Farelf Posted December 26, 2009 Share Posted December 26, 2009 Just in case others might receive same/similar and be intrigued, the following may satisfy curiosity without resorting to the risky business of actually opening ... These set the record (for me) for sheer size - 8636 KB, two arriving in close succession, identical, each claiming (in Russian) "this message will be sent only once," this is not spam," and "your address received from open sources." Three lies in two consecutive paragraphs - that is nearing a record too. Anyway, this will represent the spam pair: - http://www.spamcop.net/sc?id=z3606901154z6...329d269093d454z Attachments were: NewPro.rar 395 KB http://www.virustotal.com/analisis/b80da56...e58c-1261800143 MD5...: 8eb062037002d15ba70245d1101695d6 SHA1..: 5c7d8feaab769559c2335d5f751f83832c18962e SHA256: b80da561326e39327dab2115b245966c94505d2aac3dd21ca588d1b600abe58c ssdeep: 12288:BaEf4PIKTn+BHa8JriuuV5TSIJGnWLJnbhX0K1gf:pAQKj+BH5JriRIIYn WJnFD0 and (not seen in the report due to truncation): Secret.rar 5,872 KB http://www.virustotal.com/analisis/b384045...2653-1261800346 MD5...: 3e03adb0a883a0e8b0b6baf0fe0d0355 SHA1..: fce9c58c5bc3fae6f730cf27d1b15da16040c2c2 SHA256: b3840454fee4674af9cd8af43bf6bb1c730b610e5f4f70e7a5ad106eb4572653 ssdeep: 98304:YwInz42pmyUFvd8XIfq/7iDmRn+yjqIRRCuIQC50EoubuQlLUg1cOLSKYP TESi:Yw44imyUFyXViiR95IQCGEou7lLUahAy Both scoring 0/41 at VirusTotal (no threats found) - but note that is no guarantee (particularly right now with many AV providers pausing briefly for festivities). The thrust of this exercise in futility and internet vandalism: "I offer you a special kind of activity on the Internet, which will become your source PASSIVE INCOME!" What it will achieve in the real world is of course to overload many momentarily unattended/uncleared mailboxes, virtually in one hit - in those cases where ISP filtering lets it through at all. Not discounting the possibility that one or both of the attachments is actually malicious. Or the first pair of attachments were harmless and the second pair malicious (I fully checked only one pair, VT deserves a recuperation break too). Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.