From: NETIDEA WEBMAIL ACCOUNT <nana@cebridge.net>
Subject: ACCOUNT UPGRADE / MAINTENANCE. REPLY BACK.
Reply-To: nana@cebridge.net
Date: Fri, 18 Jun 2010 08:31:18 -0400

We are currently performing maintenance for all our NETIDEA CUSTOMERS
WEBMAIL ACCOUNT. We intend up grading our WEBMAIL Security Server for
better online services. In order to ensure you do not experience service
interruption, Please you must reply to this email immediately and enter
your password here () and username (). Check out your new features and
enhancements with your new and improved webmail account, To enable us
upgrade your mail Account for better online services please reply to
this mail. Thank You for Using our WEBMAIL ACCOUNT.

The first one contains a link to a suspicious settings.exe file. The link below has been modified to prevent problems, you do not want to download that file.

From: "netidea.com support" <abolishingsn@rivieramail.com>
To: <nobody@netidea.com>
Subject: netidea.com account notification
Date: Mon, 26 Apr 2010 20:25:03 +0800

Dear Customer,

This e-mail was send by netidea.com to notify you that we have temporanly prevented
access to your account.

We have reasons to beleive that your account may have been accessed by someone else.
Please run this file and Follow instructions:

http://mailservicessss DOT bravehost DOT com/settings DOT exe

(C) netidea.com

The second includes an attached PDF file (doc.pdf) that is infected with a virus:

From: "customersupport@netidea.com" <customersupport@netidea.com>
To: <user@netidea.com>
Subject: setting for your mailbox are changed

SMTP and POP3 servers for user@netidea.com mailbox are changed. Please carefully read
the attached instructions before updating settings.

<doc.pdf>

Is Monday over yet?

Date: Tue, 01 Dec 2009 06:29:36 +0800
From: "Net Idea Telecommunications Inc." <webmaster@netidea.com>
Reply-to: supportdesk@programmer.net
To: undisclosed-recipients:;
Subject: EMAIL UPGRADE NOTICE!!!

Account Department!

Net Idea Telecommunications Inc.

Upgrade/Maintenance All netidea.com Email Accounts

We regret to announce to you that we will be making some system maintenance on
our netidea.com Webmail account. During this process you might have
login problems in signing into your netidea.com Webmail account, but to
prevent this you have to confirm your account immediately after you
receive this notification.

To confirm and to keep your netidea.com webmail active during and after
this process, please reply to this message with the below netidea.com
Webmail account information. Failure to do this might cause a permanent
deactivation of your netidea.com Webmail account from our data base to
enable us create more spaces for the 2009 session.

Send your netidea.com Webmail account for confirmation stating:

* netidea.com ID:
* Password:
* Date of Birth:

Your account shall remain active after you have successfully confirmed
your account details. We thank you for your prompt attention to this
notification.

Please understand that this is a security measure intended to help protect
your netidea.com Webmail account.

We apologize for any inconvenience.

Net Idea Telecommunications Inc.
ACCOUNT SUPPORT

We will never email you to ask for your password. Ever.

Here are some samples:

Subject: We Want To Deactivate Your e-Mail Account.
From: "e-Mail Technical Services."
Reply-To: rest777@att.net

Dear e-Mail  User,

We are advising you to change the password of your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated that all Mailhub systems will
undergo regularly scheduled maintenance. Access to your e-mail via the
Webmail client will be unavailable for some time during this maintenance
period.

We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth  **************)
Future Password  **************)(Option)

Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.

We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

COMFIRMATION CODE: -/93-1A388-480 Technical Support Team.

Subject: We Want To Deactivate Your e-Mail Account.
From: "e-Mail Technical Services."
Reply-To: rest777@att.net
Dear Email  User,

We are advising you to change the password of your email account in order
to prevent any unauthorised account access following the network
instruction we previously communicated that all Mailhub systems will
undergo regularly scheduled maintenance. Access to your e-mail via the
Webmail client will be unavailable for some time during this maintenance
period.

We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be deleting old email accounts which are no longer
active to create more space for new accounts users.we have also
investigated a system wide security audit to improve and enhance our
current security.

In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.

To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.

Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth  **************)
Future Password  **************)(Option)

Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed your account details
to us.

We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing
more technology which revolves around email and internet.

It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

COMFIRMATION CODE: -/93-1A388-480 Net Idea Technical Support

-------- Original Message --------
Subject:   new account agreement
Date:       Fri, 6 Nov 2009 13:10:31 -0400
From:       Facebook 

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account
agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will
have restricted.

Please unzip the attached file and run "agreement.exe" by double-clicking it.

Thanks,
The Facebook Team

Confirmation Code #: 32053307564

------- Original Message --------
Subject: 	updated account agreement
Date: 	Fri, 6 Nov 2009 10:55:36 -0500
From: 	Facebook 

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account
agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will
have restricted.

Please unzip the attached file and run "agreement.exe" by double-clicking it.

Thanks,
The Facebook Team

Confirmation Code #: 43986921154162

My virus scanner shows its version 483 of the same virus.

Sincerely,
Kirk Ismay

-------- Original Message --------
Subject: A new settings file for the username@netidea.com has just been released
Date: Mon, 19 Oct 2009 09:29:44 -0500
From: support <username@netidea.com>
To: <username@netidea.com>

Dear user of the netidea.com mailing service!

We are informing you that because of the security upgrade of the mailing
service your mailbox username@netidea.com settings were changed. In order
to apply the new set of settings open zip attached file.

Best regards, netidea.com Technical Support.

As always, never open an unexpected file, whether it comes from email or instant message. If it appears to be from someone you know, call or text them to verify that they really did send it to you.

Sincerely,

Kirk Ismay

-------- Original Message --------
Subject: Conflicker.B Infection Alert
Date: Mon, 19 Oct 2009 09:29:44 -0500
From: Microsoft Windows Agent <username@netidea.com>
To: <username@netidea.com>

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft
customers unusually rapidly. Microsoft has been advised by your
Internet provider that your network is infected.

To counteract further spread we advise removing the infection
using an antispyware program. We are supplying all effected Windows
Users with a free system scan in order to clean any files infected
by the virus.

Please install attached file to start the scan. The process takes
under a minute and will prevent your files from being compromised. We
appreciate your prompt cooperation.

Regards,

Microsoft Windows Agent #2 (Hollis)
Microsoft Windows Computer Safety Division

These types of messages should be deleted on sight. If you’ve given them your password, change it immediately using the ‘Account’ button at the top of our web page.

Sincerely,
Kirk Ismay

Dear user of the netidea.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (username@netidea.com) settings were changed. In order to apply the new set of settings click on the following link:

http://netidea.com/owa/service_directory/settings.php?email=username@netidea.com&from=netidea.com&fromname=username

Best regards, netidea.com Technical Support.

Sincerely,
Kirk Ismay

    VERIFY YOUR "netidea.com" EMAIL ACCOUNT.

Dear netidea.com Email Account Owner,This message is from netidea.com messaging
center to all netidea.com email account owners. We are currently upgrading our
data base and e-mail account center. We are deleting all unused netidea.com
email account to create more space for new accounts. To prevent your account
from closing you will have to update it below so that we will know that it's a
present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username: ...............
EMAIL Password: ................
Date of Birth: .................
Country or Territory:...........

Warning!!! Account owner that refuses to update his or her account within Seven
days of reading this warning will lose his or her account permanently. Thank
you for using netidea.com!

Warning Code: VX2G99AAJ

Thanks,
netidea.com Team