jeffery Barrie (LTQKOEPSMD)
34 Appleyard Drive
Bartonon Humber DN185TD
UK
Domain Name: SWEFORUMS.COM
Administrative Contact Technical Contact:
Jeffery Barrie (e-mail address removed)

34 Appleyard Drive
Bartonon Humber DN185TD
UK
90257302

Anyone care to pay Jeffery a visit? ;-)

Andy
 
Keanu Reeves said:
Cheers m8 Just i always worry when i get stuff like that..Thought it was
some virus i had on me pc which i didnt no about looks like its just a loada
rubish.
Click to expand...

Me too and it confirms my suspicions (I had a few worries about an
address being forged on a forum).

The URLs (if you unpick it there are a couple) in the email generate a
404 Not Found (I disabled ActiveX and other stuff and was running
firewall and AV in case it existed and tried to download anything)
though there are genuine sites with somewhat similar names. At a
guess it is mimicking swforums site's URL.

I'm assuming it is an attempt to get people to verify their email addy
to a spammer by sending panicky emails to the address saying they
can't reach the site (it being non-existent). Alternatively the site
existed, contained viral content and has been taken down. My other
thought was someone forging my addy (it was not sent to this address,
but to my Freeserve address). I haven't seen any copies on my AOL
addresses.

The html source of the email had all sorts of junk strings in to
defeat spam filters. I went with hypothesis 1 - trick people into
replying and harvesting their addresses - but tried to forward it to
Freeserve. However it does some very odd things when forwarded
(generating mail-loops), resulting in it being bounced back.

I'm probably late into this discussion as Google Groups has a bit of a
lag, but thought I'd add my 2 penn'orth.

The source for the one I got is:

********************************************

[header mostly removed for privacy]
From: "Martin" <[email protected]>
Subject: What does this post mean? Your email was provided in comments
<html>
<body bgcolor=

"#e9f3fe" text="#000000">
<font color=

#ffffef>puzzlesredrawncannonballprotestantBroglie</font><br>
Why did you post this message at <a hrefvoteshref=http://asteroid.com
href=

"http://www.sweforums.com">www.sweforums.com </a> (In the third
window).
Your email was provided in comments.
What does this post mean?<br> I'll contact your internet provider if
you do not delete
it in 5 hours. Delete this information asap. Our operators will
check it in 5 hours.
<font color=

#ffffef>dispatchedastronautpurerregalreefer</font><br>
<font color=

#ffffef>chickenwishfulmuttonincredibleOttawa</font><br>
<font color=

#ffffef>welcominggettercopiersterminatorducked</font><br>
Sweforum team <br>
10155 S. Knoll Circle <br>
Highlands Ranch, <br>
CO 80130 <br>
United States<br>

<font color=

#ffffef>dedicatesquackedplanetssparkingfeverishly</font><br>
<font color=

#ffffef>tuliphangoversmartialMaguiresdefiance</font><br>
</body>
</html>

************************************
Cheers

Sarah
 
Moggycat said:
Keanu Reeves said:
Cheers m8 Just i always worry when i get stuff like that..Thought it was
some virus i had on me pc which i didnt no about looks like its just a loada
rubish.
Click to expand...


Me too and it confirms my suspicions (I had a few worries about an
address being forged on a forum).

The URLs (if you unpick it there are a couple) in the email generate a
404 Not Found (I disabled ActiveX and other stuff and was running
firewall and AV in case it existed and tried to download anything)
though there are genuine sites with somewhat similar names. At a
guess it is mimicking swforums site's URL.

I'm assuming it is an attempt to get people to verify their email addy
to a spammer by sending panicky emails to the address saying they
can't reach the site (it being non-existent). Alternatively the site
existed, contained viral content and has been taken down. My other
thought was someone forging my addy (it was not sent to this address,
but to my Freeserve address). I haven't seen any copies on my AOL
addresses.

The html source of the email had all sorts of junk strings in to
defeat spam filters. I went with hypothesis 1 - trick people into
replying and harvesting their addresses - but tried to forward it to
Freeserve. However it does some very odd things when forwarded
(generating mail-loops), resulting in it being bounced back.

I'm probably late into this discussion as Google Groups has a bit of a
lag, but thought I'd add my 2 penn'orth.

The source for the one I got is:

********************************************

[header mostly removed for privacy]
From: "Martin" <[email protected]>
Subject: What does this post mean? Your email was provided in comments
<html>
<body bgcolor=

"#e9f3fe" text="#000000">
<font color=

#ffffef>puzzlesredrawncannonballprotestantBroglie</font><br>
Why did you post this message at <a hrefvoteshref=http://asteroid.com
href=

"http://www.sweforums.com">www.sweforums.com </a> (In the third
window).
Your email was provided in comments.
What does this post mean?<br> I'll contact your internet provider if
you do not delete
it in 5 hours. Delete this information asap. Our operators will
check it in 5 hours.
<font color=

#ffffef>dispatchedastronautpurerregalreefer</font><br>
<font color=

#ffffef>chickenwishfulmuttonincredibleOttawa</font><br>
<font color=

#ffffef>welcominggettercopiersterminatorducked</font><br>
Sweforum team <br>
10155 S. Knoll Circle <br>
Highlands Ranch, <br>
CO 80130 <br>
United States<br>

<font color=

#ffffef>dedicatesquackedplanetssparkingfeverishly</font><br>
<font color=

#ffffef>tuliphangoversmartialMaguiresdefiance</font><br>
</body>
</html>

************************************
Cheers

Sarah
Click to expand...
Switch you browser name toa longer name say iDFD#$explorer.exe and
under properties make a new short cut by finding target and replace old
name of iexplorer.exe any cookie should pass on by you. enjoy
 
Though I don't like to say it, its quite a clever attempt to get you
go to a site which uses known exploits to download a trojan dropper
onto your machine.

There are a couple of MSIE exploits known to be able to drop an .exe
file onto your machine and execute it. If successful this site will
install Win32.PWS.Banker and Win32.LdPinch onto your machine without
your knowledge.

Ensure you have patched or have the latest version of MSIE to be safe.

There is currently a discussion about this one on-going in:

news.admin.net-abuse.email

[header mostly removed for privacy]
From: "Martin" <[email protected]>
Subject: What does this post mean? Your email was provided in comments
<html>
<body bgcolor=

"#e9f3fe" text="#000000">
<font color=

#ffffef>puzzlesredrawncannonballprotestantBroglie</font><br>
Why did you post this message at <a hrefvoteshref=http://asteroid.com
href=

"http://www.sweforums.com">www.sweforums.com </a> (In the third
window).
Your email was provided in comments.
What does this post mean?<br> I'll contact your internet provider if
you do not delete
it in 5 hours. Delete this information asap. Our operators will
check it in 5 hours.
<font color=

#ffffef>dispatchedastronautpurerregalreefer</font><br>
<font color=

#ffffef>chickenwishfulmuttonincredibleOttawa</font><br>
<font color=

#ffffef>welcominggettercopiersterminatorducked</font><br>
Sweforum team <br>
10155 S. Knoll Circle <br>
Highlands Ranch, <br>
CO 80130 <br>
United States<br>

<font color=

#ffffef>dedicatesquackedplanetssparkingfeverishly</font><br>
<font color=

#ffffef>tuliphangoversmartialMaguiresdefiance</font><br>
</body>
</html>
Click to expand...
Click to expand...
 
Darren said:
Though I don't like to say it, its quite a clever attempt to get you
go to a site which uses known exploits to download a trojan dropper
onto your machine.

There are a couple of MSIE exploits known to be able to drop an .exe
file onto your machine and execute it. If successful this site will
install Win32.PWS.Banker and Win32.LdPinch onto your machine without
your knowledge.

Ensure you have patched or have the latest version of MSIE to be safe.
Click to expand...

There appear to be a couple of unpatched IE holes still. Even with IE
6.0 SP1 + full patches. A lot of DoS (Denial of Service) are also being
posted on "full disclosure" list.

Mozilla or turning active scripting off may stop them. I'm curious if
AVG or ZoneAlarm can block them.

IMHO, IE has more holes than swiss cheese.

michael
 
Back
Top