adductedheedsbunchingrumbleimmigrate
Why did you post this message at www.sweforums.com (In the third window).
Your email was provided in comments. What does this post mean?
I'll contact your internet provider if you do not delete it in 5 hours.
Delete this information asap. Our operators will check it in 5 hours.
precessionsuckspyramidrepairerrejected
besmirchastrologycoherentlystudsslanted
ovaryScythiavillagersMalibustoutness
Sweforum team
10155 S. Knoll Circle
Highlands Ranch,
CO 80130
United States

sorry 4 the caps in the header
"Keanu Reeves" <(E-Mail Removed)> wrote in message
news:cfud4n$huv$(E-Mail Removed)...
> adductedheedsbunchingrumbleimmigrate
> Why did you post this message at www.sweforums.com (In the third window).
> Your email was provided in comments. What does this post mean?
> I'll contact your internet provider if you do not delete it in 5 hours.
> Delete this information asap. Our operators will check it in 5 hours.
> precessionsuckspyramidrepairerrejected
> besmirchastrologycoherentlystudsslanted
> ovaryScythiavillagersMalibustoutness
> Sweforum team
> 10155 S. Knoll Circle
> Highlands Ranch,
> CO 80130
> United States
>

Yup, I got one a few hours ago!

Cheers m8 Just i always worry when i get stuff like that..Thought it was
some virus i had on me pc which i didnt no about looks like its just a loada
rubish.
"Milton Banana" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yup, I got one a few hours ago!
>

"Keanu Reeves" <(E-Mail Removed)> wrote in message
news:cfuek4$aj1$(E-Mail Removed)...
> sorry 4 the caps in the header
> "Keanu Reeves" <(E-Mail Removed)> wrote in message
> news:cfud4n$huv$(E-Mail Removed)...
> > adductedheedsbunchingrumbleimmigrate
> > Why did you post this message at www.sweforums.com (In the third
window).
> > Your email was provided in comments. What does this post mean?
> > I'll contact your internet provider if you do not delete it in 5 hours.
> > Delete this information asap. Our operators will check it in 5 hours.
> > precessionsuckspyramidrepairerrejected
> > besmirchastrologycoherentlystudsslanted
> > ovaryScythiavillagersMalibustoutness
> > Sweforum team
> > 10155 S. Knoll Circle
> > Highlands Ranch,
> > CO 80130
> > United States


Me too, oh here we go with the "me toos" !

sweforums.com is registered to:

Registrant:
Jeffery Barrie (LTQKOEPSMD)
34 Appleyard Drive
Bartonon Humber DN185TD
UK
Domain Name: SWEFORUMS.COM
Administrative Contact Technical Contact:
Jeffery Barrie (E-Mail Removed)

34 Appleyard Drive
Bartonon Humber DN185TD
UK
90257302

Anyone care to pay Jeffery a visit? ;-)

Andy

"Keanu Reeves" <(E-Mail Removed)> wrote in message news:<cfuj3l$mn$(E-Mail Removed)>...
> Cheers m8 Just i always worry when i get stuff like that..Thought it was
> some virus i had on me pc which i didnt no about looks like its just a loada
> rubish.
> "Milton Banana" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Yup, I got one a few hours ago!
> >

Me too and it confirms my suspicions (I had a few worries about an
address being forged on a forum).

The URLs (if you unpick it there are a couple) in the email generate a
404 Not Found (I disabled ActiveX and other stuff and was running
firewall and AV in case it existed and tried to download anything)
though there are genuine sites with somewhat similar names. At a
guess it is mimicking swforums site's URL.

I'm assuming it is an attempt to get people to verify their email addy
to a spammer by sending panicky emails to the address saying they
can't reach the site (it being non-existent). Alternatively the site
existed, contained viral content and has been taken down. My other
thought was someone forging my addy (it was not sent to this address,
but to my Freeserve address). I haven't seen any copies on my AOL
addresses.

The html source of the email had all sorts of junk strings in to
defeat spam filters. I went with hypothesis 1 - trick people into
replying and harvesting their addresses - but tried to forward it to
Freeserve. However it does some very odd things when forwarded
(generating mail-loops), resulting in it being bounced back.

I'm probably late into this discussion as Google Groups has a bit of a
lag, but thought I'd add my 2 penn'orth.

The source for the one I got is:

********************************************

[header mostly removed for privacy]
From: "Martin" <(E-Mail Removed)>
Subject: What does this post mean? Your email was provided in comments
<html>
<body bgcolor=

"#e9f3fe" text="#000000">
<font color=

#ffffef>puzzlesredrawncannonballprotestantBroglie</font><br>
Why did you post this message at <a hrefvoteshref=http://asteroid.com
href=

"http://www.sweforums.com">www.sweforums.com </a> (In the third
window).
Your email was provided in comments.
What does this post mean?<br> I'll contact your internet provider if
you do not delete
it in 5 hours. Delete this information asap. Our operators will
check it in 5 hours.
<font color=

#ffffef>dispatchedastronautpurerregalreefer</font><br>
<font color=

#ffffef>chickenwishfulmuttonincredibleOttawa</font><br>
<font color=

#ffffef>welcominggettercopiersterminatorducked</font><br>
Sweforum team <br>
10155 S. Knoll Circle <br>
Highlands Ranch, <br>
CO 80130 <br>
United States<br>

<font color=

#ffffef>dedicatesquackedplanetssparkingfeverishly</font><br>
<font color=

#ffffef>tuliphangoversmartialMaguiresdefiance</font><br>
</body>
</html>

************************************
Cheers

Sarah

Moggycat wrote:

> "Keanu Reeves" <(E-Mail Removed)> wrote in message news:<cfuj3l$mn$(E-Mail Removed)>...
>
>>Cheers m8 Just i always worry when i get stuff like that..Thought it was
>>some virus i had on me pc which i didnt no about looks like its just a loada
>>rubish.
>>"Milton Banana" <(E-Mail Removed)> wrote in message
>>news:(E-Mail Removed)...
>>
>>>Yup, I got one a few hours ago!
>>>
>
>
> Me too and it confirms my suspicions (I had a few worries about an
> address being forged on a forum).
>
> The URLs (if you unpick it there are a couple) in the email generate a
> 404 Not Found (I disabled ActiveX and other stuff and was running
> firewall and AV in case it existed and tried to download anything)
> though there are genuine sites with somewhat similar names. At a
> guess it is mimicking swforums site's URL.
>
> I'm assuming it is an attempt to get people to verify their email addy
> to a spammer by sending panicky emails to the address saying they
> can't reach the site (it being non-existent). Alternatively the site
> existed, contained viral content and has been taken down. My other
> thought was someone forging my addy (it was not sent to this address,
> but to my Freeserve address). I haven't seen any copies on my AOL
> addresses.
>
> The html source of the email had all sorts of junk strings in to
> defeat spam filters. I went with hypothesis 1 - trick people into
> replying and harvesting their addresses - but tried to forward it to
> Freeserve. However it does some very odd things when forwarded
> (generating mail-loops), resulting in it being bounced back.
>
> I'm probably late into this discussion as Google Groups has a bit of a
> lag, but thought I'd add my 2 penn'orth.
>
> The source for the one I got is:
>
> ********************************************
>
> [header mostly removed for privacy]
> From: "Martin" <(E-Mail Removed)>
> Subject: What does this post mean? Your email was provided in comments
> <html>
> <body bgcolor=
>
> "#e9f3fe" text="#000000">
> <font color=
>
> #ffffef>puzzlesredrawncannonballprotestantBroglie</font><br>
> Why did you post this message at <a hrefvoteshref=http://asteroid.com
> href=
>
> "http://www.sweforums.com">www.sweforums.com </a> (In the third
> window).
> Your email was provided in comments.
> What does this post mean?<br> I'll contact your internet provider if
> you do not delete
> it in 5 hours. Delete this information asap. Our operators will
> check it in 5 hours.
> <font color=
>
> #ffffef>dispatchedastronautpurerregalreefer</font><br>
> <font color=
>
> #ffffef>chickenwishfulmuttonincredibleOttawa</font><br>
> <font color=
>
> #ffffef>welcominggettercopiersterminatorducked</font><br>
> Sweforum team <br>
> 10155 S. Knoll Circle <br>
> Highlands Ranch, <br>
> CO 80130 <br>
> United States<br>
>
> <font color=
>
> #ffffef>dedicatesquackedplanetssparkingfeverishly</font><br>
> <font color=
>
> #ffffef>tuliphangoversmartialMaguiresdefiance</font><br>
> </body>
> </html>
>
> ************************************
> Cheers
>
> Sarah
Switch you browser name toa longer name say iDFD#$explorer.exe and
under properties make a new short cut by finding target and replace old
name of iexplorer.exe any cookie should pass on by you. enjoy

Though I don't like to say it, its quite a clever attempt to get you
go to a site which uses known exploits to download a trojan dropper
onto your machine.

There are a couple of MSIE exploits known to be able to drop an .exe
file onto your machine and execute it. If successful this site will
install Win32.PWS.Banker and Win32.LdPinch onto your machine without
your knowledge.

Ensure you have patched or have the latest version of MSIE to be safe.

There is currently a discussion about this one on-going in:

news.admin.net-abuse.email


> >
> > [header mostly removed for privacy]
> > From: "Martin" <(E-Mail Removed)>
> > Subject: What does this post mean? Your email was provided in comments
> > <html>
> > <body bgcolor=
> >
> > "#e9f3fe" text="#000000">
> > <font color=
> >
> > #ffffef>puzzlesredrawncannonballprotestantBroglie</font><br>
> > Why did you post this message at <a hrefvoteshref=http://asteroid.com
> > href=
> >
> > "http://www.sweforums.com">www.sweforums.com </a> (In the third
> > window).
> > Your email was provided in comments.
> > What does this post mean?<br> I'll contact your internet provider if
> > you do not delete
> > it in 5 hours. Delete this information asap. Our operators will
> > check it in 5 hours.
> > <font color=
> >
> > #ffffef>dispatchedastronautpurerregalreefer</font><br>
> > <font color=
> >
> > #ffffef>chickenwishfulmuttonincredibleOttawa</font><br>
> > <font color=
> >
> > #ffffef>welcominggettercopiersterminatorducked</font><br>
> > Sweforum team <br>
> > 10155 S. Knoll Circle <br>
> > Highlands Ranch, <br>
> > CO 80130 <br>
> > United States<br>
> >
> > <font color=
> >
> > #ffffef>dedicatesquackedplanetssparkingfeverishly</font><br>
> > <font color=
> >
> > #ffffef>tuliphangoversmartialMaguiresdefiance</font><br>
> > </body>
> > </html>
> >

Darren wrote:
> Though I don't like to say it, its quite a clever attempt to get you
> go to a site which uses known exploits to download a trojan dropper
> onto your machine.
>
> There are a couple of MSIE exploits known to be able to drop an .exe
> file onto your machine and execute it. If successful this site will
> install Win32.PWS.Banker and Win32.LdPinch onto your machine without
> your knowledge.
>
> Ensure you have patched or have the latest version of MSIE to be safe.

There appear to be a couple of unpatched IE holes still. Even with IE
6.0 SP1 + full patches. A lot of DoS (Denial of Service) are also being
posted on "full disclosure" list.

Mozilla or turning active scripting off may stop them. I'm curious if
AVG or ZoneAlarm can block them.

IMHO, IE has more holes than swiss cheese.

michael