1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Price attachment from Tagmclaren helpdesk

Discussion in 'TAG McLaren Audio Owners' Forum' started by edward, Dec 24, 2004.

  1. edward

    edward
    Member

    Joined:
    Apr 2, 2003
    Messages:
    855
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    32
    Location:
    Reading
    Ratings:
    +26
    I recieved an email with a subject of "Re:Hi" and sent to the email address I registered with the old Tag Mclaren help desk.

    It appears to be to a distribution list called "AV" and contains only a ":)" in the message body but it has an attachment called "Price". The file type got munched by my firewall so I don't know what it is. It doesn't appear to be a .zip or a .doc

    A quick check of the message header shows it is quite different from the IAG stuff but otherwise looks genuine enough.

    Has anyone else recieved one? Have they opened it without any apprent harm to their system? What was the original file type and was it good news?

    Yes, I phoned the helpdesk - no reply.
     
  2. Kenny Glasgow

    Kenny Glasgow
    Well-known Member

    Joined:
    Apr 1, 2004
    Messages:
    3,346
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    Livingston, Scotland
    Ratings:
    +225
  3. simon40

    simon40
    Active Member

    Joined:
    May 30, 2003
    Messages:
    191
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Dorset
    Ratings:
    +4
    None received here Edward.
     
  4. JES

    JES
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    From what you describe it looks like a typical job from the mail worms that are spreading everyday. I can mean that the tag helpdesk mailer system is infected and/or that that address was spoofed. Either way, since your firewall caught it you should be fine.

    Hope this helps,
     
  5. edward

    edward
    Member

    Joined:
    Apr 2, 2003
    Messages:
    855
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    32
    Location:
    Reading
    Ratings:
    +26
    Wierd that they used the TAG helpdesk as an email to spoof and then they went for an email address that I only use for AV emails.

    Anyway, the Capon is begging to come out of the oven.
     
  6. edward

    edward
    Member

    Joined:
    Apr 2, 2003
    Messages:
    855
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    32
    Location:
    Reading
    Ratings:
    +26
    Got a couple more yesterday - from different IP addresses but all apparently from AOL in Frankfurt - another attachment called Price and one called Joke. So its not the IAG mail server that is sendiing them - but if someone has harvested addresses from there, the rest of you can expect this stuff to follow.

    Does TAG McLaren have people responsible for defending their corporate identity?

    Reminds me of the dark days of TAG McLaren Audio's own web site, where the nastey little germs and green-eyed monsters used to excrete for no good reason.
     
  7. GrahamMG

    GrahamMG
    Well-known Member

    Joined:
    May 8, 2004
    Messages:
    4,449
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    UK
    Ratings:
    +192
    Its a virus of sorts, our firewall also catches them......Seems likely that someone at IAG or the old TAG site has caught a cold..... Whatever you do don't open the message attachment if it gets through......Our IT bods sent around a warning about this one about 6 weeks ago and updated the virus definition files......
     
  8. edward

    edward
    Member

    Joined:
    Apr 2, 2003
    Messages:
    855
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    32
    Location:
    Reading
    Ratings:
    +26
    I've advised AOL about it and given them enough detail so they should be able to track the person - if they've any will to do so to prevent mail server operators bouncing AOL mail and devaluing their product.

    They first bounced the emails I sent them because I included the attachment. Having sent them, with headers, to the requested alternative address, I've heard nothing - and they still keep coming. I'm not convinced its entirely a worm - it only comes from AOL mail servers, the message text shows some variation and so does the attachment name.

    The worrying thing is that it is using a TAG McLaren email address - and the TMA illuminati is a gentlemen's club, dammit!
     
  9. GrahamMG

    GrahamMG
    Well-known Member

    Joined:
    May 8, 2004
    Messages:
    4,449
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    UK
    Ratings:
    +192
    Edward.
    A bloke at work still tries to send me these mails as well (and no I don't know all 26,000 staff so I just delete them) with slightly different messages, the fatal mistake is replying to the sender telling him he has a virus, you just get more mail until you set the firewall to filter them........or get the IT bods to update definitions to rid you of the menace. I can't remember what it unleashes on your PC if you click the attachment but the IT lot sent a dire warning thing when this came to light.......
    So who at TAG had your e-mail address and is also an AOL customer???? Doesn't narrow it down much does it......

    I know you know about this stuff far more than I, so I'd be curious as to how you resolve this just in case it happens to me at home.
     
  10. Miron

    Miron
    Active Member

    Joined:
    Sep 26, 2002
    Messages:
    1,408
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    51
    Location:
    Vienna, Austria
    Ratings:
    +49
    but they all know you of course :)
    indeed
    my old boss did that that once and we ended with up to 1000 spams a day. And, no, we are not size of bbc, just dozen of nuts in the company (hope noone reads this :laugh: ).

    edward, this sometimes turns into a desaster. someone did this with one of our domains and we ended on a few blacklists , worst the one from bigpond (half aussies use it)
    i still get nightmares when i remember those times with half of our real mails swallowed from filters or bounced back ... grrrrrrrr
     
  11. GrahamMG

    GrahamMG
    Well-known Member

    Joined:
    May 8, 2004
    Messages:
    4,449
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    UK
    Ratings:
    +192
    Probably......... I appear to be everyone's "get out of jail free" card......
     
  12. AndrewH13

    AndrewH13
    Distinguished Member

    Joined:
    Jan 5, 2004
    Messages:
    15,408
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Southend, Essex
    Ratings:
    +5,638
    Edward,

    Sounds like the Beagle virus we had doing the rounds a month or so ago. I run a table-tennis league site, and many of the committee have say 100+ members in their address book. What was annoying was the the virus picked a random 'sender' from someone's address book to a random 'receiver' and kept on sending them with the same details. This was repeated for about 30 members! A good way of getting everyone up in arms accusing each other of spreading the virus.

    Investigation showed that the 'sending' address was irrelevant, the 12 digit ip address was always from the same person. The culprit never owned up, but the publicity we sent out finally had an effect when for all 30 people, they suddenly stopped receiving them.

    If you are in someones address book who has the virus, there seems to be no way of preventing them being received other than blocking as BBC-G said.

    Hi Graham, long time no hear! Havnt been using new forum till now. We had fun with the SKY/BBC moving picture problem last time we were speaking!

    Hello any other old regulars, a trip to Huntingdon in the snow seems a distant memory.

    Andrew from Essex (I think it used to say ;-) )
     
  13. GrahamMG

    GrahamMG
    Well-known Member

    Joined:
    May 8, 2004
    Messages:
    4,449
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    UK
    Ratings:
    +192
    Hi Andrew.

    Welcome back to the fold, any more dodgy BBC recordings on that DVD recorder of yours?
     
  14. Miron

    Miron
    Active Member

    Joined:
    Sep 26, 2002
    Messages:
    1,408
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    51
    Location:
    Vienna, Austria
    Ratings:
    +49
    Yes Graham ,
    it is nice to have old squad around. Almost everyone's here now, apart from Glenn who does not want. I am also not sure if Ben and Paul read it, also the swedish rock climber (forgot his name), but most guys are around.
    Although some of them are far from being regular, haven't seen Peter around for quite a while (probably chasing new nautilussss)...

    ....Hangover today....
     
  15. AndrewH13

    AndrewH13
    Distinguished Member

    Joined:
    Jan 5, 2004
    Messages:
    15,408
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    166
    Location:
    Southend, Essex
    Ratings:
    +5,638
    Graham,

    I assume dvdr recordings from sky/bbc ok now although I got into the habit of using Sky 944 BBC London to solve the problem while waiting for the update of the 'out of london' transmitters. The default SKY progs for me are 103 London ITV but 101 BBC East which as you know had the problems when recording (seems sky is a little inconsistent with the regions but I prefer London anyway.)

    Happy New Year to all, here's wishing for the AV32DP 2005 HDMI in/out update seeing that SKY's hi-def is only going to be braodcast via digital video output and not component.
     
  16. edward

    edward
    Member

    Joined:
    Apr 2, 2003
    Messages:
    855
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    32
    Location:
    Reading
    Ratings:
    +26
    Hi Andrew,
    I'm not sure that Beagle explains the known facts of this case:
    - its always comes from an AOL user in Frakfurt (according to the IP address in the header)
    - its always "Helpdesk" which translates into helpdesk@tagmclaren.com (
    - the name of the attachment varies but isn't random (which is a property of Beagle/Bagle) and it is a different size from Beagle/Bagle
    - the subject varies
    - the message varies.

    Still, it a useful avenue for thought - thanks.

    If enough email server managers advise AOL that they are going to bounce all emails from their customers, AOL might then consider the matter serious enough to act against this germ. AOL don't seem up to the task yet - I'm still getting them.
     

Share This Page

Loading...