OT Gremlins have been busy!

Booted up tonight after putting in a day of work on the house we're building. Waiting for me were 67 messages, 28 of which were virus infected. Our ISP traps them, but we get a report along with anything that wasn't deleted. Along with the messages were three from other ISP's suggesting that I am sending mail that is infected, that I should attend to my computer before re-sending the messages, which they had deleted. Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"?

Harold

Reply to
Harold & Susan Vordos
Loading thread data ...

of which were commercial establishments. Anyone out there having the same "good luck"? Booted up tonight after putting in a day of work on the house we're

Reply to
Keith Marshall

I first heard about this virus yesterday and first thing today I was deleting a good 15 (out of a total 45 or so, 98% spam). Between 3 and 8pm earlier today I remember I got 9 (out of 15 messages I think).. This thing must be hitting hard!

Tim

Reply to
Tim Williams

formatting link
snipped-for-privacy@mm.html

After reading of your experience, I'll hold my whining for something more serious! I can't even begin to imagine receiving that many messages, let alone that many bad ones!

Thanks for the link, Keith. I guess the one good thing is the virus will die a natural death eventually (September 10th). Mean time, I keep my delete key ready to go!

Harold

Reply to
Harold & Susan Vordos

Unfortunately, some of these virus checkers don't really have a clue. They detect the virus in an email (sent by the virus) and then take the absurd leap that the From: line (set by the virus) is true, and mail the 'originator' about it.

You can't really trust email headers, unless you know just how to read them for your ISP, and all the ISPs that the message passed through. It's near impossible for software to do this.

Reply to
Ian Stirling

Oops, hit the send key before I typed anything. It's been a busy couple of days. :-)

I just hit 2994 copies but I've setup Outlook to move them all to a special folder so I don't really have to do anything for now. I'll leave them so I can keep a running total of how many I've received and then I'll delete them when it stops... if it ever does. :-)

Best Regards, Keith Marshall snipped-for-privacy@progressivelogic.com

formatting link
snipped-for-privacy@mm.html

Reply to
Keith Marshall

Of course. The virii pick up not only the addresses of new potential victims from the current victim's e-mail collections (address books, unread e-mail, unread news articles, etc), but also the address to forge as the "From: " headers. I've gotten several, and I *know* that these virii can't run on my unix systems, so they can't be infected. (This does not say that it is impossible to write a virus for a unix system, but it is more work, and fewer victims, so in general, they don't bother.)

The victim who is sending these is probably a reader of the rec.crafts.metalworking newsgroup, whether active or a lurker, which explains how your address (and mine) came to be used.

You *do* have all the security patches up to date, don't you? Not the ones from two days ago, but from *today*? (Microsoft has opened new holes with some of the patches closing the old ones, so staying up-to-date will help. Using a non-Microsoft OS will help a lot more. :-)

I've added about a half-dozen IP addresses of infected machines to my blocklist, to slow down the flow that I've been getting. As a result, I've not been getting them direct, but the bounces from ISPs who filter out virii show the same IP addresses that I'm blocking as the source (with my e-mail address forged).

The virus will usually send out a number under one forged "From: " address, then move on to the next.

Good Luck, DoN.

Reply to
DoN. Nichols

[ ... ]

:-)

Note that when it expires, they release a new version. I believe that these things are being used to install backdoors in victimized systems which can be used by spammers to send out their spam floods, and bring the retribution down on the heads of the victims, not the spammers. While there is no proof, I think that the spammers are using the virus writers as hired help.

It was interesting that for a few days following the power outage, (which lasted longer in the area of a known spammer), almost all of the spam relayed through systems in China, Korea, etc dropped off. It would seem worthwhile to continue the outage in one very narrow area. :-)

Enjoy, DoN.

Reply to
DoN. Nichols

Spent last night checking the anti-virus updates on the 6 micro$oft machines in the house and checking log files on the two linux machines. Didn't find any infections but felt good about the work I'd done. At work, one of our sites took themselves of the Wide Area Network yesterday because the had been got :-(

Mark Rand RTFM

Reply to
Mark Rand

Sure. Lots of viruses and worms will forge the Reply To field with an address they got from the infected computer's contact list. So the virus may actually be spamming from the computer of an aquaintence who has your email address in his address book.

Some viruses can actually grab an address off a usenet posting and use that. So you might not even be in the infected machine's address book. Your address might have been picked up on the fly while the person with the infected machine was reading this newsgroup with Outlook Express or a browser. (Shouldn't happen if they're reading with Agent.)

Or, a commercial spammer's machine might have gotten infected, and the virus is using the spammer's list of email addresses as Reply To spoofs as well as targets. (This seems to have happened with the latest worm making the rounds. The flooding has been too rapid and too huge for it not to have had access to a major spammer's address list. At least that's what some network security types are claiming.)

Gary

Reply to
Gary Coffman

On Thu, 21 Aug 2003 06:10:18 GMT, "Keith Marshall" pixelated:

I, too, have received tons of virus-infected mail lately, some with 3 virii apiece, some from "me"! Strange. I guess it's almost time for the spammers to go back to school so they're out in force, eh?

Just 2 weeks ago, after returning from vacation (9 days) to a mailbox full of 5,000 spams and 9 valid messages, I went to my host and turned off wildcarding. That cut about 500 per day. I have Spam Assassin going locally but am about to let my host do it there since it works flawlessly.

I'm down to ~50 spams/day (5 addresses but most to the one I have on my website; time to change/hide it there, too) with SA catching 40 of them.

- The advantage of exercising every day is that you die healthier. ------------

formatting link
Dynamic Websites, PHP Apps, MySQL databases

Reply to
Larry Jaques

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.