I am threatened ... and scared. Help, please

[Guest]

I received an email with a Notepad attachment. First, I cannot forward the
attach, the email appears alone to the persons. When I printed it, there was
no attach either.

Then, I opened this attach, and it is a threat... "The moment you open this
attach, I know you have read it with the time and date, and I know your IP
address". What can he do with it? I have a lot of protections in my computer
(Hijack this, Spyware Guard, Spyware Blaster, Spybot, and AVG antivirus. I
updated them all today, and reinforced the protection (I guess I will not be
able to access a lot of sites now!).

Can you tell me what else to do, I am really scared. Thanks a lot.

 

[Carey Frisch [MVP]]

Anytime you receive an email message from an unknown
sender, you should delete the email message immediately.
Never open an email attachment from an unknown sender
as it likely contains a very harmful computer virus that will
corrupt your system or cause unexpected personal alarm.

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

:

| I received an email with a Notepad attachment. First, I cannot forward the
| attach, the email appears alone to the persons. When I printed it, there was
| no attach either.
|
| Then, I opened this attach, and it is a threat... "The moment you open this
| attach, I know you have read it with the time and date, and I know your IP
| address". What can he do with it? I have a lot of protections in my computer
| (Hijack this, Spyware Guard, Spyware Blaster, Spybot, and AVG antivirus. I
| updated them all today, and reinforced the protection (I guess I will not be
| able to access a lot of sites now!).
|
| Can you tell me what else to do, I am really scared. Thanks a lot.

 

[Guest]

The detail is I KNOW the person who sent it!

 

[David H. Lipman]

From: "JL" <[email protected]>

| I received an email with a Notepad attachment. First, I cannot forward the
| attach, the email appears alone to the persons. When I printed it, there was
| no attach either.
|
| Then, I opened this attach, and it is a threat... "The moment you open this
| attach, I know you have read it with the time and date, and I know your IP
| address". What can he do with it? I have a lot of protections in my computer
| (Hijack this, Spyware Guard, Spyware Blaster, Spybot, and AVG antivirus. I
| updated them all today, and reinforced the protection (I guess I will not be
| able to access a lot of sites now!).
|
| Can you tell me what else to do, I am really scared. Thanks a lot.

Capture Full Headers and body of the email.

Send it to the security department of your ISP/email provider.

Hold on to that email message as you may need to contact the police and it may be needed as
evidence.

Sending threatining emails may be a crime in your state and depending on the verbiage,
federal law.

I am no law enforcement agent nor lawyer but you should not delete the message in case it is
needed for prosecution and self protection puposes.

 

[Michael Cecil]

The detail is I KNOW the person who sent it!

Not necessarily. Many virus type programs "spoof" the email address to
appear to come from someone else.

Say you have three people: A, B and C and they all have one another's
email addresses. If person C's computer is infected, the virus might send
itself to person A and spoofs the return address as coming from person B.
Then A gets the infected message and thinks person B sent it. See?

Just delete all attachments unless you have been told in advance by the
sender about them. If you delete an attachment you actually wanted, you
can always have the poster send it again.

 

[David H. Lipman]

From: "Michael Cecil" <[email protected]>

| On Mon, 5 Dec 2005 16:56:02 -0800, "JL" <[email protected]>
| wrote:
||
| Not necessarily. Many virus type programs "spoof" the email address to
| appear to come from someone else.
|
| Say you have three people: A, B and C and they all have one another's
| email addresses. If person C's computer is infected, the virus might send
| itself to person A and spoofs the return address as coming from person B.
| Then A gets the infected message and thinks person B sent it. See?
|
| Just delete all attachments unless you have been told in advance by the
| sender about them. If you delete an attachment you actually wanted, you
| can always have the poster send it again.

What virus sends threatening messages ? I know of none.

 

[Michael Cecil]

From: "Michael Cecil" <[email protected]>

| On Mon, 5 Dec 2005 16:56:02 -0800, "JL" <[email protected]>
| wrote:
|
|
| Not necessarily. Many virus type programs "spoof" the email address to
| appear to come from someone else.
|
| Say you have three people: A, B and C and they all have one another's
| email addresses. If person C's computer is infected, the virus might send
| itself to person A and spoofs the return address as coming from person B.
| Then A gets the infected message and thinks person B sent it. See?
|
| Just delete all attachments unless you have been told in advance by the
| sender about them. If you delete an attachment you actually wanted, you
| can always have the poster send it again.

What virus sends threatening messages ? I know of none.

You know every string used by every PC virus written since 1980? I find
the best thing to do when I don't know something is NOT to proclaim it to
the newsgroup.

Mimail and Bugbear are a couple recent ones that can have threatening
messages. No doubt there are hundreds more.

 

[Wesley Vogel]

I find

the best thing to do when I don't know something is NOT to proclaim it to
the newsgroup.

Heck, that's one of the best ways to learn something. ;-) You usually get
no end of useful replies. LOL

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[David H. Lipman]

From: "Michael Cecil" <[email protected]>


|
| You know every string used by every PC virus written since 1980? I find
| the best thing to do when I don't know something is NOT to proclaim it to
| the newsgroup.
|
| Mimail and Bugbear are a couple recent ones that can have threatening
| messages. No doubt there are hundreds more.

No I don't know them all. However, I have read enough of them to know the objective of the
email goad one to launch the attachment and get infected. Scaring a recipient with personal
threats is couter productive. I understand Social Engineering but Anti-Social Engineering ?

I think JL is truly receiving person-to-person hate email with threatining content.

BugBear -- Recent ? It's like 3 yrs old already. Most notable for spreading via NetBIOS
shares. Rarely seen in email anymore. I looked trough a couple dozen writeups. Standard
social engineering emails to get you infected. Not a threating type with "I know your IP
address" type of scare tactics.

Mimail is recent. I wouldn't call a pseudo notification that your email address in expiring
much of a personal threat.
Nor; "GREAT NEW YEAR OFFER FROM PAYPAL.COM ", or "I was shocked, when I found out that it
wasn't you but your twin brother"

I am sorry. I am a doubting Thomas but can you PLEASE show me a specific writeup showing a
virus generated email message that the body of which has such a threatening tone as "I know
your IP address". It's kind of couterproductive to create an email message that would cuse
someone to delete it do to a threateninh content vs the social enginerring of "You Won", " I
have a pcture for you", "Outstanding bill", "failed mail", "your account is about to
expire", or the latest CME-681 (aka; W32/Sober@MM!681) "we have logged your IP-address on
more than 30 illegal Websites. " email from the CIA.

 

[David H. Lipman]

From: "JL" <[email protected]>

| I received an email with a Notepad attachment. First, I cannot forward the
| attach, the email appears alone to the persons. When I printed it, there was
| no attach either.
|
| Then, I opened this attach, and it is a threat... "The moment you open this
| attach, I know you have read it with the time and date, and I know your IP
| address". What can he do with it? I have a lot of protections in my computer
| (Hijack this, Spyware Guard, Spyware Blaster, Spybot, and AVG antivirus. I
| updated them all today, and reinforced the protection (I guess I will not be
| able to access a lot of sites now!).
|
| Can you tell me what else to do, I am really scared. Thanks a lot.

Can you please capture the Full Header and Body of the email (remove any personal
identifying data in the email like your name or email address) and please post it here for
examination.

Thanx !

 

[Mike Hall \(MS-MVP\)]

JL

If you are on a dialup connection, reboot.. if you are on broadband, turn
off the power to the broadband modem, and then power it up again..

OK.. now the mystery Notepad monster does not know your IP address because
it has changed..

Do NOT open any more attachments from ANYBODY unless you confirm with the
person beforehand.. if somebody threatens to fry your computer, just
remember that they couldn't fry it if you left a pan and oil out on the
kitchen counter for them..

Best course of action is to delete e-mails like this without reading them..

 

[Michael Cecil]

From: "Michael Cecil" <[email protected]>


|
| You know every string used by every PC virus written since 1980? I find
| the best thing to do when I don't know something is NOT to proclaim it to
| the newsgroup.
|
| Mimail and Bugbear are a couple recent ones that can have threatening
| messages. No doubt there are hundreds more.

No I don't know them all. However, I have read enough of them to know the objective of the
email goad one to launch the attachment and get infected. Scaring a recipient with personal
threats is couter productive. I understand Social Engineering but Anti-Social Engineering ?

Some viruses scare their victims for no other reason. This may happen
after infection. You don't think all the kids writing viruses have well
thought out strategies, do you?

I think JL is truly receiving person-to-person hate email with threatining content.

I didn't see any quoted text either way, so I'll reserve judgment until I
see that at least.

BugBear -- Recent ? It's like 3 yrs old already.

That seems pretty recent to me. Any virus still in the wild is pretty
recent.

Mimail is recent. I wouldn't call a pseudo notification that your email address in expiring
much of a personal threat.
Nor; "GREAT NEW YEAR OFFER FROM PAYPAL.COM ", or "I was shocked, when I found out that it
wasn't you but your twin brother"

I am sorry. I am a doubting Thomas but can you PLEASE show me a specific writeup showing a
virus generated email message that the body of which has such a threatening tone as "I know
your IP address". It's kind of couterproductive to create an email message that would cuse
someone to delete it do to a threateninh content vs the social enginerring of "You Won", " I
have a pcture for you", "Outstanding bill", "failed mail", "your account is about to
expire", or the latest CME-681 (aka; W32/Sober@MM!681) "we have logged your IP-address on
more than 30 illegal Websites. " email from the CIA.

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

You really should quit discounting the possibility of malware acting in a
particular manner just because it doesn't seem logical to you. Better to
go from actual data no matter how improbable.

 

[David H. Lipman]

From: "Michael Cecil" <[email protected]>

| On Mon, 5 Dec 2005 22:37:53 -0500, "David H. Lipman"

|> You know every string used by every PC virus written since 1980? I find
|> the best thing to do when I don't know something is NOT to proclaim it to
|> the newsgroup.
|>
|> Mimail and Bugbear are a couple recent ones that can have threatening
|> messages. No doubt there are hundreds more.

|
| Some viruses scare their victims for no other reason. This may happen
| after infection. You don't think all the kids writing viruses have well
| thought out strategies, do you?
|


After infection. Then it wouln't be in the body of the email which is the instance prior to
infection.

|
| I didn't see any quoted text either way, so I'll reserve judgment until I
| see that at least.
||
| That seems pretty recent to me. Any virus still in the wild is pretty
| recent.
||
| http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
|
| You really should quit discounting the possibility of malware acting in a
| particular manner just because it doesn't seem logical to you. Better to
| go from actual data no matter how improbable.


I don't see a fake Windows Expiration Notification as a "threatening" email on ones person.
It's your standard Social Engineering in the scope of notifications concerning; accounts,
software, purchases, etc.

 

[David Candy]

Open a post here and drag the mail message into the news message.

 

[q_q_anonymous]

The detail is I KNOW the person who sent it!

knowing your ip and the date and time you read the email, is nothing.
Anybody can know that, people give that information away all the time,
as soon as they open an email.
If he is advertising the fact that he knows that, then it indicates
that he's fairly impotent.
His goal is to make you waste your time with all these stupid programs.

Opening a TEXT File attachment is no harm whatsoever. But still, you
shouldn't open attachments, it's possible for an attachment to say
..txt.exe and thus actually be an exe disguised to fool windows and
users into thinking it's a text file

The software you installed may help. But a great defence would be to
run the Windows Firewall. That will block all incoming connections.

Spybot and Adaware won't help. "Trojan Remover" might.

THe Windows firewall will help a lot

Now, if your mouse were to start moving around randomly, then you'd
know somebody's on the other end, and should disconnect the modem ;-)

You're probably ok.

 

[Guest]

Thanks, Dave. I have 2 comments. First, the second site doesn't open.
Then, I did what you suggest, and sent a copy of the email and the full
headers to my ISP, they answered not to worry and not pay attention! Isn't it
great? Anyway, I keep it. It is from a person who already threatened me.

 

[David H. Lipman]

From: "JL" <[email protected]>

| Thanks, Dave. I have 2 comments. First, the second site doesn't open.
| Then, I did what you suggest, and sent a copy of the email and the full
| headers to my ISP, they answered not to worry and not pay attention! Isn't it
| great? Anyway, I keep it. It is from a person who already threatened me.
|


They may have non important attitude now but at least there was a record that you submitted
it to your ISP in case you may need to deal with it in the future.

A peer thinks this may be a virus generated email. I don't think it is. However...
Can you please capture the Full Header and Body of the email (remove any personal
identifying data in the email like your name or email address) and please post it here for
examination.

Thanx !

 

[Guest]

Thanks a lot to all of you.

Here is the full header
Return-Path: <[email protected]>
Delivered-To:
Received: (qmail 85246 invoked by uid 399); 9 Nov 2005 05:23:39 -0000
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on localhost
X-Spam-Level: ****
X-Spam-Status: No, score=4.9 required=5.0 tests=HTML_IMAGE_ONLY_08,
HTML_MESSAGE,HTML_SHORT_LINK_IMG_1 autolearn=disabled version=3.1.0
X-Virus-Scan: Scanned by clamdmail 0.15 (no viruses);
Wed, 09 Nov 2005 05:23:39 +0000
Received: from eq1.spamarrest.com (66.150.163.134)
by mailblade1.worldispnetwork.com with SMTP; 9 Nov 2005 05:23:39 -0000
Received: from m11 (eq2.spamarrest.com [66.150.163.135])
by eq1.spamarrest.com (Postfix) with ESMTP id BE8D61CC3F9
for <>; Tue, 8 Nov 2005 21:18:38 -0800 (PST)
Message-ID: <10237081.1131513518646.JavaMail.root@m11>
Date: Tue, 8 Nov 2005 21:18:38 -0800 (PST)
From: PME <[email protected]>
To:
Subject: POA
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_651_12895965.1131513518454"
X-Mailer: Spam Arrest WebMail (http://www.spamarrest.com/)
X-Originating-IP: [201.137.64.166]
X-Originating-Email: [[email protected]]
X-SA-GROUP:
X-SA-RECEIPTSTATUS: Delivery Unconfirmed
______________________________________________________________________

Now, the email itself is nothing, just a promotion for SpamArrest. That is
the attach that scared me (for nothing???, hopefully)

"I am getting a power of attorney from the girls to press charges
against you and I will have you arrested.

I have photo evidence that you entered that property unlawfully,
and you cannot do that in Mexico without the order of a Judge in
Mexico.

You of all people should know the law. If you don't, to bad. You
just violated it and I will try to see that you are arrested for
unlawful entry.

The moment you opened this e-mail, I also have evidence that you
received it, date, time and even your IP address

Have a nice week."

To make it clear, I have tenants who don't pay their rent but don't live
here, he is a friend of them, and I entered the apartment in case of
emergency after Wilma that destroyed it and mine at the same time. I had to
repair and make the claim to the insurance company. He broke in to enter (and
took pictures?). So it is a sordid story, and I dread what he can do to me. I
have no idea why he hates me. he swore he would destroy me.

Sorry for so much personal info, I thought I had to explain... I just wanted
to talk about the last part of the attach. I am not scared about the first
part since he did something illegal and I already filed a complain.

 

[ANONYMOUS]

Just treat as another prankster who hasn't got anything better to do
with his/her time.

There is no way he/she can know "you have read it with the time and
date" and "your IP address" unless you are stupid enough to send read
receipt of emails you receive. I never send any receipts to anyone even
if I know the sender.

If you get another such email then look at the header and report him/her
to his/her ISP and that is it. Don't have sleepless nights over such
trivial matters.

hth

 

[q_q_anonymous]

Just treat as another prankster who hasn't got anything better to do
with his/her time.

There is no way he/she can know "you have read it with the time and
date" and "your IP address" unless you are stupid enough to send read
receipt of emails you receive.

if the email contains a picture the sender is hosting on his web
server, then he'd know.
But who cares if they know the time and date you read the email.
And your IP is all over the place anyway.

I never send any receipts to anyone even
if I know the sender.

receipts? is this only an outlook express or outlook thing?
That's very insecure, though I haven't had problems with it.

If you get another such email then look at the header and report him/her
to his/her ISP and that is it. Don't have sleepless nights over such
trivial matters.

indeed.

It'd be a nuisance if he TELEPHONED You, but that can be dealt with
too. Telephone company and even a police tracker