Gmail-esque virus? - Google Blogoscoped Forum

Forum

Gmail-esque virus?
Stuk	Wednesday, June 14, 2006 18 years ago • 2,846 views
Not to cause any panicing, but I recived an email today, purporting to be from Gmail, that appeared to be a virus type email. It had the subject "Protected Message from Gmail.com user.", from noreplygmail.com, and came with a an attatchment of msg.zip (which of course hasn't been opened yet) The full email (with some bits removed) is bellow: From – Wed Jun 14 10:57:23 2006 X-Account-Key: account1 X-UIDL: UID2592-1075236202 X-Mozilla-Status: 0001 X-Mozilla-Status2: 10000000 Envelope-to: ---------------------- Delivery-date: Wed, 14 Jun 2006 00:09:04 +0100 Received: by pih-mxcore09.plus.net with spam-scanned (PlusNet MXCore v2.00) id 1FqI0M-0007PK-Ul for ----------------------; Wed, 14 Jun 2006 00:09:04 +0100 Received: from localhost ([127.0.0.1]) by pih-mxcore09.plus.net with esmtp (PlusNet MXCore v2.00) id 1FqI0M-0007OZ-Oi for ----------------------; Wed, 14 Jun 2006 00:09:02 +0100 Received: from [213.184.242.124] (helo=tg.com)by pih-mxcore09.plus.net with esmtp (PlusNet MXCore v2.00) id 1FqI0K-0007KX-0c for ----------------------; Wed, 14 Jun 2006 00:09:01 +0100 Date: Thu, 15 Jun 2006 02:08:59 +0400 From: noreplygmail.com X-Mailer: frmpeszy Reply-To: noreplygmail.com X-Priority: 3 (Normal) Message-ID: 495--4363.260--77722gmail.com To: ---------------------- Subject: Protected Message from Gmail.com user. X-PN-VirusFiltered: by PlusNet MXCore (v2.00) X-PN-SpamFiltered: by PlusNet MXCore (v2.00) X-Antivirus: AVG for E-mail 7.1.394 [268.8.4/363] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=B1D07F88 --B1D07F88 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit You have received Protected Message To read the message open attached file. User ID: 2--06 Password: 59--a12 Keep your password in a safe place. Thank you, Secure Message System, Gmail.com _________ http://wowflash.1gb.r u – COOL flash! And then an attatchment at the bottom. Things to note: o IP resolves to Republic of Belarus, near Russia (http://en.wikipedia.org/wiki/Republic_of_Belarus) (http://www.dnsstuff.com/tools/whois.ch?ip=213.184.242.124) o None of the virus scanners (AVG and my ISP's) have said anything o There's a strange Message-ID header: Message-ID: 495--4363.260--77722gmail.com that I don't know about. It all looks very good, apart from the fect it wasn't sent from a google server. Any thoughts by anyone? Stuk

Advertisement

Blog | Forum more >> Archive | Feed | Google's blogs | About

Advertisement

This site unofficially covers Google™ and more with some rights reserved. Join our forum!