New virus purporting to be from 'ProZ.com Team' (or other 'Teams')
Thread poster: Jason Grimes

Jason Grimes
Local time: 21:03
SITE STAFF
Mar 3, 2004

One of the latest variations of the Bagle (or Beagle) virus that is sweeping across the Internet disguises itself as a seemingly legitimate e-mail message from ProZ.com Staff ("The Proz.com Team") and urges recipients to click on an attachment for further details about their account. Do not open the attachment. ProZ.com does not use e-mail attachments as a method of disseminating information to members.

Bogus Bagle virus warning messages include:

e-mail account security warning, notify about using the e-mail account, warning about your e-mail account, important notify about your e-mail account, e-mail account utilization warning, notify about your e-mail account utilization, and e-mail account disabling warning.

Opening the attachment connected with these bogus e-mail messages will unleash the Bagle virus into the recipient's computer, enabling the virus to continue distributing itself across the Internet and to disable the host computer's security programs.

More information can be found at McAfee/Network Associate's page about this virus:

http://vil.nai.com/vil/content/v_101071.htm

Regards,

Jason


Direct link Reply with quote
 

Lydia Molea  Identity Verified
Germany
Local time: 03:03
English to German
+ ...
Yahoo, as well Mar 3, 2004

Today I received an e-mail -supposedly- from the "Yahoo.de Team" with "notify about your account" as a subject. It had an attached file, which I did not open, of course. I am assuming it's the same thing.

Direct link Reply with quote
 

Hynek Palatin  Identity Verified
Czech Republic
Local time: 03:03
English to Czech
+ ...
Any domain Mar 3, 2004

The email has the following characteristics:

From: Spoofed to appear as if it's coming from the one of the following addresses at the recipient's domain:
  • management@<recipient domain>
  • administration@<recipient domain>
  • staff@<recipient domain>
  • noreply@<recipient domain>
  • support@<recipient domain>


Attachment: A randomly named .exe file, inside a .zip file, or an .pif file. The zip file will be password-protected.

More information: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html


Direct link Reply with quote
 
xxxIreneN
United States
Local time: 20:03
English to Russian
+ ...
More variations Mar 3, 2004

In two days I received 5 e-mails with attachments and Subject line filled out "Re: Your Letter", "Re: Your Document". Be careful, watch for senders!

Direct link Reply with quote
 

Gerard de Noord  Identity Verified
France
Local time: 03:03
Member (2003)
German to Dutch
+ ...
Team spirit Mar 3, 2004

Hi Jason,

Today I received this virus from my OWN team. I thought I had seen them all...

Regards,
Gerard


Direct link Reply with quote
 

Yelena.  Identity Verified
United Kingdom
Local time: 02:03
English to Russian
+ ...
:)) Mar 3, 2004

Gerard de Noord wrote:

Today I received this virus from my OWN team. I thought I had seen them all...



So did I..... an email from my own domain with a zip file..... Viruses galore....


Direct link Reply with quote
 

Florence B  Identity Verified
France
Member (2002)
English to French
+ ...
The worst.. Mar 3, 2004

The worst with this flood of viruses, is that today I almost deleted a (real) message from a member of my subcommunity : he had simply written "hello" in the subject line .. like many viruses do!
Florence

PS - and just while I was writing that - I receive a message from my domain name "management team" (that is, me)sending me an attachment with a password because some other clients of the server (other avatars of myself) have complained about my sending viruses/spam to them (myselves)
"Dear user of e-mail server "Terebenthine.com",

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For details see the attached file.

For security reasons attached file is password protected. The password is "63351".

Kind regards,
The Terebenthine.com team "



[Edited at 2004-03-04 11:32]


Direct link Reply with quote
 
Lesley Clayton
France
Local time: 03:03
French to English
+ ...
Yes, it is a flood Mar 4, 2004

I've never had so many viruses as I've had in the last week or so. I've also noticed that Norton is now updating almost every day. I usually go straight to my mailbox when I go online - but not anymore. I now come here to ProZ.com first and Norton has time to update while I'm browsing the site, and only then do I go to my mailbox, safe in the knowledge that I've got the latest update (if there is one).

Direct link Reply with quote
 

Hynek Palatin  Identity Verified
Czech Republic
Local time: 03:03
English to Czech
+ ...
It's a war of virus writers Mar 4, 2004

"Virus-Writers Declare War On Each Other" by Kaspersky Labs:

http://www.kaspersky.com/news.html?id=146078682


Direct link Reply with quote
 

Mónica Machado
United Kingdom
Local time: 02:03
English to Portuguese
+ ...
Virus writers should send virus to themselves only Mar 4, 2004

Hello,

Just to say that I quite agree with you all. I have received 6 to 8 e-mails with virus every day since last week and this is really a nightmare. Of course I don't open them but we really have to be careful. They come disquised in any forms and shapes. Just an advise... if you aren't expecting an attachment and you receive one with subject line or content that makes no sense... just delete it and if you know the sender ask him/her if he has sent any thing to you lately. If he/she has done so, and if the attachment was a good one, then the sender can resend it again safely.

Virus writers should send virus to themselves only and stop that spam:-(

All the best
Mónica


Direct link Reply with quote
 

Henk Peelen  Identity Verified
Netherlands
Local time: 03:03
Member (2002)
German to Dutch
+ ...
example of "virus message" via e-mail Mar 4, 2004

Dear user of "Compuserve.Com" mailing system,

We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
Advanced details can be found in attached file.

Best wishes,
The Compuserve.Com team http://www.compuserve.Com

----------------------- Internet Header --------------------------------
Sender: E19xKxg-0008Sw-00@pogo.proz.com
Received: from Daryl (ip3e83d5e5.speed.planet.nl [62.131.213.229])
by siaag2af.compuserve.com (8.12.9/8.12.7/SUN-2.12) with SMTP id i24ElI49022643
for ; Thu, 4 Mar 2004 09:47:18 -0500 (EST)
Date: Thu, 03 Mar 2005 15:50:05 +0100
To: HenkPeelen@compuserve.Com
Subject: Email account utilization warning.
From: noreply@compuserve.Com
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------xjikfaeiyygwquvtjwnr"

[Edited at 2004-03-04 20:04]


Direct link Reply with quote
 

Valentina Cafiero  Identity Verified
Italy
Local time: 03:03
Member (2005)
Spanish to Italian
+ ...
Be careful! Mar 4, 2004

Be careful!
There is also another virus, called trojan horse that I have just fixed.... I arrives through e-mail and the subject is: test, there's something for you with attachments.
Be careful because it gives problems at starting internet explorer.

Valentina


Direct link Reply with quote
 

Valentina Cafiero  Identity Verified
Italy
Local time: 03:03
Member (2005)
Spanish to Italian
+ ...
virus Mar 4, 2004

virus

Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

New virus purporting to be from 'ProZ.com Team' (or other 'Teams')

Advanced search






SDL Trados Studio 2017 Freelance
The leading translation software used by over 250,000 translators.

SDL Trados Studio 2017 helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »
Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums