Here is the Hahaha email text:
Faltaba apenas un dia para su aniversario de de 18 aņos. Blanca de Nieve fuera
siempre muy bien cuidada por los enanitos. Ellos le prometieron una *grande*
sorpresa para su fiesta de compleaņos. Al entardecer, llegaron. Tenian un brillo
incomun en los ojos...
DO NOT OPEN THE ATTACHMENT
Here is the response:
Please read this whole email as it contains information that can
| be used to protect your computer from a Virus that is spreading
| around the internet.
|
|NOTA BENE: This message is automatically generated; PLEASE DO NOT REPLY.
| Subsequent email with the same reply-to address should not
| induce additional responses from this service.
+---------
Hello,
You are receiving this message because an email, which contained
your email address as the return / reply-to address, was sent to
[email protected]. This is a list of possible reasons why you received
this message.
1) You sent an email to
[email protected] to request, complain or notify
this user that they are SPAMMING, sending an email with a virus,
sending an email that has content that may not be appropriate for
minors, to be removed from a mailing list, etc..
2) Someone else sent an email to
[email protected] and they are using
your email address as their return / reply-to address. If this is
the case we are sorry that this email was sent to you but please
do read it as it does contain information about a virus that is
spreading around the internet that we are trying to stop / slow
down.
3) You may already be infected with the computer virus for which this
email is trying to inform you of. This virus (W32.Hybris.gen)
will send a copy of itself to the reply-to address of any incoming
emails that a infected computer receives. So when you received
another copy of the "SPAM" that this virus sends out from another
infected computer, the virus sends a copy of itself to
[email protected] since
[email protected] is the reply-to address
of the "SPAM" the virus sends out.
4) Your anti-virus software sent an email back to
[email protected] to
inform them that the email they sent to you contains a virus. Most
of the time this email is sent without you knowing by the anti-virus
software itself.
5) Somone has subscribed the email address
[email protected] to a mailing
that you do subscribe to. Our program that sends out this message tries
to make sure that it is not responding to any emails that it receives
from a list server by checking the full email headers for list
information. Some lists do not provide any keys in their full email
headers that we can use to keep the our program from responding. If you
think this is the case please contact your list admin and have them
remove
[email protected] from their member list. Thanks.
The truth about this SPAM, that contains Snowwhite in the Subject, is
that a virus called W32.Hybris.gen sends out these emails with attachments
that are also infected with this virus from a already infected computer
hopping to infect more computers. This virus uses the address book as well
as scans incoming and outgoing mail and http traffic for email address
to send a copy of itself to. These emails the virus sends out use a
fake / spoofed FROM: address of
[email protected] to hide its tracks.
We registered the domain sexyfun.net in order to provide the people
of the internet information about this virus as well as tips on how
to detect, clean, trace and protect yourself from this virus.
Here is a list of other facts that may answer some of your questions
that you may have already.
1) We do NOT maintain any mailing lists on our system.
2) This user (hahaha) does NOT exist on our system.
3) The email that you got with the From: field of
[email protected]
did NOT come from sexyfun.net or the hosting companies network.
This email address was FAKED / SPOOFED.
4) The email you got is in FACT a way for the (W95.Hybris.gen) virus
to spread itself around the world / Internet like the ILOVEYOU
virus of a few months past.
5) If you would look at the Received: line of the FULL email header, it
will tell you the real IP / Computer name that has sent you this
virus, which is most likely someone you know that is infected with
the virus and is not aware of it.
6) The owner of the domain sexyfun.net and the hosting company has
setup a help page with information about the (W95.Hybris.gen)
virus, links to software that you can use to clean your computer
if you are infected as well as other misc. information.
7) We did NOT create the virus or know who the person is that created
the virus. We are NOT affiliated with this person / persons and the
same applies to our hosting company.
NOTE: As long as you don't run / open / double click on the attachment
of this email, this virus should not be able to infect you just
by reading the email.
Here are links to well known companies of anti-virus products that
will show that what has been said above is true.
http://www.f-secure.com/v-descs/hybris.shtml
http://www.kaspersky.com/news.asp?tnews=0&nview=1&id=134&page=0
This is the link to the website we have setup to provide additional
information about this Virus.
http://www.sexyfun.net/ (this is not a adult site of any type)
If have any questions about this, our contact information is located on
our web site ( http://www.sexyfun.net/ )
Thanks you for your time.
-----
NOTE: Any replies sent to this email are not viewed by us. Please use
our contact information located on our site. Thanks.