UKVoIPTalk.com

If anyone has had emails purportedly from Sipgate with the following
content, they are phishing scams and are NOT from Sipgate. A friend has
had two recently, one with an executable, so take care:
[color=blue]
>Dear Sipgate Member,
>
>We have temporarily suspended your email account
>mailto:xxxxxx@xxxxxx.co.uk.
>
>This might be due to either of the following reasons:
>
>1. A recent change in your personal information (i.e. change of address).
>2. Submiting invalid information during the initial sign up process.
>3. An innability to accurately verify your selected option of
>subscription due to an internal error within our processors.
>See the details to reactivate your Sipgate account.
>
>Sincerely,The Sipgate Support Team[/color]

also
[color=blue]
>Dear user xxxxxx,
>
>It has come to our attention that your Sipgate User Profile ( x ) records
>are out of date. For further details see the attached document.
>
>Thank you for using Sipgate!
>The Sipgate Support Team
>+++ Attachment: No Virus (Clean)
>+++ Sipgate Antivirus - [url]http://www.sipgate.co.uk[/url][/color]

I never heard of Sipgate Antivirus..!

Please be on the lookout for this.


Ivor

On Thu, 29 Mar 2007 15:05:18 +0100, "Ivor Jones"
<ivor@despammed.invalid> wrote:
[color=blue]
>
>If anyone has had emails purportedly from Sipgate with the following
>content, they are phishing scams and are NOT from Sipgate. A friend has
>had two recently, one with an executable, so take care:[/color]
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN
YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN YAWN

<Clavox@lancs.no-ip.co.uk> wrote in message
news:cpin03t4ljp3v3bkl1g0ag4snq4oonmork@4ax.com...
[color=blue]
> YAWN.....YAWN[/color]

Now there's a surprise!

Rob

Ivor Jones wrote:[color=blue]
> If anyone has had emails purportedly from Sipgate with the following
> content, they are phishing scams and are NOT from Sipgate. A friend has
> had two recently, one with an executable, so take care:
>[color=green]
>> Dear Sipgate Member,
>>
>> We have temporarily suspended your email account
>> mailto:xxxxxx@xxxxxx.co.uk.
>>
>> This might be due to either of the following reasons:
>>
>> 1. A recent change in your personal information (i.e. change of address).
>> 2. Submiting invalid information during the initial sign up process.
>> 3. An innability to accurately verify your selected option of
>> subscription due to an internal error within our processors.
>> See the details to reactivate your Sipgate account.
>>
>> Sincerely,The Sipgate Support Team[/color]
>
> also
>[color=green]
>> Dear user xxxxxx,
>>
>> It has come to our attention that your Sipgate User Profile ( x ) records
>> are out of date. For further details see the attached document.
>>
>> Thank you for using Sipgate!
>> The Sipgate Support Team
>> +++ Attachment: No Virus (Clean)
>> +++ Sipgate Antivirus - [url]http://www.sipgate.co.uk[/url][/color]
>
> I never heard of Sipgate Antivirus..!
>
> Please be on the lookout for this.
>
>
> Ivor
>
>[/color]
Nothing new. Its the W32/Mytob virus that has been around since
2005-ish. Any half decent AV package will find it and kill it.

[url]http://www.sophos.co.uk/virusinfo/analyses/w32mytobat.html[/url]

Now, if you had posted the headers we might have been able to trace the
source which would have been far more useful.

"Ivor Jones" <ivor@despammed.invalid> wrote in message
news:571vdpF2b4d6lU1@mid.individual.net...[color=blue]
>
> If anyone has had emails purportedly from Sipgate with the following
> content, they are phishing scams and are NOT from Sipgate. A friend has
> had two recently, one with an executable, so take care:
>[color=green]
>>Dear Sipgate Member,
>>
>>We have temporarily suspended your email account
>>mailto:xxxxxx@xxxxxx.co.uk.
>>
>>This might be due to either of the following reasons:
>>
>>1. A recent change in your personal information (i.e. change of address).
>>2. Submiting invalid information during the initial sign up process.
>>3. An innability to accurately verify your selected option of subscription
>>due to an internal error within our processors.
>>See the details to reactivate your Sipgate account.
>>
>>Sincerely,The Sipgate Support Team[/color]
>
> also
>[color=green]
>>Dear user xxxxxx,
>>
>>It has come to our attention that your Sipgate User Profile ( x ) records
>>are out of date. For further details see the attached document.
>>
>>Thank you for using Sipgate!
>>The Sipgate Support Team
>>+++ Attachment: No Virus (Clean)
>>+++ Sipgate Antivirus - [url]http://www.sipgate.co.uk[/url][/color]
>
> I never heard of Sipgate Antivirus..!
>
> Please be on the lookout for this.
>
>
> Ivor[/color]

Hi Ivor,
its W32/Zotob.J or one of its varients.
This explains how it works, as you can see "Sipgate" can be replaced with
any string gleaned randomly from the victims email "from" headers.

[url]http://www.protectorplus.com/virus_info/worms/zotobj.htm[/url]

Graham.
%Profound_observation%

"Desk Rabbit" <nospam@example.com> wrote in message
news:v-SdnQcyechKQJbbnZ2dneKdnZydnZ2d@pipex.net

[snip]
[color=blue]
> Nothing new. Its the W32/Mytob virus that has been around
> since 2005-ish. Any half decent AV package will find it
> and kill it.[/color]

Almost certainly, as you say. But I hadn't seen the message text
purporting to be from Sipgate before.
[color=blue]
> [url]http://www.sophos.co.uk/virusinfo/analyses/w32mytobat.html[/url]
>
> Now, if you had posted the headers we might have been
> able to trace the source which would have been far more
> useful.[/color]

Unfortunately I wasn't given them, only what you see, the emails were to a
friend not me.

Ivor

Ivor Jones wrote:[color=blue]
> "Desk Rabbit" <nospam@example.com> wrote in message
> news:v-SdnQcyechKQJbbnZ2dneKdnZydnZ2d@pipex.net
>
> [snip]
>[color=green]
>> Nothing new. Its the W32/Mytob virus that has been around
>> since 2005-ish. Any half decent AV package will find it
>> and kill it.[/color]
>
> Almost certainly, as you say. But I hadn't seen the message text
> purporting to be from Sipgate before.[/color]

The domain name is a variable in the virus code, it just as easily been
bbc.co.uk etc..

[color=blue][color=green]
>> [url]http://www.sophos.co.uk/virusinfo/analyses/w32mytobat.html[/url]
>>
>> Now, if you had posted the headers we might have been
>> able to trace the source which would have been far more
>> useful.[/color]
>
> Unfortunately I wasn't given them, only what you see, the emails were to a
> friend not me.[/color]

Then ask your friend for the headers.

"Desk Rabbit" <nospam@example.com> wrote in message
news:28idndJ5Qs_leJHbRVnyuAA@pipex.net

[snip]
[color=blue][color=green][color=darkred]
> > > Now, if you had posted the headers we might have been
> > > able to trace the source which would have been far
> > > more useful.[/color]
> >
> > Unfortunately I wasn't given them, only what you see,
> > the emails were to a friend not me.[/color]
>
> Then ask your friend for the headers.[/color]

I have done so, awaiting reply.

Ivor

Rob wrote:[color=blue]
> <Clavox@lancs.no-ip.co.uk> wrote in message
> news:cpin03t4ljp3v3bkl1g0ag4snq4oonmork@4ax.com...
>[color=green]
> > YAWN.....YAWN[/color]
>
> Now there's a surprise![/color]

It's only the Anti-Sipgate / Anti-Ivor idiot (Dexter)... Ignore him!

Nick.

On 31 Mar 2007 09:12:44 -0700, "The Last Outpost"
<the_last_outpost@ntlworld.com> wrote:
[color=blue]
>
>Rob wrote:[color=green]
>> <Clavox@lancs.no-ip.co.uk> wrote in message
>> news:cpin03t4ljp3v3bkl1g0ag4snq4oonmork@4ax.com...
>>[color=darkred]
>> > YAWN.....YAWN[/color]
>>
>> Now there's a surprise![/color]
>
>Anti-Ivor idiot (Dexter).
>
>Nick.[/color]
Takes one to know one Nick and incidently it WAS Ivor who started the
yawn stupidity but I fully intend to finish it and if you are anyone
else dosen't like it tough .
Now FOAD .