Re: See this security pack DO NOT OPEN

Unless you want a ton of emails.
UNCLE
YESTERDAY WAS
TODAY IS
TOMORROW WILL BE



Reply to
Richard P. Kubeck
Loading thread data ...
Actually, whether you open it or not is irrelevant to your getting emails from the virus. It's another infected machine, not yours, that's sending the emails.
Mike Tennent "IronPenguin"
Reply to
Mike Tennent
So how do we stop it? The "From" email addresses for the bogus emails is not the infected machine.
I've been getting hammered with this junk for days.
Thanks to anyone that can offer help on stopping it.
Bill
Reply to
Bill Sohl
We can't. At best we can stop ourselves getting infected. The comapnies closer to the internet, like the ISPs and the relays have to do it because otherwise it will propagate itself.
Sadly my own ISP is doing nothing. And I'm stuck with it because the only broadband available here. I'm getting several per minute, and it's already a week since the first ones started arriving last Thursday.
Reply to
Christopher A. Lee
Yes -- sadly, we are at the mercy of other fools who have opened the attachment. It's quite frustrating.
Reply to
Mark Mathu
Actually, try to find an ISP that intercepts the infected messages before they reach your in box. My current ISP intercepts both infected messages and suspected spam.
I am getting intercepted viruses at the rate of about 20 - 30 a day for the past week.
Larry Madson snipped-for-privacy@bright.net
Reply to
Larry Madson
"
formatting link
" "useast.spamassassin.org"
Reply to
Paul Newhouse
If your ISP does not keep your mail behind a firewall, you might try
formatting link

It allows you to delete or bounce on the server.
I am getting over 1500 per day.....
My server is free, but locked to me.....
Jim Stewart
Reply to
Jim Stewart
Ditto, I've probably blocked 500+ email addresses since it started. Ditto on the broadband :P
Reply to
Dale Kramer
As long as you post to the usenet with a valid email address you will get this crap. Other spam emails, too.
From what I've read on W32.swen-a@MM, the worm in an infected computer looks in Outlook Express for messages in the unpurged newsgroups. It scans the messages looking for valid email structure ( snipped-for-privacy@example.net ) When it finds one, BAM! It pounds the crap out of it.
Fourtunatly, if you munge your address (like I have), the worm will loose contact as the old messages (with the valid address) get purged.
Will this worm ever die? Unlikely as there is always going to be some internet newbie who dosen't run a virus scanner program. Oughta be a law......
Swen also creates fake named copies of itself in a shared KaZaA directory. You go hunting for Winamp, find it on KaZaA, download it and double click on it. Wham! You're infected!
Moral of the story:
Always do a virus scan on any incoming file or attachment!
2nd Moral:
NEVER open an attachment unless you were expecting it. If someone wants to send you something, email them and co-ordinate it so you know it's coming in. Then scan it ANYWAYS!!!
More info on this subject can be found on
news:alt.comp.virus
Ken
Reply to
Ken Bessler
for the bogus emails is not the infected machine.< I talked with my ISP and you can't. Just make sure you don't open any attachments and have a Norton or like program on your computer. I tried using some names to delete automatically but the program apparently chooses random names and just keeps sending. At it's height I was getting 50-100 messages each day. Now I get about one or two. It was what you call a denial of service thing I guess.
Reply to
Jon Miller
Baloney. You CAN do one thing:
Alter your email address and add a all caps word like SPAM or SPAMMENOT or etc. before the isp in it. Like this:
snipped-for-privacy@IHATESPAMyahoo.com
Do NOT do it this way:
snipped-for-privacy@yahoo.com
If you do it the second way, harvester bots will try to send the spam/viruses/worms to that address. Since the server is un- altered, it get's there, only to be rejected by the server as "user unknown". But if that happens a lot it'll bog the server down.
If you do it the first way, the email dies on the net with a DNS error.
Another point - the words NOSPAM should not be used. Why? Simple - that phrase is so common that the really good harvester bots can see it and strip it out, restoring the email.
More info on this subject can be found at: news:alt.comp.virus
Ken
Reply to
Ken Bessler
Okay, I'm being particularly brain dead here, but how do you mangle your email address for posting here?
Reply to
Dale Kramer
When I contacted my ISP about it I got the usual crap about not opening attachments, using an anti-virus etc. They didn't understand that this isn't the problem.
As you say, it's the other fools.
It doesn't matter whether I'm using Mac, Linux or Windows. I'm protected with the latest up-to-date virus and firewall definitions from Norton. I run a virus-scan every day.
I'm clean.
And I'm getting them at a rate of two to four per minute. If it averages three, that's over 4,000 per day. It takes less than an hour to fill my 20 mbytes of disk storage at the ISP.
I'm losing _real_ email.
It's been happpening for a whole week now, since last Thursday.
It's a denial of service attack on each and every email user in the world.
And apart from mentions on the BBC and CNN web pages a week ago that described it as attacking Windows and Internet Explorer, I've seen nothing in the media.
And nothing on my own ISP's web page although some of the others are being more responsible.
Is somebody scared that reporting it might give other virus writers ideas? I doubt it because anybody likely to do it knows far better than you or I do, how the internet works. And has already seen the chaos and lack of response from those who can fix it.
I can't realistically go to another ISP because I get my broadband through the cable TV, and I'm too far from the nearest DSL.
I am *a*n*n*o*y*e*d*.
The way to stop this is for the infected machines' ISPs to filter for it. That way they can (a) stop it getting out (b) identify the users who are infected.
It fakes the sender-address with one it finds on the infected machine, and sends it to the ids it finds on it. In newsgroup files, email address books etc. So regular newsgroup subscribers get hit hardest. But it's been out there long enough to have found plenty of email users as well.
Reply to
Christopher A. Lee
We can't, but the infected machine's ISP can if their systems are set up properly. They get an incoming from a dialup user of via their cable TV net then they now it's come from inside their domain not outside it.
I'm killfiling on common to-names like "email recipient", common subjects like the first two words of "security update", and common from-names like "technical support". It took a couple of days to tune and gets rid of most of them - but only at my machine when I'm connected. When I'm not it fills up my storage at the ISP in a little less than an hour.
Reply to
Christopher A. Lee
Yah, I'm getting the same crap too........ I made mail rules for it, and anything coming in that is not to my address exactly goes into the garbage,,, of course Norton cleans it out first... I also have Norton scanning out going mail so I can help protect others from my own e-mails.. Jim
Reply to
JC Lewis
I've been getting about the same amount; only they alternate with "unable to deliver mail" messages, event though I haven't sent any mail, and the addresses referred to are not in my address book. Even those messages have the virus according to Norton. I don't use Outhouse Excess, by the way..
Franz T.
Reply to
Franz Troppenz
If you use Netscape, go to Edit, select Mail and Newsgroup Account Settings and change the address in your identity. I'm sure Outhouse Excess is fairly similar..
Franz T.
remove the SPACE to reply
Reply to
Franz Troppenz
I use Forte Agent. In the User Profile, you type in what you want the world to see.....that's what they will see.
For log on/authentication, you must use your REAL info for your ISP to verify when logging in (Earthlink DOES require it....) but the public never sees that.
Reply to
Steve Hoskins
Don't forget to include the additional case for anything coming in that has you in the "cc" address, or else you'll miss some messages that were properly intended for you.
Reply to
Mark Mathu

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.