Dodgy Valentines Card email

[Potblak]

Just received an email inviting me to d/l my valentines card from
http://iz.thevalentineparty.com

Where I'm invited to 'click here' for a card, which is actually a file
"valentine.exe"

Yeah, right!

I leave it to you experts to determine what it is.

 

[Potblak]

Just received an email inviting me to d/l my valentines card from
http://iz.thevalentineparty.com

Where I'm invited to 'click here' for a card, which is actually a file
"valentine.exe"

Yeah, right!

I leave it to you experts to determine what it is.

AVG identified it as i-worm Nuwar.AD

 

[Buffalo]

Just received an email inviting me to d/l my valentines card from
http://i

Where I'm invited to 'click here' for a card, which is actually a file
"valentine.exe"

Yeah, right!

I leave it to you experts to determine what it is.

You really shouldn't post the link to that. Some people will automatically
click on it and get infected.

 

[Potblak]

You really shouldn't post the link to that. Some people will automatically
click on it and get infected.

But if I put a big "DON"T CLICK HERE" sign it should be alright, shouldn't
it?


Its an Anti-Virus group.
I expect people to have a modicum of intelligence.

 

[Buffalo]

But if I put a big "DON"T CLICK HERE" sign it should be alright,
shouldn't it?


Its an Anti-Virus group.
I expect people to have a modicum of intelligence.

My opinion, NO . But that is only my opinion.

 

[Dave Cohen]

My opinion, NO . But that is only my opinion.

Personally I would simply delete the message, probably from the server
without downloading since I use mailwasher.
However, there is a difference in opening an .exe file and visiting a
site. The safer way would be to copy or type the url into your browser.
After that you would have to use your judgement. Sending greeting cards
can be legitimate, but at some point you will be required to open a
file. With 320gb portable hd's that run on usb power, the very best
protection is to keep image backups of the system partition in the event
your AV program lets something get thru'.
Dave Cohen
Dave Cohen

 

[Potblak]

My opinion, NO . But that is only my opinion.

Well actually, I did consider munging the link, but then I thought I might
get flamed because it was broken!

And considering some of the posters here, you might have a point.
But then I can always fall back on ITYS

 

[FromTheRafters]

But if I put a big "DON"T CLICK HERE" sign it should be alright, shouldn't
it?
http://blog.didierstevens.com/2007/05/07/is-your-pc-virus-free-get-it-infected-here/

Its an Anti-Virus group.
I expect people to have a modicum of intelligence.

Great expectations.

 

[Buffalo]

Well actually, I did consider munging the link, but then I thought I
might get flamed because it was broken!

And considering some of the posters here, you might have a point.
But then I can always fall back on ITYS

You do have a very valid point.

 

[Potblak]

Point taken Dave.

 

[Potblak]

Point taken, Dave.
If there weren't morons, I suppose these things would never propagate.
But there will still be people curious (or should I say strange?) enough to
cut and paste the obfuscated url into their browser!
But:
It does take a further click to get infected.
The actual link in the email I received had a live link which automatically
downloaded and executed the worm.
Naturally I did not post that.

 

[Duh_OZ]

Just submitted it to VT - new one on the market, just 6 ID'ed it.

http://www.virustotal.com/analisis/d83f1c62467b49bc237f0317324dcc61