spoofed sender is txtpe[at]bosjon.com.au, sender IP is 61.117.145.29:To Whom It May Concern:
I am tired of receiving messages containing malicious computer programs (viruses) from your e-mail address!!!
If within 1-2 days you do not stop sending messages to my e-mail address, I will have to address this issue to the Police!...
Today I received a hard copy of your data logs from my Internet service provider. The copy contains your IP address, logs of sending malicious programs and your e-mail address details...
I am sending you the copy of the document containing your data and logs of sending malicious programs as the proof of your fault!!!!!!
You must print the document containing the list of your data and logs of sending malicious programs and pass it on to your Internet service provider with, so that they could find out why the viruses are sent from your computer to my e-mail address!!!!
Ask your Internet service provider to resolve this problem!!!!
Do this now!!!
Once again!!! If you don’t stop sending the letters, I will address to the Police and file a lawsuit against you!!!
located in Japan.MITSUBISHI SHOJI LIGHT METAL SALES CORPORATION
now the fun part:
the email includes a zip file as attachment, inside a file name "IPLOGS"...of course an .exe but the used icon is the one of a pdf file:
I uploaded the file in case someone is interested and want to play with a disassembler: http://www.megaupload.com/?d=HGSZV91SAuthentium - - W32/Malware!OC-based
Avast - - -
AVG - - PSW.Generic6.ABAB
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - Trojan.Zbot-2110
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Malware!OC-based
F-Secure - - Trojan.Win32.FraudPack.gen
Fortinet - - PossibleThreat
GData - - Trojan.Win32.FraudPack.gen
Ikarus - - Trojan.Win32.FraudPack
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.FraudPack.gen
McAfee - - -
Microsoft - - PWS:Win32/Zbot.gen!B
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - Troj/PWS-ATH
Sunbelt - - -
Symantec - - Infostealer.Banker.C
do not download or open this file if you don't exactly know what you are doing!