X.W32/troj.PW9/29

Subject: (name varies with recipient) Bill for angier. Please pay within this week.
Attachment: bill.zip
AVs: 4/36 (11.11%) es, fs, kas



Hello angier, the bill is attached. Password is 123.

X.W32/troj.9-29-fee

Subject: Statement of fees 2008/09
Attachment: Fees_2008_2009_N389.zip
AVs: 1/36 (2.78%) the




Please find attached a statement of fees as requested, this will be
posted today.

The accommodation is dealt with by another section and I have passed
your request on to them today.

Kind regards.

Emily (varies with spoofed sender)

X.W32/troj.law

Subject: The penalties have been toughened, New Law, Legislation
Attachment: New_Law.zip
AVs: 6/36 (16.67%) ant, aut, fp, mca, sec, the


Greating (greeting varies)

New clauses have been added to the legislation regulating your online activities; some of the operations are now considered illegal. The new law has come into force as of 25.09.2008; the penalties have been toughened.

Please read the new document and be more accurate further on.

Give my regards to your sister (closing varies)

X.W32/Agent.pass.protect

Subject: Bill for cindyp(anyname)

Attachment: Bill.zip

AVs: 6/36 (16.67%) Au, F-p, F-s, Fo, Ka

Body:

Hello cindyp, the bill is attached. Password is 123.

X.W32/Heuristic-book

Subject: The Best Book, Excellent Book, Wonderful Book

Attachment: Approved.zip

AVs: 7/36 (19.44%) An, Au, F-p, Mc, Se, Sy, The

Greating Friend,

Your new book has brought a lot of excitement to our editorial staff.It's certainly this year's best in its genre. You seem to never going toquit surprising us.

We have made a contract with you and guarantee that the first edition will total at least 10 million copies.

Enclosed is the approved and edited copy of your amazing book.

Thank you for this paragon of beauty.

Please get in touch with us at your earliest convenience.

Till next time

X.Mal/EncPk_eca

Subject: You have received an Greeting eCard

Attachment: ecard.zip

AVs: 8/36 (22.22%) An, AV,eS, Mc, Se, So, Tr, VB

Good day.

You have received an eCard

To pick up your eCard, open attached file.

We hope you enjoy you eCard.

Thank You!

X.PW.exe

Subject: Important document for rudolph (recipient's name)
Attachment: bill.zip
AVs: 4/36 (11.11%) es, fs, kas,



Hello rudolph (recipient's name), the document is attached. Password is 123.

X.W32/Heur.Eldorado.con_trct

Subject: Rent contract , Contract of settlements, Open an account

Attachment: Contract S 1.zip

AVs: 8/36 (22.22%) An, Au, eS, F-p, The, Tr, Web

Good morning,

We have prepared a contract and added the paragraphs that you wanted to see in it.

Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment. We are enclosing the file with the prepared contract.

If necessary, we can send it by fax.

Looking forward to your decision.

X.W32/AutoRun-Foto

Subject: FOTO YOUR GIRL

Attachment: Foto.zip

AVs: 15/37 (40.54%) An, Au, Av, Cl,F-p, F-s, GD, Ka, Mc, Pr, So, Sy, Th, Web

DIVINE RETRIBUTION

Dear friend.

I have a juicy PHOTO of your GIRLFRIEND. She has not satisfied some conditions of our agreement and I have to send you this photo as a revenge.

Enjoy!

Here is my phone number Tel. 942-604-93531. Now you can find me anytime.

Elnora Winston

X.W32/troj.pw

Subject: Important document for (recipient's name)
Attachment: Doc.zip
AVs: 4/36 (11.11%) fs, kas, nod,


Hello (recipient's name), the document is attached. Pass 123.

X.W32/troj.foto

Subject: DIVINE RETRIBUTION
Attachment: Foto.zip
AVs: 6/36 (16.67%) ant, aut, fp, mca, the, web


Dear friend.

I have a juicy photo of your girlfriend. She has not satisfied some conditions of our agreement and I have to send you this photo as a revenge. ENJOY!

Here is my phone number Tel. 492-136-07097 (phone number? varies). Now you can find me anytime.

X.Trojan.Spy.Goldun.ecrd

Subject: You have received an eCard

Attachment: ecard.zip

AVs: 17/36 (47.22%) An,Au,AV,Bit,Dr,eS,f-p,f-s,GD,Ik,Mc,No,So,Sy,Tr,VB, Web

Good day.

You have received an eCard

To pick up your eCard open attached file

We hope you enjoy you eCard.

Thank You!

X.W32/troj.instruct

Subject: Innovative income-generation system which YOU ordered
Attachment: Instruction.zip
AVs: 5/36 (13.89%) bit, gd, mca, nod, the



Dear Valued Customer,

Order ID: 36567 (number varies)
Order Total: $59.99
Description:

Innovative income-generation system

We are sending you the Unique Income Generation Toolkit (UIGT) developed by the Institute of Innovative Business and Financial Technologies (IIBFT), which you ordered on 9/21/2008.

Your unique UIGT activation code is: A379D3EC-84 (code varies)

Please take a look at the instruction and get acquainted with the activation system, which is strictly confidential.

Please find the list of the company’s addresses and phone numbers along with further information on UIGT in the enclosed instruction.
______________________________

If you believe this message has reached you by mistake, please contact the support service via phone or e-mail provided in the same instruction.

Respectfully,
Manager (IIBFT)
Earnestine Tapia (name varies)

X.W32.troj.ts

Subject:
The best photos for you
Great photos for you
Exclusive photos, you'll be happy
Really cool photos
Something exclusive
Attachment: tits.zip
AVs: 3/36(8.34%) for, nod, vir


Hi, old chap. (greeting varies)

Watch my tits!

Best Regards. (closing varies)

X.W32/Generic.zip.stmt

Subject: Your credit card transaction report
Attachments: Statement.zip
AVs: 3/36 (8.34%) Mc, No, The


Dear Valued Customer:ID: dmathewsAs requested, we are sending you this report on transactions with your credit card completed between 1/1/2008 and 9/1/2008.
Please find the account statement with the detailed list of the transactions attached to this message. You can view the document or print it out by simply saving the attached file to disk and opening it for viewing.

Please let us know if we can be of any further assistance.
At your service,Claude Saunders
Manager of Visa / MasterCardCredit Card

Services_______________________________________________If you believe this message was sent to you by mistake, please forward the identification number stated on the enclosed document to our customer service department.

X.W32/Generic.CNTR.zip

Subject:
Open an account
Loan Contract
Contract of order fulfillment
Rent contract
Record in debit of account
Attachment: contract.zip
AVs: 2/36 (5.56%) nod, the

Good afternoon, Dear Gentlemen, Greetings, Good day, Dear customers, Hello, Dear Sirs,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.

If necessary, we can send it by fax.
Looking forward to your decision.

X.Win32/Cutwail.W

Subject and Body:
Apple: The most popular game!
Play now!
Famous iPhone games!
Apple presents iPhone games!
Beet my score! (7000 points)!
Play iPhone on your PC today.
Apple presents iPhone games!
Virtual iPhone games!
Steve Jobs presents iPhone!
iPhone's most popular game!
Attachment: Penguin.Panic.zip
AVs: 3/36 (8.34%) nod, nor, vir

X.Sus/Behav-102, X.Sus/Behav-1021.v2

Subject: Re: Missing Package
Attachment: invoice.zip
AVs: 9/36(25%) ant, aut, bit, cat, fp, ik, sop, sun, web

Mr./Mrs. (name of Target)

I am sorry for this late reply, but we have good news.
We managed to track your package, and we have attached the invoice you asked for to this reply.

The invoice contains the correct tracking# , since the one you gave us was invalid.
You can use it on the ups website to track your shipment.

Thank you

John Henry
UPS Customer Care Department

***********************************************************************

I have recently used UPS to send a package to my cousin but he never received it.
Also , the tracking number doesn't check on the website, and I lost the invoice.
Can you forward me a copy?

Here you have the tracking# : 03073332100016836200

X.W32/Autorun.MFA!worm

Subject: Statement of fees 2008/09
Attachment: Fees_2008-2009.zip
AVs: 3/36(8.34%)

Please find attached a statement of fees as requested, this will be
posted today.

The accommodation is dealt with by another section and I have passed
your request on to them today.

Kind regards.

Nora

X.W32/troj.tube

Subject: Check this X-video! , Bathroom CamRip. , eX-eX-eX girlfriend! Watch my XXXs! ,
Attachment: tube.zip
AVs: 0/36(0%)

eX-eX-eX girlfriend! , Check this X-video!, Watch my XXXs!

X.Mal/EncPk-feez

Subject: Statement of fees 2008/09

Attachment: Fees-2008-2009.zip

Avs: 12/36 (33.33%)An, Au,Av, Dr, Es, F-p,Gd, Ik, So, The, Tr, Web

Please find attached a statement of fees as requested, this will beposted today.

The accommodation is dealt with by another section and I have passedyour request on to them today.

Kind regards.

Bernadine

X.Troj/Agent-HQM.joli

Subject: Really cool photos, Best photos for you, Great photos for you, Exclusive photos you'll be happy

Attachment: jolie.zip

AVs: 11/36 (30.56%) An, Avg, Cat, Cl, F-P, F-S, Ik, Ka, So, Sy, Web

Good morning, dear Friend.

Angelina Jolie Sexual Photos!!!
In your attachment...

Bye.

W32/troj.jkr

Subject: !VTEMAG!
Attachment: joker.zip
AVs:


PkdMail No message in body !

X.W32/Mal/EncPk-CZ9.12

Subject: Credit card account statement (Visa, MC)
Attachment: statement.zip
AVs: 4/36(11.12%) es, mcs, sop, tre


Dear Valued Customer:
ID: donm

As requested, we are sending you this account statement with information on the transactions carried out with your credit card between 1/1/2008 and 8/1/2008.

Please find the account statement with the detailed list of the transactions attached to this message. You can view the document or print it out by simply saving the attached file to disk and opening it for viewing.


Please let us know if we can be of any further assistance.

At your service,
Erich Pritchard

Manager of Visa / MasterCard
Credit Card Services

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you believe this message was sent to you by mistake, please forward the identification number stated on the enclosed document to our customer service department.

W32.trojZbot.gen!B.

Subject: La Poste colis postal
Attachment: poste.zip
AVs: 4/36( 11.12%) for, gd, mic, nod


Je vous salue,

malheureusement, nous avons manque de livrer le pli (votre colis postal), que vous avez envoyé le 1er septembre,
parce que l’adresse du Destinataire n’existe pas.
S'il vous plait, imprimez la facture envoyee en fichier joint a ce message, et venez chercher le pli
a notre office a l’adresse indiquee a la facture.
Consultant Delmer Longoria,

La Poste

X.Trojan.Win32.Goldun.int

Subject: Your internet access is going to get suspended

Attachment: user-EA49942X-activities.zip

AV's: 22/36 (61.11%) Au, An, AV, Avg, Cl, Dr,eS,eT,F-P,F-S,Fo,GD,Ik,Ka,NoD, Pa,Pr,So,Sy,Tr,Vb,Web

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating fromYou can check the report of your activities in the past 6 month that we have attached.

We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

SincerelyICS Monitoring Team

W32.W32.SillyFDC

Subject: Credit card account statement (Visa, MC)
Attachment: Abstract.zip
AVs: 14/36(41.18%) ant, aut, avg, es, fp, for, gd, kas, mca, sop, sym, the, tre, web



Dear Valued Customer:
ID: dawalters

As requested, we are sending you this account statement with information on the transactions carried out with your credit card between 1/1/2008 and 8/1/2008.

Please find the account statement with the detailed list of the transactions attached to this message. You can view the document or print it out by simply saving the attached file to disk and opening it for viewing.


Please let us know if we can be of any further assistance.

At your service,
Delbert Bliss

Manager of Visa / MasterCard
Credit Card Services

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you believe this message was sent to you by mistake, please forward the identification number stated on the enclosed document to our customer service department.

X.W32/!OC-based.nuke.Aust

Subject: A report on radiation contamination of Australia
Attachment: victims.zip
AVs: 4/36(11.11%) aut, cat, fp, mic


On Internet forums there appeared messages of a powerful explosion at a Australia nuclear power station located in the suburbs of Sydney.. According to witnesses’ statements the explosion happened at about 3 pm on the 9th of September. In particular, one resident of this town has made a call and had time to inform her relatives that connection in the town was being cut off in order not to let people phone somebody. She insists that the explosion really took place at the nuclear power station, and that it was a really powerful one, and now the radiation cloud is moving.
This information is being unofficially confirmed in public agents’ private conversations.

Besides, local residents place pictures of the explosion consequences and victims’ bodies in their blogs. The photo's attached to this email!
Send this email to your friends!

X.Trojan.Hijacker.start

Subject: How Moon sleeps! , Dare to see!, Stop that War!, Don't cry my girl!, Can't miss this., How Sun loves..., Stars are blind! Watch this., Tears from the Moon.

Attachment: Start.zip

AVs: 21/36 (58.34%)An, Aut, AVG, Bit, CAT, Cl, F-P, F-S, GD, Ik, Ka, Mc, Mic, NOD, So, Sun, Tr, VB, Viru, Web

Body: any one of the subject lines.

X.W32\Laposte.ZBot

Subject: La Poste colis postal
Attachment: Laposte.zip
AVs: 4/36(11.12%) aut, cat, fp, mic


Bon matin,

malheureusement, nous avons manque de livrer le pli (votre colis postal), que vous avez envoyé le 1er septembre,
parce que l’adresse du Destinataire n’existe pas.
S'il vous plait, imprimez la facture envoyee en fichier joint a ce message, et venez chercher le pli
a notre office a l’adresse indiquee a la facture.
Consultant Eileen Abbott,

La Poste

X.W32/Malware!OC-based.nuke

Subject:Reply: A report on radiation contamination of Canada

Attachment: Victims.zip

AVs: 4/36 (11.11%) Aut, Cat, F-P, Mic

On Internet forums there appeared messages of a powerful explosion at a Canada nuclear power station located in the suburbs of Ontario.. According to witnesses’ statements the explosion happened at about 3 pm on the 9th of September. In particular, one resident of this town has made a call and had time to inform her relatives that connection in the town was being cut off in order not to let people phone somebody. She insists that the explosion really took place at the nuclear power station, and that it was a really powerful one, and now the radiation cloud is moving.

This information is being unofficially confirmed in public agents’ private conversations.

Besides, local residents place pictures of the explosion consequences and victims’ bodies in their blogs. The photo's attached to this email!

Send this email to your friends!

X.W32\UPS.Invo-Zip

Subject: Problems with delivery
Attachment: ups_invoice.zip
AVs: 5/36(13.89%) aut, cat, fp, mic, sop



Unfortunately we were not able to deliver postal package you sent on September the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office

Thank you for your attention!
Your United Postal Service
http://www.ups.com

X.Troj.Win32.Zbot.cntrcts

Subject: Contract of retirement, Loan Contract, Rent contract

File: Contract_I2_9.2008.zip

AVs: 10/36 (27.78%) Ant, Aut, Avg, F-P, Ik, Mic, Nod, The, Viru, Web

Dear Gentlemen,

We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.

We are enclosing the file with the prepared contract.

If necessary, we can send it by fax.

Looking forward to your decision.

W32.Gen!Pac.8

Subject: Statement of fees 2008/09
Attachment: Fees_2008-2009.zip
AVs: 3/36(8.34%) nod, the, viru


Please find attached a statement of fees as requested, this will be
posted today.

The accommodation is dealt with by another section and I have passed
your request on to them today.

Kind regards.

Billie (name varies)

X.Trojan.Win32.FraudPack.track

Subject:UPS Tracking N_ 6364342622

File: TI87612.zip

AVs: 5/36 (13.89%) F-S, For, Gd, Ka

Unfortunately we were not able to deliver postal package you sent on September the 1st in timebecause the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office

Your UPS

X.Trojan.Win32.FraudPack.bnk

Subject: I received a message from your bank
Attachment: BANKS_DETAILS.zip
AVs: 5/36(13.89%) fs, for, gd, kas, nod


Greetings!

Yesterday I received a message from your bank with your account statement.
I don’t need problems with the police because of your bank’s error!!!
Please contact your bank and ask them to not mistakenly send me your personal data to me.
For the proof of my non-participation in obtaining your personal data, I am attaching the copy of the message containing your account statement which I had received via e-mail!!!!
You must print the copy of the message and pass it on to the bank, so that they wouldn’t mistakenly send me your personal bank account data.

X.W32\IPLOGS.Zbot

Subject: I am wait your reply
Attachment: IPLOGS.zip
AVs: 6/36(16.67%) aut, fp, fs, kas, mic, sop


To Whom It May Concern:

I am tired of receiving messages containing malicious computer programs (viruses) from your e-mail address!!!
If within 1-2 days you do not stop sending messages to my e-mail address, I will have to address this issue to the Police!...
Today I received a hard copy of your data logs from my Internet service provider. The copy contains your IP address, logs of sending malicious programs and your e-mail address details...
I am sending you the copy of the document containing your data and logs of sending malicious programs as the proof of your fault!!!!!!
You must print the document containing the list of your data and logs of sending malicious programs and pass it on to your Internet service provider with, so that they could find out why the viruses are sent from your computer to my e-mail address!!!!

Ask your Internet service provider to resolve this problem!!!!

Do this now!!!
Once again!!! If you don’t stop sending the letters, I will address to the Police and file a lawsuit against you!!!

X.W32\zip-dobleextensionETIX

Subject: Your Online Flight Ticket N 00351
Attachment: eTicket_K2.zip
AVs: 3/36(8.34%) nod, the, vir


Good afternoon, (greeting varies)
Thank you for using our new service "Buy flight ticket Online" on our website.
Your account has been created:

Your login: promotions@commissionmonster.com.au
Your password: passJ7M9

Your credit card has been charged for $679.24. ($600 amount varies)
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Delta Air Lines (airline varies)

X.Worm.W32.AutoRun.fees

Subject: Statement of Fees 2008/09

File name: Fees_2008-2009.zip

AVs: 19/36 (52.78%)

seen by: Ant, Aut, AVG, Bit, CL,DR,F-P,F-S,For,GD,Ik,KA,MIC,PR,SO,SYM,Viru,WEB

Please find attached a statement of fees as requested, this will beposted today.

The accommodation is dealt with by another section and I have passedyour request on to them today.

Kind regards.

Javier

X.W32/Malware!OC-based

Subject Western Union MTCN #8399105193 (number varies)
Attachment FED655812.zip
AVs 3/36(8.33%) aut, fp, mic

Hello!

Attention! The wire sent to Vladimir Kirkorov, Moscow, Russia has been blocked by our security service.

Your credit card issuing bank has halted the transaction by the demand of the Federal Criminal Investigation Service (case No. 98934 since the recipient has been undergoing the international retrieval by the InterPol.

Please contact the closest Western Union office and make sure you have your ID card, the credit card that was used for making the payment, and the invoice file with you.

(The invoice file is attached to this message; please print it out and hand it to our agent.)

You can find the address of the closest Western Union agent on our website at www.westernunion.com
Thank you!

X.W32\troj.click2

Subjects/Bodies: Stone crazy!, Freak phantom!, Shot!, Hot!, POpular Reality Network O!, Sharp!, GirlsAloud!, Bitch!, Kcuf!, Click and watch zTube!, Come get some!, Get some young meat!
Attachments: click2.zip
AVs: 15/36(41.67%) ant, aut, avg, bit, cat, cla, fp, ik, mca, mic, sop, sun, tre, vir, web

X.W32\troj.click

Subjects/Bodies: Stone crazy!, Freak phantom!, Shot!, Hot!, POpular Reality Network O!, Sharp!, GirlsAloud!, Bitch!, Kcuf!, Click and watch zTube!, Come get some!, Get some young meat!
Attachments: click.zip
AVs: 16/36(44.44%)* ant, aut, avg, bit, cla, dr, fp, ik, mca, mic, sop, sun, tre, vba, vir, web

X.FedEx.7631233

Subject: Fedex Tracking N*4947569353
Attachment: inbox.gif, RA7631233.zip
AVs: 2/36(5.56%) nod, vir


Error! No JavaScript in your browser!

X.W32\Troj/Agent-HPK

Subject: Fedex Tracking N*7851328020 (number varies)
Attachment: inbox.gif, TR877123.zip
AVs: 9/36 (25%) * bit, fs, for, gd, kas, mic, nod, nor, vir

Error! No JavaScript in your browser!

X.Troj/Agent.trackerz

Subject: Subject: Fedex Tracking N*0868339978

Files:
TR768212.zip(59)KB
inbox.gif (8733)B
AVs: 5/36 (13.89%)

Messages body:

Error! No JavaScript in your browser!

X.W32/Zbot.BBU2

Subject: Fedex Tracking N*9507021518 (number varies)
Attachments: Fedex_TR.zip, inbox.GIF
AVs: 4/36(11.12%) gd, mic, nod, nor


Error! No JavaScript in your browser!


Body in Gif File:

X.W32\Trojan.Crypt.EE

Subject: Statement of fees 2008/09
Attachment: Fees_2007-2008.zip
AVs 3/36(8.34%) bit, nod, the

Please find attached a statement of fees as requested, this will be
posted today.

The accommodation is dealt with by another section and I have passed
your request on to them today.

Kind regards.

Alberta

X.W32\Agent-HNY

Subject:    She wants her friend!

Attachment:   LateNight.rar

AVs:   13/36(36.12%) ant, aut, bit, cat, cla, fp, ik, mic, sop, tre, vba

Goddess of love! Video attached. 

X.Airmail.POC8

Subject: Airmail Tracking number #7676472 (number varies)
Attachment: 43812621.zip
AVs: 5/36(13.89%) - fs, for, gd, kas, nod

Unfortunately we were not able to deliver postal package you sent on August the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your support invoice number #9840329315578678

AIRMAIL EXPRESS

X.Airmail.POC6

Subject: Airmail Tracking number #1168589 (number varies)
Attachment: 5322412.zip
AVs: 5/36(13.89%) - aut, ik,mic, pan, sop

Unfortunately we were not able to deliver postal package you sent on August the 1st in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your support invoice number #5872710957793745

AIRMAIL EXPRESS