Open an account—Mason Holman

Lately I have been receiving a few more viruses than usual.

The email here was accompagned with a .zip which itself included a .exe file.

zipinfo Conract_27.04.2010.zip
Archive:  Conract_27.04.2010.zip   17128   1
-rwxa--     2.0 fat    25088 b- defN 24-Apr-10 16:03 Conract_27.04.2010.doc.exe
1 file, 25088 bytes uncompressed, 16978 bytes compressed:  32.3%

As you can see, it looks like a standard MS-Word document named Contract_27.04.2010.

Since I don't have an install of MS-Windows to mess up, I did not test, but I can tell you that this is a virus.

The email was like this:


Return-Path: <nullificationqnm90@review.com>
X-Original-To: alexis@halk.m2osw.com
Delivered-To: alexis@halk.m2osw.com
Received: from p508C61F2.dip.t-dialin.net (p508C61F2.dip.t-dialin.net [80.140.97.242])
    by halk.m2osw.com (Postfix) with ESMTP id 61871B6ECB
    for <alexis@halk.m2osw.com>; Tue, 27 Apr 2010 21:01:53 -0700 (PDT)
Received: from 80.140.97.242 by mail.global.frontbridge.com;
    Wed, 28 Apr 2010 06:01:46 +0100
From: "Mason Holman" <nullificationqnm90@review.com>
To: <alexis@halk.m2osw.com>
Subject: Open an account
Date: Wed, 28 Apr 2010 06:01:46 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_NextPart_000_000E_01CAE687.858CEFA0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Aca6Q94WNGYF9DT6YU32CU5WNG3KWA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Message-ID: <000d01cae687$858cefa0$6400a8c0@nullificationqnm90>

Dear Sirs,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to
make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.
If necessary, we can send it by fax.
Looking forward to your decision.
"Mason Holman