BetaONE will rise again! - Infected email from betaone?

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)

- Chit Chat (http:\\b1.hcanet.com\forum/forumdisplay.php?f=25)

- - Infected email from betaone? (http:\\b1.hcanet.com\forum/showthread.php?t=19261)

Infected email from betaone?

I got this email claming to be from BetaONE that my AV tagged as infected with "W32.Mytob.EB@mm" virus.

I know it wouldn't really come from BetaONE, but it came in through my betaone.net email address so I thought I would bring it to everyones attention so they don't try to open it.
It was a zip file containing a file that ended in .doc (whole lot of spaces) .pif

Quote:

Dear user dave,

It has come to our attention that your Betaone User Profile ( x ) records are out of date. For further details see the attached document.

Thank you for using Betaone!
The Betaone Support Team

+++ Attachment: No Virus (Clean)
+++ Betaone Antivirus - www.betaone.net

Message source:

Quote:

X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Received: from betaone.net ([88.106.167.64]) by elgus.net with MailEnable ESMTP; Mon, 13 Feb 2006 14:58:17 -0600
From: support@betaone.net
To: (my addy)@betaone.net
Subject: Warning Message: Your services near to be closed.
Date: Mon, 13 Feb 2006 20:58:25 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_BE4E1583.F6B45525"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000_0001_BE4E1583.F6B45525
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

<html>
<body>
 Dear user dave, 
 It has come to our attention that your Betaone User Profile ( x ) records are out of date. For further details see the attached document. 
 Thank you for using Betaone!
 The Betaone Support Team 
 
 +++ Attachment: No Virus (Clean)
 +++ Betaone Antivirus - www.betaone.net
</body>
</html>

------=_NextPart_000_0001_BE4E1583.F6B45525
Content-Type: application/octet-stream;
name="important-details.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="important-details.zip"
UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA==
------=_NextPart_000_0001_BE4E1583.F6B45525--

Be carefull everyone!
Dave

As far as I know We have never sent out any Emails with a "you need to update anything" message.

And If we did send out a email it would not have a attachment.

user needs

I know you guys would never do that, I was just posting to warn everyone else since all the members here trust the forum I wouldn't want them to fall for it.

Dam sleazy how they made the email look like it came from betone.

Can't remember for sure Dave. But I don't think B1 even uses support@betaone.net.
Thanks for the headsup, and if the admins don't see this we'll drop them a line. ;)

Will look into this but looks like a typical phish ;)

Thanks for the heads up Dave to the other members :thumbsup:

And yes Al I don't think we use that either :)

/JD

Thanks John, and wassup, bud? :)

Is there a relay open for the mail server?

Nah Cybie - see below:

------------------------------------------------------

% Information related to '88.104.0.0 - 88.107.255.255'

inetnum: 88.104.0.0 - 88.107.255.255
netname: DSL-TISCALI-UK
descr: Tiscali UK Ltd
descr: Milton Keynes
descr: Dynamic DSL
descr: ================================================== ========
descr: Concerning abuse and spam ... mailto: *****@uk.tiscali.com
descr: e-mail to other addresses will not be dealt with.
descr: ================================================== ========
country: GB
--------------------------------------------------------------

It was sent from an IP in that range above ;)

No fear - way to stay on your toes Dave :thumbsup:

Al - wassup - I miss you :kiss:

Hope all is well with yah :)

/JD

Yeah I hate spammers!!!