Thread: OT Gremlins have been busy!
View Single Post
  #7   Report Post  
DoN. Nichols
 
Posts: n/a
Default OT Gremlins have been busy!
In article ,
Harold & Susan Vordos wrote:
Booted up tonight after putting in a day of work on the house we're
building. Waiting for me were 67 messages, 28 of which were virus infected.
Our ISP traps them, but we get a report along with anything that wasn't
deleted. Along with the messages were three from other ISP's suggesting
that I am sending mail that is infected, that I should attend to my computer
before re-sending the messages, which they had deleted. Funny thing is,
I'm not the sender. I hadn't even heard of the recipients, all of which
were commercial establishments. Anyone out there having the same "good
luck"?

Of course. The virii pick up not only the addresses of new
potential victims from the current victim's e-mail collections (address
books, unread e-mail, unread news articles, etc), but also the address
to forge as the "From: " headers. I've gotten several, and I *know*
that these virii can't run on my unix systems, so they can't be
infected. (This does not say that it is impossible to write a virus for
a unix system, but it is more work, and fewer victims, so in general,
they don't bother.)

The victim who is sending these is probably a reader of the
rec.crafts.metalworking newsgroup, whether active or a lurker, which
explains how your address (and mine) came to be used.

You *do* have all the security patches up to date, don't you?
Not the ones from two days ago, but from *today*? (Microsoft has opened
new holes with some of the patches closing the old ones, so staying
up-to-date will help. Using a non-Microsoft OS will help a lot more. :-)

I've added about a half-dozen IP addresses of infected machines
to my blocklist, to slow down the flow that I've been getting. As a
result, I've not been getting them direct, but the bounces from ISPs who
filter out virii show the same IP addresses that I'm blocking as the
source (with my e-mail address forged).

The virus will usually send out a number under one forged
"From: " address, then move on to the next.

Good Luck,
DoN.

--
Email: | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
Reply With QuoteReply With Quote