If anyone gets an email from an @trailvoy.com address with any attachments, DELETE IT. So far they have all included attachments

They will appear to be coming from the TRAILVOY MAIL SERVER BUT THEY ARE NOT.

A few email subjects were:

Your password has been updated
Email account suspension
You have successfully updated your passwordThey appear to be coming from:

admin@trailvoy.com
service@trailvoy.com
register@trailvoy.com
mail@trailvoy.comSPOOF EMAIL EXAMPLE #1


Dear Trailvoy Member,


Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.

If you choose to ignore our request, you leave us no choice but to cancel your membership.

Virtually yours,
The Trailvoy Support Team


+++ Attachment: No Virus found
+++ Trailvoy Antivirus - www.trailvoy.com (http://www.trailvoy.com)



SPOOF EMAIL EXAMPLE #2



Dear Trailvoy Member,

We have temporarily suspended your email account advertising@trailvoy.com.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Trailvoy account.
Sincerely,The Trailvoy Support Team


+++ Attachment: No Virus (Clean)
+++ Trailvoy Antivirus - www.trailvoy.com (http://www.trailvoy.com)




SPOOF EMAIL EXAMPLE #3


You have successfully updated the password of your Trailvoy account.

If you did not authorize this change or if you need assistance with your account, please contact Trailvoy customer service at: admin@trailvoy.com

Thank you for using Trailvoy!
The Trailvoy Support Team


+++ Attachment: No Virus (Clean)
+++ Trailvoy Antivirus - www.trailvoy.com (http://www.trailvoy.com)


I am sure that there are more, but remember, they are NOT coming from the TRAILVOY.COM EMAIL SERVER. JUST DELETE THEM AND DO NOT DOWNLOAD ANY ATTACHMENTS.



Notice the misspelled words "Submiting" and "innability" in Example #2. What a dummy! :laugh:

This is typical virus behavior. The payload attachment if you allow it to take hold, will allow the system to be used later by a zombie botmaster.

One such goofball was just taken down by the FBI:
http://online.securityfocus.com/news/11353

Very odd that trailvoy was baked into the virus as one of its "human engineering" stories, though.

Freaking idiots with nothing better to do. Thanks for the heads up Tommy.

Thanks for your efforts to keep your family safe chief! :)

No problem. Just so everyone knows, any automated email that comes from the forum...DOES NOT, NEVER HAS, and NEVER WILL contain any attachment(s).

Safe Automated emails are sent out when:

someone registers (must respond to activate the account)
resets a forgotten password
receives a PM (optional setting)
receives a comment in their gallery
subscribes to a thread that receives a new postThere a few more reasons, but those listed above are the most common. These emails are ok. THEY WILL NOT CONTAIN AN ATTACHMENT IF THEY TRULY COME FROM THE TRAILVOY MAIL SERVER.

I only use admin@, payments@ and advertising@ , so the ones that come from anyone else @trailvoy.com are definitely SPOOFS.

So far, I am the only one that has received these SPOOF emails. Please report it here if you have also.

Thanks,

Search results for: 24.75.55.35TelCove, Inc. ABS-CLEC (NET-24-75-0-0-1 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-24-75-0-0-1)) 24.75.0.0 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=24.75.0.0) - 24.75.111.255 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=24.75.111.255)Joe Basil Chevrolet, Inc. ACC-BFLO-BASIL (NET-24-75-55-32-1 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-24-75-55-32-1)) 24.75.55.32 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=24.75.55.32) - 24.75.55.39 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=24.75.55.39)


ANYONE HERE WORK FOR Joe Basil Chevrolet, Inc in NY ???

Tommy, Thanks for the heads up...I haven't received an email (yet) but now I know and knowing is half the battle! ;) ;)

ANYONE HERE WORK FOR Joe Basil Chevrolet, Inc in NY ???lets ddos them.. we've got plenty of members

lets ddos them.. we've got plenty of members

Oh, come on. :mad:

They probably have an idiot infected with a virus, and you're advocating committing a federal crime to teach them a lesson? I would give 'em a call, along with their provider.

Oh, you're not serious. OK. Carry on. :duh:

Yeah... watch out... I have been getting some imitation "paypal" ones.

Yeah... watch out... I have been getting some imitation "paypal" ones.

yeah everyone knows to watch out for them

but this trailvoy one is weird.

ddos him!!!

did a google and found this:

IPLU: 24.75.91.195


TelCove, Inc. ABS-CLEC (NET-24-75-0-0-1)
24.75.0.0 - 24.75.111.255
Hampton Inn ACC-CHVL-HINN (NET-24-75-91-192-1)
24.75.91.192 - 24.75.91.223

http://iplu.com/ip/24.75.91.195

does that mean he/she satyed at the hampton???

did a google and found this:

IPLU: 24.75.91.195


TelCove, Inc. ABS-CLEC (NET-24-75-0-0-1)
24.75.0.0 - 24.75.111.255
Hampton Inn ACC-CHVL-HINN (NET-24-75-91-192-1)
24.75.91.192 - 24.75.91.223

http://iplu.com/ip/24.75.91.195

does that mean he/she satyed at the hampton???
Um, where did you get that IP from, thats not the one in question... :no:

I have seen this same phrase in other phishing emails - "...please take 5-10 minutes out of your online experience and confirm the attached document...". My "online experience", yeah, right.

When ever I get one about Paypal I forward it immediately to "spoof@paypal.com", likewise with eBay and Citi bank. They have addresses to forward bogus emails. NEVER reply back or click on anything in those emails!

I have spoken with the VP of Internet sales from Joe Basil Chevy. They are aware of the situation and are currently tracking down the computer(s) on their network that have the virus.

They have been very helpful and have responded quickly to this matter. This is completely unintentional. One of their users bookmarked our site and the virus took over from there by sending Spoof emails that appeared to be coming from TrailVoy.com.

No worries, just remember to delete any email from TrailVoy that has an attachment.

Thanks,

The VP of Joe Basil Chevy just emailed me with the name of the worm/virus that their machine is infected with.

Check it out...the email subject are identical.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FMYTOB%2ELF&VSect=T

Glad to know that you've already got it figured out Tommy! Thanks again for the great site!