Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
It's safe because I say it's safe!
Posted by: id
Date: November 04, 2008 09:21AM

Quote

Good day

Kindly read the attached detailed proposal and get back to me please.
Please the attached message in microsoft word does not contain any
virus but a plain message.

Sincerely,

Mr. Kola Williams

Thanks for letting me know it doesn't have a virus!

$ file Mr.\ Kola\ Williams.doc
Mr. Kola Williams.doc: Microsoft Installer

Anyway, I don't feel like setting up a VM to test it, does anyone know if windows is brain dead enough to launch the installer with a .doc extension?

-id

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: Anonymous User
Date: November 04, 2008 11:27AM

Hehe - I love it ;) Next XSS worm will spread on Digg or whatever just because the description says like 'Yes yes yes - very long URL, script tags etc etc - we know, you know - but please click anyway, all safe!'

Better than 'Click to see Britn3y get les-rXped in pr1sonn!1'

Options: ReplyQuote
Re: It's safe because I say it's safe!
Date: November 04, 2008 12:18PM

you need to be more trusting =o)

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: tx
Date: November 04, 2008 03:23PM

id Wrote:
-------------------------------------------------------

> Anyway, I don't feel like setting up a VM to test
> it, does anyone know if windows is brain dead
> enough to launch the installer with a .doc
> extension?

On XP-Pro with Office 2007 it wouldn't execute an exe or msi file renamed to have a doc extension, but I wouldn't be suprised if it did in other versions/configurations.
What does strings say about the file?

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: id
Date: November 04, 2008 04:17PM

very odd. file via cygwin and file on a freebsd machine report different things, I've simply scp'd the file over to the freebsd machine. I've tried with random extensions on both OS, same results.

freebsd:
Quote

file mrkola.doc
mrkola.doc: Microsoft Office Document

windows/cygwin
Quote

file mrkola.doc
mrkola.doc: Microsoft Installer

Quote

$ strings mrkola.doc
bjbjqPqP
Good day
I wish to introduce myself to you and also my proposal which I would like you to be my partner. I am Mr. Kola Williams and I work with a bank here in my country Nigeria, I am only contacting you based on a deal which I would love you to kindly read carefully below and get back to me if you are interested. I am contacting you for this deal in view of the fact that you can trustworthy and reliable.
Please I hope my letter will not embarrass you since we have not had any previous communication or encounter, though business is all about trust and opportunity. I hope you will read this email with all the objectivity it deserves and then react accordingly. I have decided to contact you on this project that will be very beneficial to both of us based on trust despite the fact that we have not had any previous meeting and also I want you to know that my main objectives of contacting you is not based on the fact that you really have any relationship with this person but based on trust that I have in you and believing that this deal will generate a better and future relationship between us.
There is an account opened in our bank in 1990 but since 2002 nobody has operated on this account again. After a private investigation I discovered that the owner of this account by name (Engr. Franklin) was a financial director with an oil company here in my country and he was also among the people that died in the Lagos 2002 bomb blast at the Ikeja military cantonment, he died without having a beneficiary to this account since the funds might have come through most of the deals that is been done in the oil sector of my country by some government officials. My investigation proved to me also that nobody from the company knows about this account. The amount contained in this account is US11, 950,000.00. It is my wish and intention to take this fund abroad for investment instead of the bank to have it transferred into their reserve account for the personal use as unclaimed funds since the account has been dormant for years now. I want you to know that I never masterminded the death of the deceased fellow. Their death was occurred naturally.
View for incident of the bomb blast
http://www.reliefweb.int/rw/RWB.NSF/db900SID/ACOS-64BF8V?OpenDocument
All the arrangement to use you and put claim over this fund as the bonafide Next of kin to the deceased and all necessary modalities has been put in Place and directives will be relayed to you as soon as you indicate your interest and willingness to assist me and also benefit your self to this great business opportunity. In this country as a civil servant are not allowed to operate a foreign account. This is the actual reason why it will require a second party or fellow who will forward claims as the next of kin to the Bank and also present a foreign account where he will need the money to be re-transferred into on his/her request.
Our Banking law stipulates that if such money remained unclaimed after Seven years, the money will be transferred into the Bank treasury as unclaimed fund. The request of foreigner as next of kin in this business is occasioned by the fact that the customer was a foreigner and a Nigerian cannot stand as next of kin. I don't want this money to go into the Bank treasury as unclaimed Bill. Be assured this transaction is 100% risk free.
Please you have been advised to keep confidential as I am still in Service and intend to retire from service after I conclude this deal with you. Note this, that we split the funds after transfer half each (50-50) also 5% will be used for refund of all expense incurring during this process before the splitting of the funds. I look forward to receive your urgent reply. Kindly get back to me via this email kolawilliams100@gmail.com A.S.A.P. or Call me on my number +234-805-6064158.
Sincerely,
Mr. Kola Williams
& 6"
Good day Hern
ndez
www.jujumao.com
Normal
www.jujumao.com
Microsoft Office Word
Good day Hern
ndez
Title
Microsoft Office Word Document
MSWordDoc
Word.Document.8

-id

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: thrill
Date: November 04, 2008 11:17PM

Quote

he was also among the people that died in the Lagos 2002 bomb blast at the Ikeja military cantonment

Quote

Their death was occurred naturally.

I guess it's considered a natural death to be killed by a bomb.. ;)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: Malkav
Date: November 05, 2008 04:54AM

i'd bet for a good old nigerian 419, using age old spam techniques to bypass filters. (word documents ? come on kola, we all know you can do better)
my pint it does not contain any viral load of any sort, not even malicious macros.

seems like malware mutualisation hasn't happened everywhere ;)

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: id
Date: November 05, 2008 07:27AM

I'm more concerned with "file" giving me different answers between freebsd and windows/cygwin.

-id

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: thrill
Date: November 05, 2008 03:48PM

Quote

I'm more concerned with "file" giving me different answers between freebsd and windows/cygwin.

Yeah.. that looks like cygwin caught the binary start of the file and didn't quite know how to categorize it.. given that (I think) you can launch DOS commands from within cygwin, this might be how file got confusered.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: Cagekicker
Date: November 05, 2008 04:15PM

thrill Wrote:
-------------------------------------------------------
> he was also among the people that died in the
> Lagos 2002 bomb blast at the Ikeja military
> cantonment
>
> Their death was occurred naturally.
>
> I guess it's considered a natural death to be
> killed by a bomb.. ;)


In 3rd World countries it is! Being eaten by a lion is a natural cause of death there too. Or getting AIDS is part of every day life.

I love 419 scammers...they are so stupid. Too bad they are actually able to sucker people in with this dribble.. :(

--------------------------------------------------------
Regarding gun carry laws: I'd rather be judged by 12 than carried by six...

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: Kyo
Date: November 20, 2008 01:24PM

(Sorry for the two-week bump)

I remember the other day, this website kindly offered to do an online check for viruses on my computer. After declining, it told me there were viruses on my C: drive and in my "Local Settings" folder

which is interesting because I'm running linux...

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: thrill
Date: November 20, 2008 02:09PM

WARNING: Your antivirus software needs updating, Click HERE to update NOW!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: Kyo
Date: November 21, 2008 10:08AM

it was pretty well made, though.

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: rvdh
Date: January 11, 2009 05:54AM

I'm glad I use this sig in my correspondence:

Kindest regards, Ronald xxx.

- Please avoid sending me Word or PowerPoint attachments.
- I can only receive txt email, please do not send HTML formatted email.

Most seem to obey that, otherwise I won't open it before I ran it through my Hex editor and charge them for the time I spent. ;)

Options: ReplyQuote
Re: It's safe because I say it's safe!
Posted by: wireghoul
Date: January 11, 2009 08:48PM

Run it under sunbelt or threatexpert imo... let someone else do the vm'ing of it unless you got monies tied up with the end result/method imho.

Options: ReplyQuote


Sorry, only registered users may post in this forum.