Welcome to Orange Frog Productions Scams, Shams & Flim-Flams Section [Banner]

Search this site powered by FreeFind

Page Title:

Malware Email Example #002 (Mail Transaction Failed)

Please be sure to read my Malware Home Page

NOTE: This page Under Construction/Conversion
This page has not been completely converted to OFPv2 Standards.
When this is completed, this paragraph will go away.
Meanwhile, all external links on this page open a new window.

Things I Did, Below

I, personally, receive email in HTML format. The following was received (and looked) like I received it.

  • I removed my email addresses. These came to various accounts and some no longer exist. There are places on this site you can get hold of me if you wish or need to. They are protected from spambots using JavaScript, but all you have to do is click on them.
  • All scammer and related email addresses, and any actual website links have been changed, at least putting spaces into them. They appear as underlined blue links, though they aren't.
  • Any notes I added in the actual letter are in square brackets ("[" "]"), are bold, red in color, and highlighted. If what I found "behind the links" (email or website) are different than what was displayed, I will include them in this type of note.
  • All spelling, spacing, line-wrapping, and punctuation errors are the ones that appeared in the original received email. (I may or may not analyze some or all of these.)

Malware Email Example 002
Received 10/20/2006

From: craig young
To: my email address
Sent: Friday, October 20, 2006 7:05 AM
Subject: Mail Transaction Failed

Mail transaction failed. Partial message is available.

[NOTE: That's it... That's the whole message, except for the attachment.

I left names, email addresses, and phone numbers in here for the search engines to find. DO NOT TRY TO CONTACT THEM! They sent a virus! -LE]

This email included an attached file, "text.txt.pif", which is a "double-extension" file. Again, the outer extension is used to chose the program to run.

[A PIF file extension is a] Program Information File dates back to the early versions of Windows. Basically, it's an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.

Source: File Extension Details for .PIF

Example Email 002 Headers
09/26/2006

If you're not interested in the technical aspect of the headers, skip to Example 002 Notes

X-Message-Status: n:0
X-SID-PRA: craig young <craig.young @ scholzes.com>
X-SID-Result: TempError
X-Message-Info: txF49lGdW40QDDPN4qK9veXI4i6Y/rS3uMcoklZaR1Y=
Received: from pavilion1 ([74.132.237.204]) by bay0-mc2-f16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Fri, 20 Oct 2006 05:16:29 -0700
Received: (qmail 3676 invoked by uid 0); Fri, 20 Oct 2006 08:14:31 -0000)
Received: from unknown (HELO klvetnulgvx) (192.168.1.201)
by 192.168.1.132 with SMTP; Fri, 20 Oct 2006 08:14:31 -0000
Date: Fri, 20 Oct 2006 08:05:31 -0400
From: craig young <craig.young @ scholzes.com>
Mime-Version: 1.0
To: my email address
Subject: Mail Transaction Failed
Content-Type: multipart/mixed;
boundary="-----------25653EC875976EF1"
Return-Path: craig.young @ scholzes.com
Message-ID: <BAY0-MC2-F16oV1qdii0007fa9d @ bay0-mc2-f16.bay0.hotmail.com>
X-OriginalArrivalTime: 20 Oct 2006 12:16:29.0822 (UTC) FILETIME=[92B7F9E0:01C6F441]

-------------25653EC875976EF1
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Mail transaction failed. Partial message is available.
-------------25653EC875976EF1
Content-Type: APPLICATION/OCTET-STREAM; name="text.txt.pif"
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="text.txt.pif"

Large block of random-looking letters (this would be the attachment).

-------------25653EC875976EF1--

[NOTE: I left names, email addresses, and phone numbers in here for the search engines to find. DO NOT TRY TO CONTACT THEM! They sent a virus! -LE]

Notes

  • I have absolutely NO CLUE who craig.young @ scholzes.com is. The address is NOT in my email address list.
  • It's not a TEXT or EMAIL file that was returned, but a PIF file (see above), named text.txt.pif.
  • Being from someone I don't know, and an executable, I WILL NOT OPEN IT.

Being a "Program Information File" (not a TEXT file, as it may appear to some) which the "information in the file is used by Windows to run some program; including code that can be in the PIF file.", I'm not gonna try it... Let's get Mikey!

Send comments/questions about this page to Bill Sanders at:

Go to Malware (Viruses, Adware, Spyware) Home page
Go to Malware Examples Home Page
Go to NEXT Malware Example Page (last in sequence is not a link)

| Home | Main | Owner | Scams, Shams & More Flim-Flams | Glossary | Sitemap | Contact |

Send email to Bill Sanders ()
with questions or comments about this page or site.

This site, all text and graphics (unless otherwise noted) on it
were designed, developed and published by Bill Sanders of Orange Frog Productions.
It and it's CSS was validated and complies with both the: CSS and HTML 4.01 validators from W3C.
NOTE: All CSS validates except the "New Window Buttons" which include some invalid code (ie: hacks),
added PicoSearch Tables, and warnings for using transparent backgrounds when color foregrounds defined.
Copyright © 2003, 2004, 2005, 2006, 2007 by Bill Sanders / Full site last modified: October 21, 2006
Any reproduction, printing, or selling of this content is prohibited without express written consent from William D. Sanders.
ctr