home
 -----------------------------
 tonight's sky
    star chart
    messier objects
    the moon
    the planets
    jupiter's moons
    the sun
    aurora
    weather
 -----------------------------
 calendar
    monthly highlights
    lunar phases
    sunrise/sunset
    news archive
 -----------------------------
 community
    discussion forums
    search forums
    club directory
 -----------------------------
 the basics
    faq
 -----------------------------
 observer's guides
    mars
    jupiter
 -----------------------------
 telescope making
    scope plans
    photo gallery
    optics
    mechanics
    ccd cameras
    observatories
 -----------------------------
 site utilities
    my profile
    contact
    search
    virus warnings
    feedback
    monitor calibration 
    user map
    colophon
 -----------------------------
 
virus & spam warnings  
 home  

 

Don't be fooled by emails that claim to be from us!

They aren't from us and they don't originate on our servers. In all cases, the from address has been forged so that it appears to be from AstronomyDaily.com -- such is the price of popularity!

Here are some of the fraudulent emails we have seen so far, grouped by their subject lines:

Various Subjects

We've seen a number of different messages and subjects containing viruses with the following reply-to email addresses:

administrator@astronomydaily.com
info@astronomydaily.com
mail@astronomydaily.com
service@astronomydaily.com
support@astronomydaily.com
register@astronomydaily.com

We do not use any of those addresses, so if it comes from one of those, it is fraudulent.

Subject: "Save your money buy getting this thing here"

The from address on this one is "Tran Herman" <huisarts@astronomydaily.com>. The message body reads:

You have not tried Cialls yet?
Than you cannot even imagine what it is like to be a real man in bed!
The thing is that a great errrect1on is provided for you exactIy when you want.
Cialls has a lot of advantaqes over Viagra

- the effect lasts 36 hours!
- you are ready to start within just 10 minutes!
- you can mix it with aIcohoI!
We ship to any country!

The link in the email goes to a site in Australia selling Cialis.

They have forged our domain in the reply-to address.

Subject: "Clear benefits of creative design"

The from address on this one is "Hilma Leonard" <bpohantsch@astronomydaily.com>. The message body reads:

It is really hard to recollect a company: the market is full of suggestions and the information is overwhelming; but A GOOD CATCHY LOGO ,STYLISH STATlONERY and OUTSTANDlNG WEBSITE will make the task much easier.
We do not promise that having ordered a Iogo your company will automaticaIly become a world Ieader: it is quite cIear that without qood products ,effective business organization and practicable aim it will be hot at nowadays market; but we do promise that your marketing efforts will become much more effective.

etc., etc., etc....

The links in the email go to a professional looking site called "ClearLogo" and their opt-out link goes to a fake ISP that claims to be in Chicago, but a whois lookup shows that both domains belong to a spammer in Russia.

They have forged our domain in the reply-to address.

Subject: "Delivery reports about your e-mail"

The from address on this one is usually Automatic Email Delivery Software, noreply@astronomydaily.com or orlando@astronomydaily.com (just for the record, we don't have an Orlando). The message body reads:

Dear user of www.astronomydaily.com, administration of www.astronomydaily.com would like to inform you that,

We have received reports that your account was used to send a large amount of junk email messages during this week. Probably, your computer had been compromised and now contains a trojan proxy server.

We recommend that you follow the instructions in the attached text file in order to keep your computer safe.

Sincerely yours, The www.astronomydaily.com support team.

The links in the email are valid and actually go to us, making the message appear more legitimate. There is an attached ZIP file that contains a virus. Keep in mind that variations in the subject, from address, or body text are possible. Just remember that you will NEVER get a valid email from us with a similar message. So if it looks at all similar to this, it's false.

Subject: "Mail Delivery (failure webmaster@astronomydaily.com)"

This one usually has a from address of webmaster@astronomydaily.com, but we have seen completely random from addresses that do not reference AstronomyDaily.com at all. The message body reads:

If the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
www.astronomydaily.com/inbox/webmaster/read.php?sessionid-21016

The sessionid number is randomly generated. This email has a virus embedded in an attachment. The link to astronomydaily.com in the message body is false. It does not link to us -- it activates the virus.

Subject: "Returned Mail: see transcript for details"

This one masquerades as one of your emails that bounced from our server. The from address is usually postmaster@www.astronomydaily.com. We never use that address, so any email from that address is a virus. The email message reads as follows:

Your message was not delivered due to the following reason(s):

Your message could not be delivered because the destination server was unreachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configuration parameters.

Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now.

Your message could not be delivered within 2 days:
Server 126.59.40.41 is not responding.

The following recipients could not receive this message: <orlando@www.astronomydaily.com>

Please reply to postmaster@www.astronomydaily.com
if you feel this message to be in error.

Note that this email references "Orlando" again, so it was probably created by the same criminal as the first example above. There are no links in the email, the whole point is to get you to look at the attached file, which contains the virus.

Subject: "Returned Mail: data format error"

This is a variation of the previous message. The from address is usually postmaster@www.astronomydaily.com. Once again, we never use that address, so any email from that address is a virus. The email message reads as follows:

The original message was received at Thu, 12 Aug 2004 19:09:13 -0400 from www.astronomydaily.com [84.57.200.97]

----- The following addresses had permanent fatal errors ----- <orlando@www.astronomydaily.com>

----- Transcript of session follows -----
... while talking to www.astronomydaily.com.:
>>> MAIL From:"The Post Office" <postmaster@www.astronomydaily.com>
<<< 503 "The Post Office" <postmaster@www.astronomydaily.com>... Address blacklisted

The links are legitimate and actually go to us, but the attached file contains a virus. Expect to see some variation in the date, time and IP addresses referenced in the message text. It appears you are supposed to think you have been blacklisted by us, and that will make you look at the attached file.

Subject: any

This one is older, but still shows up from time to time. The subject, from address, and message body are all randomly generated. So far, we have seen from addresses of staff@astronomydaily.com, admin@astronomydaily.com, or webmaster@astronomydaily.com, but any name@astronomydaily.com is possible. Some of the possible message bodies are:

Hello user of Astronomydaily.com e-mail server,

Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.

For further details see the attach.

For security reasons attached file is password protected. The password is "70500".

Cheers,
   The Astronomydaily.com team                  http://www.astronomydaily.com

 

Dear user of "Astronomydaily.com" mailing system,

Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.

For further details see the attach.

Attached file protected with the password for security reasons. Password is 18184.

Have a good day,
   The Astronomydaily.com team                  http://www.astronomydaily.com

Other possible messages are:

Your e-mail account has been temporary disabled because of unauthorized access. Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

In all cases, the attached file contains a virus.

  
copyright ©1993-2007 AstronomyDaily.com, its suppliers, or contributors. All rights reserved.
home | privacy policy | terms of use