View Full Version : New scam to watch out for:

Billy T
19-05-2004, 10:37 AM
Hi Team

I have received a few of these emails recently, each time getting a little more professional and convincing. They may be genuine, but the country of origin screams scam!

The hook will probably be the deposit you have to send to clear your first shipment, and the ongoing requests for extra moolah to deal with "unforseen" customs issues etc etc.

Makes a change from distressed Nigerian gentlewomen, concerned Bank Managers with unclaimed deposits, and the bereft families of African dictators though.:D


Billy 8-{) :|

Company Slim Display corp. is the seller of plasma TVs,
and also the representative of the
largest manufacturers of electronics in Pacific region. We
are engaged in sales of TVs and
accessories to them within 3 years. At the moment our
company has departments and physical
representatives more than in 22 countries of the world,
such as Northern and Southern America, France, Germany,
Austria, Italy, etc.
We plan to push up sales therefore we search for
commercial representative in Australia and New Zealand.

Work of the sales representative will be to advertise our
production, to advise the consumer,
to arrange seminars in the advertising purposes and to
accept internal bank transfers from our
clients with the subsequent sending to one of our legal
representations via Western Union Money Transfer or Money
Gram (we will pay all fees for WU and MG services).

Skill to find the approach to the client, Experience in
sphere of trade, representation.
Skill to organize seminars and to do reports.
Experience in sphere of the finance.
Experience of conducting own business connected to sales.

Payment of the sales representative makes 7% from amount
of payment of the client and 4% for purchase through the
bank account of the agent. We shall notify, in what bank
you should open new account for work with us. Payment of
seminars and other actions is stipulated separately.

About US
Slim Display corp. brought in the Official Companies
Register of Estonia.
Our OCR# VU639576100004214.
Please contact to OCR office for specification of our
position in OCR.
Contact info: +37251905320 (voice/fax) mailto:

If you correspond to requirements or consider that can try
yourself in this business, send us
request and we shall mail you Registration Form of the
Please visit our website for more information:


Thank you for reading this document.

Slim Display corp.

19-05-2004, 12:26 PM
Gotta be a scam!

Just went to their website and straight away my McAfee poped up saying it had deleted 2 viruses!
Doing a refresh of the home page brings the warning up again so watch out!

Billy T
19-05-2004, 12:37 PM
> Just went to their website and straight away my
> McAfee poped up saying it had deleted 2 viruses!
> Doing a refresh of the home page brings the warning
> up again so watch out!

That's interesting CYaBro, I checked the website too, in fact I have checked it each time a "new and improved" offer came in and I received no virus warnings at all. Subsequent scans didn't pick anything up either.

I use Nortons and am behind a Nat router + Zone Alarm (Belt and Braces):D but I would have thought I'd get the same result as you.

Now I'm wondering what vulnerability allows a website to download a virus without it being detected.:(

Can you recall what the virus alerts were?


Billy 8-{)

19-05-2004, 12:50 PM
I am behind a NAT router, and McAfee stops them dead here as well.

Its not a virus, but a trojan


Billy T
19-05-2004, 12:53 PM
If anybody is interested, a full breakdown analysis of the scam is available Here. (http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=index&catid=&topic=5) It is the second report on this page.

The site is worth bookmarking for times when you feel the need for a reality check on greed and avarice.

Used-Car salesmen have been relegated to the minor leagues.:D


Billy 8-{)

19-05-2004, 12:54 PM
Using Internet explorer V6.0.2800.1106 I get 2 virus warnings but using Opera 7.5 I only get it once.

It detects it as Exploit.MhtRedir.gen and type is a Trojan.

I am using Win2000 SP4 with all latest security patches and networked behind a NAT ADSL router and IPCop firewall/router.

Info on it here (http://vil.nai.com/vil/content/v_101033.htm)

Billy T
19-05-2004, 12:55 PM

Should I read that to say I'm at risk because of the non-detection Godfather, or is there another less scary interpretation?


Billy 8-{)

19-05-2004, 01:31 PM
Here is another scam which you may find interesting:

Google Swindle

Mr. Shamoon Rafiq from Holland blew into town a few months ago claiming to
be an old college pal of the founders of Google and to have access to a
"family and friends" special $12-a-share preferred stock offering which,
just for you, he would share in return for cash up front wired directly to
his account. A number of unsophisticated hicks were taken in by this: rubes
like "a lawyer for a European telecommunications company, an investment
banker, a senior brokerage executive, and the chairman of a global
telecommunications firm", who promptly gave him over half a million on faith
and greed. And what did the Dutchman do with the funds? He prudently
invested them "in a three-month spree of five-star hotels, expensive
restaurants and Atlantic City gambling" which included numerous $100 tips to
waiters and the like. Alas, the investment banker developed a belated
attack of common sense and began to make inquiries into his expected
profits; Mr. Rafiq now has another deal called a "plea bargain" which
includes about five years of less-stellar accommodations at government

Link: http://engaged.well.com/engaged/engaged.cgi?c=pre.vue&f=0&t=67

There is one born every day it seems.


19-05-2004, 01:35 PM

Sorry about the link but it still seems to work. Scroll down the page to find the item.


Jim B
19-05-2004, 01:49 PM
If someone is stupid enough to supply their bank account number how do they manage to transfer funds from that account without the permission of the owner.

19-05-2004, 01:59 PM
> Should I read that to say I'm at risk because of the
> non-detection Godfather, or is there another less
> scary interpretation?

Looks like the same one you posted about recently?

But, I recommend that you remove all HDD, and ultrasonic clean them for 1 hour in dettol 10% solution. Then run all AV tests while still wet. Then reformat and reload Windows. Then buy a new PC, bury the old one.

Should fix it?

Billy T
19-05-2004, 02:07 PM
LOL Gf :^O

You are right though, it does sound like my earlier post but the name of the file is different. Remember NAV picked that up and 86'd it without any human intervention.

As a precaution I ran a NAV scan & spybot while I had lunch, and both came up clean. It looks like that Trojan only affects users of Outlook Express anyway. I have OE, but don't use it, however just having it installed may be enough. The MS website was not exactly clear on that point.


Billy 8-{) :|

19-05-2004, 05:23 PM
Just more of your typical spam.