|
I get a hell of a lot of email.
Most of my mail is trying to sell black market Xãn(a)x, but another large
portion is generated by computer viruses.
My computer isn't infected with any viruses, but computers that are
infected send mail all the time. I can now recognize most of the virus-generated
subject lines, and I'd like for everyone to be able to recognize them.
|
|
|
NetSky.D
|
Netsky.C
|
Netsky.E
|
| (File named winlogon.exe) |
(File named winlogon.exe) |
(File named winlogon.exe) |
Re: Document
Re: Re: Document
Re: Re: Thanks!
Re: Thanks!
Re: Your document
Re: Here is the document
Re: Your picture
Re: Re: Message
Re: Hi
Re: Hello
Re: Re: Re: Your document
Re: Here
Re: Your music
Re: Your software
Re: Approved
Re: Details
Re: Excel file
Re: Word file
Re: My details
Re: Your details
Re: Your bill
Re: Your text
Re: Your archive
Re: Your letter
Re: Your product
Re: Your website |
<empty>
Delivery Failed
Status
report
question
trust me
hey
Re: excuse me
read it immediatelly
hi
Re: does it?
Yep
important
hello
dear
Re: unknown
fake?
warning
moin
what's up?
info
Re: information
Here is it
stolen
private?
good morning
illegal...
error
take it
re:
Re: Re: Re: Re:
you?
something for you
exception
Re: hey
excuse me
Re: hi
Re: does it?
Re: important
Re: hello
believe me
Question
denied!
notification
Re: <5664ddff?$??2>
lol
last chance!
I'm back!
its me
notice!
oh
|
Announcement
Approved
Attention
automatic notification
automatic responder
believe me
Confirmation
Confirmation Required
dear
Delivery Failed
denied!
Details
error
exception
excuse me
Expired account
fake?
good morning
hello
Here is it
hey
hi
hi, it's me
illegal...
I'm back!
important
info
its me
last chance!
lol
Love is
moin
notice!
notification
oh
please read
please reply
private?
question
Question
re:
Re: <5664ddff?$????>
Re:
Re: Approved
Re: Details
Re: does it?
Re: does it?
Re: excuse me
Re: hello
Re: hey
Re: hi
Re: important
Re: information
Re: information
Re: Re: Re: Re:
Re: Thank you
Re: unknown
read it immediatelly
read now!
Read this message
registered?
Registration confirm
report
Returned Mail
Schedule
something for you
Status
stolen
take it
Thank you
Thank You very very much
trust me
warning
what's up?
Yep
You have 1 day left
You use illegal...
you?
Your IP was logged
Your request was registered |
As you can see, each virus uses a variety of subject lines, they are usually
conversational and they are composed to trick people into opening them. My
favorite subject lines are "fake?" and "what's up?"
from Netsky.E virus.
I anticipate that the future holds a wave of even more cleverly disguised
virus subject lines, such as "Here is the slideshow from Heather's
wedding". "This converts photos to lame music videos, check it
out!", and "Rob, can you open these files for me?"
Netsky.P
|
Beagle.X
|
Beagle.J
|
| (file named FVProtect.exe) |
(Drvddll.exe) |
(irun4.exe) |
Re: Encrypted Mail
Re: Extended Mail
Re: Status
Re: Notify
Re: SMTP Server
Re: Mail Server
Re: Delivery Server
Re: Bad Request
Re: Failure
Re: Thank you for delivery
Re: Test
Re: Administration
Re: Message Error
Re: Error
Re: Extended Mail System
Re: Secure SMTP Message
Re: Protected Mail Request
Re: Protected Mail System
Re: Protected Mail Delivery
Re: Secure delivery
Re: Delivery Protection
Re: Mail Authentification
Mail Delivery (failure <spoofed address>)
Re: Hello
Re: Request
Re: Order
Notice again
Fwd: Warning again
Re: List
Re: Developement
Re: Proof of concept
Re: Error in document
Re: Message
Re: Sex pictures
Re: Free porn
Re: Virus Sample
Re: Submit a Virus Sample
Re: Old photos
Re: Old times
Re: Question
Re: Sample
Re: Its me
Re: Hi
Stolen document
Private document
Re: Your document
Re: Approved document
ßdo0ßi4grjj40j09gjijgpüdé
Try this game ;-) |
Changes..
Encrypted document
Fax Message Received
Forum notify
Hidden message
Incoming message
New changes
Notification
Protected message
RE: Incoming Msg
RE: Message Notify
RE: Protected message
RE: Text message
Re: Document
Re: Hello
Re: Hi
Re: Incoming Message
Re: Msg reply
Re: Thank you!
Re: Thanks :)
Re: Yahoo!
Site changes |
E-mail account disabling warning.
E-mail account security warning.
Email account utilization warning.
Important notify about your e-mail account.
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Warning about your e-mail account.
|
A consequence of all these subjects being used by viruses is that real emails
shouldn't use them. They are blacklisted. For instance, if I sent out an email
with the subject "Private Document", or "spice girls' vocal concert",
I can pretty much guarantee that it is going to be erased before anyone looks at
it.
Beagle.W
|
Klez.H
|
|
| (A file named "drvsys.exe" in the windows/system folder) |
(a file in windows/system folder titled randomly, but always start with "wink", such as
"Winkbm.exe" or "winkts.exe" ) |
|
Hello!
Hey!
Let's socialize, my friend!
Let's talk, my friend!
I'm bored with this life
Notify from a known person ;-)
I like you
I just need a friend
I'm a sad girl...
Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks :)
RE: Text message
Re: Document
Incoming message
Re: Incoming Message
Re: Incoming Fax
Hidden message
Fax Message Received
Protected message
RE: Protected message
Forum notify
Request response
Site changes
Re: Hi
Encrypted document
Hello {name},
Dear {name},
Dear {name},
It's me ;-)
Hi {name},
Hey {name},
It's me ->
Hi, It's me {name},
Hey {name},
Hey, Hello,
Hi, I Like You!
Don't you remember me?
Kewl :-)
I need a friend...
I just want to talk with someone...
I like reading the books and socializing, let me talk with you...
It's time to find a friend!
Ready to accept a new friend? :-)
Like me, odore me! ;-) |
how are you
let's be friends
darling
so cool a flash,enjoy it
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look, my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures
|
|
If you don't have an anti-virus program running on your PC, do the rest of the
internet a favor and search your hard drive for these six files:
- irun4.exe
- drvsys.exe
- FVProtect.exe
- Drvddll.exe
- wink**.exe
- winlogon.exe - (Windows 2000 uses a file titled
winlogon.exe in the C:\windows\System32 folder that is not a
virus)
These programs are viruses.
|
