!! GTPlanet Virus Email Warning !!

[Jordan]

Watch out for the following email:

Return-path: <mail@gtplanet.net>
Envelope-to: xxxxxxx@gtplanet.net
Delivery-date: Thu, 24 Nov 2005 02:06:32 -0500
Received: from [85.103.165.144] (helo=gtplanet.net)
by server.gtplanet.net with esmtp (Exim 4.43)
id 1EfBBU-0002Xo-3n
for xxxxxxx@gtplanet.net; Thu, 24 Nov 2005 02:06:32 -0500
From: mail@gtplanet.net
To: xxxxxxx@gtplanet.net
Subject: Members Support
Date: Thu, 24 Nov 2005 07:06:11 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_1ADB874C.D7D53874"
X-Priority: 3
X-MSMail-Priority: Normal
Dear user xxxxx,


It has come to our attention that your Gtplanet User Profile ( x ) records are out
of date. For further details see the attached document.


Thank you for using Gtplanet!

The Gtplanet Support Team








+++ Attachment: No Virus (Clean)

+++ Gtplanet Antivirus - www.gtplanet.net

This email IS NOT FROM GTPLANET and it contains a virus. As you can see from the email header included above, this email did not originate from our IP address, and "mail@gtplanet.net" does not exist and is being incorrectly spoofed by the virus. Please be very careful and delete this email immediately should you receive it!

The good news is that this is not coming from GTPlanet, and our server's security has not been breached or compromised. The bad news is that there is simply nothing that I can do to prevent this virus from spreading, other than making you all aware of the issue before it should get to you. If anyone else does receive it, please let me know.

 

[Jondot]

Eeeep.

Better be extra vigilant of my emails now.

What's the virus? Has anyone opened it yet?

EDIT

And is that (85.103.165.144) the IP address it originated from?

If it is, it's definately worth reporting.

 

[Lee]

Cheers for the heads up 👍

 

[Flerbizky]

Cool.. Someone on the internerd reckons GTPlanet as a one of the top dogs.. Usually they're spoofing the big ones like Intel, M$ etc...

Congrats Jordan

Yes.. I know it's annoying as hell, but it does show that GTP has become a brand that's reckoned with !...

 

[Jondot]

I searched for the IP address, and this is what i came up with:

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '85.103.128.0 - 85.103.255.255'

inetnum: 85.103.128.0 - 85.103.255.255
netname: TurkTelekom
descr: Turk Telekom ADSL-alcatel
country: tr
admin-c: TTBA1-RIPE
tech-c: TTBA1-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: as9121-mnt
source: RIPE # Filtered

role: TT Administrative Contact Role
address: Turk Telekom
address: Bilisim Aglari Dairesi
address: Aydinlikevler
address: 06103 ANKARA
phone: +90 312 313 1950
fax-no: +90 312 313 1949
e-mail: abuse@ttnet.net.tr
admin-c: BADB3-RIPE
tech-c: ZA66-RIPE
tech-c: ZA196-RIPE
tech-c: LA109-RIPE
tech-c: NO638-RIPE
nic-hdl: TTBA1-RIPE
mnt-by: AS9121-MNT
source: RIPE # Filtered

 

[Flerbizky]

Eeeep.

Better be extra vigilant of my emails now.

What's the virus? Has anyone opened it yet?

EDIT

And is that (85.103.165.144) the IP address it originated from?

If it is, it's definately worth reporting.

It is, a Jon said, from TurkTelecom, a turkish ISP. So the PC it originated from is probably just a regular users, now infected, PC - not the originator of the virus, just this email... Not much use reporting that... And a turkish ISP... What a hoot to report to - I've seen how they do things in Turkey - and it ain't fast

 

[sn00pie]

I searched for the IP address, and this is what i came up with:

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '85.103.128.0 - 85.103.255.255'

inetnum: 85.103.128.0 - 85.103.255.255
netname: TurkTelekom
descr: Turk Telekom ADSL-alcatel
country: tr
admin-c: TTBA1-RIPE
tech-c: TTBA1-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: as9121-mnt
source: RIPE # Filtered

role: TT Administrative Contact Role
address: Turk Telekom
address: Bilisim Aglari Dairesi
address: Aydinlikevler
address: 06103 ANKARA
phone: +90 312 313 1950
fax-no: +90 312 313 1949
e-mail: abuse@ttnet.net.tr
admin-c: BADB3-RIPE
tech-c: ZA66-RIPE
tech-c: ZA196-RIPE
tech-c: LA109-RIPE
tech-c: NO638-RIPE
nic-hdl: TTBA1-RIPE
mnt-by: AS9121-MNT
source: RIPE # Filtered

It's a ****ing Turk, that's just TYPICAL!

 

[Jondot]

Ahhh i see. That's why i thought i'd ask

 

[Flerbizky]

It's a ****ing Turk, that's just TYPICAL!

And they want a part of the EU... Nice going a-holes - You just blew that one

 

[Sharky.]

And they can't even write GTPlanet properly...

 

[Young_Warrior]

And they want a part of the EU... Nice going a-holes - You just blew that one

Bit harsh dont you think? I seriously doubt it even originated from someone turkish and most of the viruses on the internet today are from our own friends and neighbors.

 

[Flerbizky]

Bit harsh dont you think? I seriously doubt it even originated from someone turkish and most of the viruses on the internet today are from our own friends and neighbors.

Of course it was harsh... Many times that's how sarcasm works

 

[under18carbon]

Thanks for the heads up Jordan. 👍

 

[Jondot]

Hmm, i just got an email from mcafee telling me there's a new worm around. Apparently it originates from attachments in spam emails.

How coincidental ...

 

[Danny]

Oh dear.

At least there's fair warning.

 

[Gabkicks]

a guy tried to spread a virus on rscnet recently also.. i wouldnt be suprized if it was the same person.

 

[Kent]

Indeed, thanks for the heads up Jordan. 👍

I am sure there are many GTP'ers who need to know about this and so, I am sure there are many who appreciate you being open and honest about the situation.

Once again, thanks for the heads up.

Catch you all later,
Till then,
-Kent

 

[Pupik]

Watch out for the following email:

We're getting similar emails at my work, and we have perhaps 350-400 users. Of course, the parent company extends to over 20,000 users, maybe that's why we're getting targeted at work.

I still stick to my guns, and never open an attachment unless I know the sender, and I can usually tell by the "typing style" whether it's for real.

 

[Blake]

D0 Y0U W4NT P1LL5 T0 PL34Z3 Y0UR L0V3R?

That usually sets alarm bells ringing, huh?

 

[Ram-Rod]

Um, I had someone using the BLA and DeepTroat trying to give my computer a virus. Norton Anti-Virus cought it. Be on the lookout for that as-well.

 

[Foamy]

what type of virus

 

[Pebb]

A tip always have your anti-virus scaning your emails, free or payed anti-virus software. Either will work.

 

[Foamy]

A tip always have your anti-virus scaning your emails, free or payed anti-virus software. Either will work.

not true i get trojan virus in my email all the time & my virus scanner is up-to-date & email scaning is on

 

[Jondot]

Well, perhaps it's not up to date then.

 

[Pebb]

Yeah, or you have not downloaded a real Anti-Virus software. Maybe you think it is Anti-virus software but it is a different peice of software lol.

 

[colton19911]

I think I should go check my Email real quick.

 

[Ryosuke_Gumna]

Thanks a lot Jordan for your update! I, myself, receive this e-Mail and I thought it was an important message but it's not.

Good job. I hope he's gone.

 

[Sjenk]

...

That wasn't needed and it's 100% against the GTP policy what you just said. Racism in any form is absolutely not allowed on the forum.

 

[Flerbizky]

...

That wasn't needed and it's 100% against the GTP policy what you just said. Racism in any form is absolutely not allowed on the forum.

I agree.. Very unfitting... (And stupid to boot...)

 

[daan]

racist rubbish

Are you having fun today?

Shouting at mods and then posting these racist comments.

I recommend you read the Acceptable Use Policy

# You will not behave in an abusive and/or hateful manner, and will not harrass, threaten, nor attack anyone or any group. There will be no racially, sexually or physically abusive or inciteful language tolerated. Any abusive comments made by members will be removed by the Moderating staff and the user issued with a warning or banned, as deemed appropriate by the Moderating staff.

# You will not use profanity in our forums, and will neither post with language or content that is obscene, sexually oriented, or sexually suggestive nor link to sites that contain such content.

Because of the above, I am now issuing you with a warning. Please make sure your behaviour improves in the future.