Sorry your browser is not supported!

Quote: "Dear friend,

I am Mrs. Sese-seko widow of late President Mobutu
Sese-seko of Zaire, now known as Democratic Republic
of Congo (DRC). I am moved to write you this
letter. This was in confidence considering my present
circumstance and situation. I escaped along with my
husband and two of our sons out of Democratic
Republic of Congo (DRC) to Abidjan, Cote d'ivoire
where my family and I settled, while we later
moved to settled in Morroco where my husband later
died of cancer disease.

However, due to this situation we decided to change
most of my husband's billions of dollars deposited in
Swiss bank and other countries into other forms of
money coded for safe purpose because the new head of
state of (Dr) Mr Laurent Kabila has made arrangement
with the Swiss government and other European countries
to freeze all my late husband's treasures deposited in
some european countries. Hence, my children and I
decided laying low in Africa to study the situation
till when things gets better. Like now that
president Kabila is dead and the son taking over
(Joseph Kabila). One of my late husband's chateaux in
Southern France was confiscated by the french
government, and as such I had to change my identity so
that my investment will not be traced and confiscated.


I have deposited the sum Fourteen Million United State
Dollars (US$14,000,000,00.) With a security company
for safe keeping. What I want you to do is to indicate
your interest that you can assist us in receiving the
money on our behalf, so that I can introduce you to my
son who has the out modalities for the claim
of the said funds. I want you to assist in investing
this money, but I will not want my identity revealed.
I will also want to acquire real/landed properties and
stock in multi-national companies and to engage in
other safe and non-speculative investments as advise
by your good self.

May I at this point emphasize the high level of
confidentiality, which this upcoming project demands,
and hope you will not betray the trust and
confidence, which I repose in you.In conclusion, if
you want to assist us, my son (Kennedy) shall divulge
to you all briefs regarding this project, tell you
where the funds are currently being maintained and
also discuss remuneration for your services.For this
reason please kindly furnish us your contact
information,that is your personal telephone and fax
numbers respectively for validation purpose and
acknowledge receipt of this mail.

Yours sincerely,

Mrs. Mariam M. Seseseko. "

Quote: "To: l_estrada@willoconsults.com
CC:
Subject: for your attention.
Date: Thu, 4 Mar 2004 01:38:25 -0800 (PST)
Return-Path: <l_estrada@willoconsults.com>
Delivered-To: homeyg:mad.scientist.com@mail.com
X-Ob-Received: from unknown (205.158.62.72)by mta1-2.us4.outblaze.com; 4 Mar 2004 09:39:10 -0000
Received: from web109.biz.mail.yahoo.com (web109.biz.mail.yahoo.com [216.136.174.219])by spf10.us4.outblaze.com (Postfix) with SMTP id 572F3EAB9Dfor <homeyg@mad.scientist.com>; Thu, 4 Mar 2004 09:38:59 +0000 (GMT)
Message-Id: <20040304093825.21806.qmail@web109.biz.mail.yahoo.com>
Received: from [81.199.84.88] by web109.biz.mail.yahoo.com via HTTP; Thu, 04 Mar 2004 01:38:25 PST
Reply-To: masese1@web-mail.com.ar
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii"

Quote: "stock in multi-national companies and to engage in
other safe and non-speculative investments as advise
by your good self"

Quote: "Symantec Security Response - W32.Beagle.J@mm

-Is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email.
-Sends the attacker the port on which the backdoor listens, as well as the IP address.
-Attempts to spread through file-sharing networks, such as Kazaa and iMesh, by dropping itself into the folders that contain "shar" in their names.

The email has the following characteristics:

From: Spoofed to appear as though it is coming from one of the following addresses at the recipient's domain:
- management
- administration
- staff
- noreply
- support

Attachment: A randomly named .exe file, stored inside a .zip file, or a .pif file. The .zip file may be password-protected, though Symantec antivirus products will detect these files.

From: (May be one of the following)
management@<recipient domain>
administration@<recipient domain>
staff@<recipient domain>
noreply@<recipient domain>
support@<recipient domain>

Subject: (One of the following)
E-mail account disabling warning.
E-mail account security warning.
Email account utilization warning.
Important notify about your e-mail account.
Notify about using the e-mail account.
Notify about your e-mail account utilization.
Warning about your e-mail account.

Message: (One of the following lines)
Dear user of <domain>,
Dear user of <domain> gateway e-mail server,
Dear user of e-mail server "<domain>",
Hello user of <domain> e-mail server,
Dear user of "<domain>" mailing system,
Dear user, the management of <domain> mailing system wants to let you know that,


Followed by one of the following paragraphs:
Your e-mail account has been temporary disabled because of unauthorized access.
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.
Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.
Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

Followed by one of the following lines:
For more information see the attached file.
Further details can be obtained from attached file.
Advanced details can be found in attached file.
For details see the attach.
For details see the attached file.
For further details see the attach.
Please, read the attach for further details.
Pay attention on attached file.

Followed by:
The <domain> team http://www.<domain>

Followed by one of the following lines:
The Management,
Sincerely,
Best wishes,
Have a good day,
Cheers,
Kind regards,

If the attachment is a zip file, the message will include one of the following lines:
For security reasons attached file is password protected. The password is "<password>".
For security purposes the attached file is password protected. Password is "<password>".
Attached file protected with the password for security reasons. Password is <password>.
In order to read the attach you have to use the following password: <password>.


--------------------------------------------------------------------------------
Notes:
<domain> is the domain name part of the email address.
<password> is a five-digit, random number that the worm used to encrypt the attached .zip file.
--------------------------------------------------------------------------------

Attachment: <One of the following names>.zip or .pif:
Attach
Information
Readme
Document
Info
TextDocument
TextFile
MoreInfo
Message

The .zip file contains a randomly named .exe file, which is password-protected with the aforementioned password.


The worm will not send email messages to the addresses containing any of the following strings:
@hotmail.com
@msn.com
@microsoft
@avp.
noreply
local
root@
postmaster@"