e-mail virus warning...W32.Beagle.J@mm

TheMusicMan · Mar 10, 2004

I have received several e-mails during the course of the last week or so from e-mail addresses that appear to be associated with theMouthPiece.com. This leads me to believe that possibly many of you will also have received such e-mails... here is an example of one:

Dear user of e-mail server "Themouthpiece.com",

Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.

For details see the attach.

In order to read the attach you have to use the following password: 16561.

Sincerely,
The Themouthpiece.com team

This was sent from an email address of staff @ themouthpiece . com (with spaces here otherwise would appear as email addy) Please note: These types of e-mail are never sent from tMP. We never send password information, so we will NEVER ask you to verify your account details unless you have used the system to either register or change your password. Even as administrator here, I never even get to see passwords. At the bottom of the e-mail is what looks like the tMP URL. My McAfee antivirus extracts this URL and each time an e-mail such as this is received, it reports:

The file attached to this email was removed because it is infected with the W32.Beagle.J@mm virus.

So, if you do get any e-mails such as this, please DO NOT OPEN them. This is a virus. It does not mean that tMP is infected, moreover the sender has either doctored the sent from address field or created a spoof e-mail address. For your information, the only e-mail addresses that are active here at tMP are:

john@
roger@
ian@
rachel@
peter@
dyl@
neal@
copyright_faq@
eshop@
feedback@
orders@
sales@

And finally as a reminder, please protect your PC by always using the latest AntiVirus definition file for your Anti Virus software. tMP is protected locally by McAfee AV, and on our servers by Sophos AV.

Thanks guys 'n gals

John

rutty · Mar 10, 2004

John, our work has also had similar emails to the corporate address. It's a sneaky little b****** of a virus, and quite convincing to the more trusting among us.

I can only imagine that virii will get even more sneaky as time goes on.

AJSOP · Mar 10, 2004

yes ive had this one through fomr john@tmp. luckily it was blocked through my email so no harm was done. :lol:

TheMusicMan · Mar 10, 2004

AJSOP said:
yes ive had this one through fomr john@tmp. luckily it was blocked through my email so no harm was done. :lol:

My apologies about this Andrew. As Rutty says above, these viri are getting extremely sneaky - I hate the bas****s I really do. Please be assured that I did not send you that e-mail and the one you received had the 'sent from' field doctored to look as though it came from my e-mail address. Personally, I find this sort of thing very personally invasive and it really naffs me off.

If anyone is concerned about or has suspicions about e-mails they may have received from any official address here at tMP. DO NOT REPLY to the e-mail but rather send your own e-mail to that person asking if they sent it... the list of active e-mails used here at tMP is above.

Thanks

AJSOP · Mar 10, 2004

No. its fine. i know that it is not your fault. as i said no harm was done. thankfully. Things like these are problems in many forums and online resources. its a shame but its happening.

andyp · Mar 10, 2004

Please also see this post;

http://www.themouthpiece.com/viewtopic.php?t=5799

about Netsky viruses (very similar script).

TheMusicMan · Mar 10, 2004

Thanks Andy...

good information and advice there.

lynchie · Mar 10, 2004

got an email from our tech support people last week. apparently these 3 guys are having a competition to spread as many copies as possible... now there's a constructive use of time... :roll:

NeilW · Mar 17, 2004

That ties in well with the description of w32/bagel.j at

http://www.sophos.com/virusinfo/analyses/w32baglej.html

As it points out, the virus harvests email addresses from all sorts of files, including .htm files that it finds on the infected machine's disk (.htm files are often left around in the browser's cache). All we can tell is that SOMONE who reads tMp is infected...

There are tales of the competition between the Netsky and Bagle authors at http://www.sophos.com/virusinfo/articles/wormwar.html

Whilst I too think the writers are despicable, though their existance helps me pay the bills :!:

Nice to know that at least the servers are well protected, John

NeilW

NeilW · Mar 18, 2004

Bagle-q and Bagle-r - a new twist

"Unlike most email viruses, the two new Bagle worms do not carry email attachments, making them difficult to spot. If a user opens the message - and their version of Microsoft Outlook has not been patched against a five-month old critical vulnerability - malicious code is automatically downloaded. "

Full item at:

http://www.sophos.com/virusinfo/articles/bagletwist.html

wherein there's lots of "sound advice"...

NeilW

Heather · Mar 18, 2004

Had an e mail (plus virus) from 'NeilTwist' today.

iggmeister · Mar 18, 2004

I had some really dodgy email from Deave the other day with 2 bagels!
Is this anything to do with this?

Looked really nasty :wink:

Igg

e-mail virus warning...W32.Beagle.J@mm

TheMusicMan

tMP Founder

rutty

Active Member

AJSOP

Member

TheMusicMan

tMP Founder

AJSOP

Member

andyp

Active Member

TheMusicMan

tMP Founder

lynchie

Active Member

NeilW

Member

NeilW

Member

Heather

Member

iggmeister

Member