I get a hell of a lot of email.
Most of my mail is trying to sell black market Xãn(a)x, but another large chunk is generated by computer viruses.
My computer isn't infected with any viruses, but computers that are infected send mail all the time. I can now recognize most of the virus-generated subject lines, and I'd like for everyone to be able to recognize them.
NetSky.D |
Netsky.C |
Netsky.E |
| (File named winlogon.exe) | (File named winlogon.exe) | (File named winlogon.exe) |
| Re: Document Re: Re: Document Re: Re: Thanks! Re: Thanks! Re: Your document Re: Here is the document Re: Your picture Re: Re: Message Re: Hi Re: Hello Re: Re: Re: Your document Re: Here Re: Your music Re: Your software Re: Approved Re: Details Re: Excel file Re: Word file Re: My details Re: Your details Re: Your bill Re: Your text Re: Your archive Re: Your letter Re: Your product Re: Your website |
<empty> Delivery Failed Status report question trust me hey Re: excuse me read it immediatelly hi Re: does it? Yep important hello dear Re: unknown fake? warning moin what's up? info Re: information Here is it stolen private? good morning illegal... error take it re: Re: Re: Re: Re: you? something for you exception Re: hey excuse me Re: hi Re: does it? Re: important Re: hello believe me Question denied! notification Re: <5664ddff?$??2> lol last chance! I'm back! its me notice! oh |
Announcement Approved Attention automatic notification automatic responder believe me Confirmation Confirmation Required dear Delivery Failed denied! Details error exception excuse me Expired account fake? good morning hello Here is it hey hi hi, it's me illegal... I'm back! important info its me last chance! lol Love is moin notice! notification oh please read please reply private? question Question re: Re: <5664ddff?$????> Re: Re: Approved Re: Details Re: does it? Re: does it? Re: excuse me Re: hello Re: hey Re: hi Re: important Re: information Re: information Re: Re: Re: Re: Re: Thank you Re: unknown read it immediatelly read now! Read this message registered? Registration confirm report Returned Mail Schedule something for you Status stolen take it Thank you Thank You very very much trust me warning what's up? Yep You have 1 day left You use illegal... you? Your IP was logged Your request was registered |
As you can see, each virus uses a variety of subject lines, they are usually conversational and they are composed to trick people into opening them. My favorite subject lines are "fake?" and "what's up?" from Netsky.E virus.
I anticipate that the future holds a wave of even more cleverly disguised virus subject lines, such as "Here is the slideshow from Heather's wedding". "This converts photos to lame music videos, check it out!", and "Rob, can you open these files for me?"
Netsky.P |
Beagle.X |
Beagle.J |
| (file named FVProtect.exe) | (Drvddll.exe) | (irun4.exe) |
| Re: Encrypted Mail Re: Extended Mail Re: Status Re: Notify Re: SMTP Server Re: Mail Server Re: Delivery Server Re: Bad Request Re: Failure Re: Thank you for delivery Re: Test Re: Administration Re: Message Error Re: Error Re: Extended Mail System Re: Secure SMTP Message Re: Protected Mail Request Re: Protected Mail System Re: Protected Mail Delivery Re: Secure delivery Re: Delivery Protection Re: Mail Authentification Mail Delivery (failure <spoofed address>) Re: Hello Re: Request Re: Order Notice again Fwd: Warning again Re: List Re: Developement Re: Proof of concept Re: Error in document Re: Message Re: Sex pictures Re: Free porn Re: Virus Sample Re: Submit a Virus Sample Re: Old photos Re: Old times Re: Question Re: Sample Re: Its me Re: Hi Stolen document Private document Re: Your document Re: Approved document ßdo0ßi4grjj40j09gjijgpüdé Try this game ;-) |
Changes.. Encrypted document Fax Message Received Forum notify Hidden message Incoming message New changes Notification Protected message RE: Incoming Msg RE: Message Notify RE: Protected message RE: Text message Re: Document Re: Hello Re: Hi Re: Incoming Message Re: Msg reply Re: Thank you! Re: Thanks :) Re: Yahoo! Site changes |
E-mail account disabling warning. E-mail account security warning. Email account utilization warning. Important notify about your e-mail account. Notify about using the e-mail account. Notify about your e-mail account utilization. Warning about your e-mail account. |
A consequence of all these subjects being used by viruses is that real emails shouldn't use them. They are blacklisted. For instance, if I sent out an email with the subject "Private Document", or "spice girls' vocal concert", I can pretty much guarantee that it is going to be erased before anyone looks at it.
Beagle.W |
Klez.H |
|
| (A file named "drvsys.exe" in the windows/system folder) | (a file in windows/system folder titled randomly, but always start with "wink", such as "Winkbm.exe" or "winkts.exe" ) | |
| Hello! Hey! Let's socialize, my friend! Let's talk, my friend! I'm bored with this life Notify from a known person ;-) I like you I just need a friend I'm a sad girl... Re: Msg reply Re: Hello Re: Yahoo! Re: Thank you! Re: Thanks :) RE: Text message Re: Document Incoming message Re: Incoming Message Re: Incoming Fax Hidden message Fax Message Received Protected message RE: Protected message Forum notify Request response Site changes Re: Hi Encrypted document Hello {name}, Dear {name}, Dear {name}, It's me ;-) Hi {name}, Hey {name}, It's me -> Hi, It's me {name}, Hey {name}, Hey, Hello, Hi, I Like You! Don't you remember me? Kewl :-) I need a friend... I just want to talk with someone... I like reading the books and socializing, let me talk with you... It's time to find a friend! Ready to accept a new friend? :-) Like me, odore me! ;-) |
how are you let's be friends darling so cool a flash,enjoy it welcome to my hometown the Garden of Eden introduction on ADSL meeting notice questionnaire congratulations sos! japanese girl VS playboy look, my beautiful girl friend eager to see you spice girls' vocal concert japanese lass' sexy pictures |
If you don't have an anti-virus program running on your PC, do the rest of the internet a favor and search your hard drive for these six files:
These programs are viruses.