<6_pab.144212$ snipped-for-privacy@bgtnsc04-news.ops.worldnet.att.net>
I delete all attachments. Like I said, maybe, maybe not related. I dont fool with them. When they hit my mailbox they're out of there unless I'm expecting one. I've never heard of microsoft sending e-mails for critical updates. If they did that the internet would shut down from the overload. LOL!!! Who ever it was sent four.
I'm now being bombarded with attachments from the following address. Would the regulars here please help me fight this? This happened when I responded to Rich. Here is the IP, 68.47.119.218 as explained through this trace.
BTW, this has never happened before.
I try to use my real address out of respect to others. I think I may change this now. It's a shame. These attachments are eating up my bandwith:
(InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP id <20030918230118.CMSG27490.mtiwgwc19.worldnet.att.net@mtiwgwc19> for snipped-for-privacy@worldnet.att.net>; Thu, 18 Sep 2003 23:01:18 +0000
127.0.0.1 discardedReceived: from mtiwgwc19.worldnet.att.net ([127.0.0.1]) by mtiwgwc19.worldnet.att.net (InterMail vM.5.01.05.12 201-253-122-126-112-2002
0820) with ESMTP id snipped-for-privacy@mtiwgwc19.worldnet.att. net> for snipped-for-privacy@worldnet.att.net>; Thu, 18 Sep 2003 22:53:01 +0000 127.0.0.1 discardedReceived: from rwcrmhc13.comcast.net ([204.127.198.39]) by mtiwgwc19.worldnet.att.net (mtiwgwc19) with ESMTP id <2003091822530001900smkmre>; Thu, 18 Sep 2003 22:53:00 +0000 Possible spammer: 204.127.198.39 Received line accepted
Received: from rnkpk (pcp05175274pcs.martnz01.ga.comcast.net[68.47.119.218]) by comcast.net (rwcrmhc13) with SMTP id <2003091822520701500h5thje>; Thu, 18 Sep 2003
22:52:10 +0000 host 204.127.198.39 (getting name) = rwcrmhc13.comcast.net. host rwcrmhc13.comcast.net (checking ip) = 204.127.198.39 204.127.198.39 not listed in dnsbl.njabl.org 204.127.198.39 not listed in proxies.blackholes.easynet.nl 204.127.198.39 not listed in dnsbl.sorbs.net ips are close enough 204.127.198.39 is close to an MX (204.127.198.26) for comcast.net Possible spammer: 68.47.119.218 68.47.119.218 is not an MX for pcp05175274pcs.martnz01.ga.comcast.net host pcp05175274pcs.martnz01.ga.comcast.net (checking ip) = 68.47.119.218 Possible relay: 204.127.198.39 204.127.198.39 not listed in relays.ordb.org. 204.127.198.39 has already been sent to relay testers Received line acceptedTracking message source: 68.47.119.218: Routing details for 68.47.119.218 [refresh/show] Cached whois for 68.47.119.218 : snipped-for-privacy@comcast.net Using abuse net on snipped-for-privacy@comcast.net abuse net comcast.net = snipped-for-privacy@comcast.net Using best contacts snipped-for-privacy@comcast.net Yum, this spam is fresh!
68.47.119.218 not listed in dnsbl.njabl.org 68.47.119.218 not listed in dnsbl.njabl.org 68.47.119.218 not listed in proxies.blackholes.easynet.nl 68.47.119.218 not listed in dnsbl.sorbs.net 68.47.119.218 not listed in relays.ordb.org. 68.47.119.218 not listed in query.bondedsender.orgPlease make sure this email IS spam: From: "message system" snipped-for-privacy@bigfoot.com (Mime-Version: 1.0) Content-Type: text/html Content-Transfer-Encoding: quoted-printable View full message
Report Spam to:
Re:68.47.119.218 (Administrator of network where virus originates) To: snipped-for-privacy@comcast.net (Notes)
Re:68.47.119.218 (Third party interested in email source) To: Cyveillance spam collection (Notes)>>
There's another nasty network worm in circulation, claiming to be a Microsoft software update or a returned message or several other things. It's dumped about 20MB of data into my mailbox so far, and the spamfilters are just starting to recognize and block it.
Basic advice: No matter who it claims to be from, do not install ANYTHING that arrives unsolicited. Do not trust links that appear in e-mail either. If you want to check for Microsoft updates, hit their official update webserver DIRECTLY.
(I've installed an industrial-stength firewall. Paranoia is not enough.)
in 4 hours, got 40-50 copies of it... a 104KB exe file... has LOTS of names... all bad...
--Shiva--
Glen
I am also getting bombarded with the same type of E-mails so I think it my be co-incidence that this is happening to you at this point.....
Leon Rowell
Glen Co>>
I also have been sent about 20 of these e-mails. It seems to be that the list to send these to must have something to do with this newsgroup. But I could be incorrect in this. I checked with macfee and it is a virus. I did not open the attachment and have scanned my computer and I am not infected.
Thank you,
Ed Jasper
got another hundred this afternoon... my ISP says its NOT just me, but everyone on their server, seems to be coming from LA and Chicago. and also seems to be pretty well across the board.
--Shiva--
I blocked attachments from coming in. Got about 60 or 70 in the last 24 hours.
yep, its a virus. run this Fix Tool for W32.Swen.A@mm
Please note we have received an increased number of incidents relating to a mass-mailing worm that poses as a legitimate email from Microsoft Windows Update. Please note that this is indeed a worm and NOT a security patch from Microsoft.
Information on this worm including removal instructions can be found at
No, It's not a reader of the group per se, though one of our fellow readers could be infected. The virus connects to NNTP sites and harvests mail addresses from usenet posts. See the Mcafee ADVERT site and search for the W32/Swen@MM virus.
I've gotten them from all over the world. I am now getting helpful messages in spanish or portugese from spam scanners at ISPs saying that they have cleaned a message for me.
I manage mail servers for a large company, and they have only recieved a few messages, so you are more likely to get more hits from this virus if you post frequently. I post a lot :-) My wife never posts and has received none.
Please, patch your systems if you use microsoft products but don't EVER click on an attachment from someone claiming you be your ISP or microsoft. Download the patches yourself and then click on it.
Daniel
getting hit suddenly.
their machine is
visit the Trend
our fellow
sites and harvests
site and search
getting helpful
ISPs saying that
only recieved
from this virus
posts and has
but don't EVER
ISP or microsoft.
all the more reason to spoof your email address (especially on usenet)
g'day
Within the past day or so I remember reading that e-mails such as you describe are utilized by the latest worm. I believe it was in a Symantec (who I subscribe to) security bulletin.
The emails are likely originating from someone who has you in their address book. The from e-mail address portion of the header will be forged.
Didn't know that's how this one was spreading. Disregard what I just posted.
Did'nt you forget lipstick??-LOL
Just didn't want to mention it. I only use the manley shades though so it's okay.<g>
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.