Google Blogoscoped


Gmail-esque virus?

Stuk [PersonRank 1]

Wednesday, June 14, 2006
16 years ago2,662 views

Not to cause any panicing, but I recived an email today, purporting to be from Gmail, that appeared to be a virus type email.

It had the subject "Protected Message from user.", from noreply[put at-character here], and came with a an attatchment of (which of course hasn't been opened yet)

The full email (with some bits removed) is bellow:

From – Wed Jun 14 10:57:23 2006
X-Account-Key: account1
X-UIDL: UID2592-1075236202
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Envelope-to: ----------------------
Delivery-date: Wed, 14 Jun 2006 00:09:04 +0100
Received: by with spam-scanned (PlusNet MXCore v2.00) id 1FqI0M-0007PK-Ul
for ----------------------; Wed, 14 Jun 2006 00:09:04 +0100
Received: from localhost ([])
by with esmtp (PlusNet MXCore v2.00) id 1FqI0M-0007OZ-Oi
for ----------------------; Wed, 14 Jun 2006 00:09:02 +0100
Received: from [] ( with esmtp (PlusNet MXCore v2.00) id 1FqI0K-0007KX-0c for ----------------------; Wed, 14 Jun 2006 00:09:01 +0100
Date: Thu, 15 Jun 2006 02:08:59 +0400
From: noreply[put at-character here]
X-Mailer: frmpeszy
Reply-To: noreply[put at-character here]
X-Priority: 3 (Normal)
Message-ID: 495--4363.260--77722[put at-character here]
To: ----------------------
Subject: Protected Message from user.
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)
X-PN-SpamFiltered: by PlusNet MXCore (v2.00)
X-Antivirus: AVG for E-mail 7.1.394 [268.8.4/363]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=B1D07F88

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

You have received Protected Message

To read the message open attached file.

User ID: 2--06
Password: 59--a12

Keep your password in a safe place.

Thank you,
Secure Message System,
http://wowflash.1gb.r u – COOL flash!

And then an attatchment at the bottom. Things to note:
o IP resolves to Republic of Belarus, near Russia ( (
o None of the virus scanners (AVG and my ISP's) have said anything
o There's a strange Message-ID header: Message-ID: 495--4363.260--77722[put at-character here] that I don't know about.

It all looks very good, apart from the fect it wasn't sent from a google server.

Any thoughts by anyone?


Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!