 |
|
| Metalworking (rec.crafts.metalworking) Discuss various aspects of working with metal, such as machining, welding, metal joining, screwing, casting, hardening/tempering, blacksmithing/forging, spinning and hammer work, sheet metal work. |
| Reply |
|
|
LinkBack | Thread Tools | Display Modes |
|
#1
|
|||
|
|||
OT Gremlins have been busy!
Booted up tonight after putting in a day of work on the house we're
building. Waiting for me were 67 messages, 28 of which were virus infected. Our ISP traps them, but we get a report along with anything that wasn't deleted. Along with the messages were three from other ISP's suggesting that I am sending mail that is infected, that I should attend to my computer before re-sending the messages, which they had deleted. Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Harold |
|
#3
|
|||
|
|||
|
OT Gremlins have been busy!
I first heard about this virus yesterday and first thing today I was
deleting a good 15 (out of a total 45 or so, 98% spam). Between 3 and 8pm earlier today I remember I got 9 (out of 15 messages I think).. This thing must be hitting hard! Tim -- In the immortal words of Ned Flanders: "No foot longs!" Website @ http://webpages.charter.net/dawill/tmoranwms "Harold & Susan Vordos" wrote in message ... Booted up tonight after putting in a day of work on the house we're building. Waiting for me were 67 messages, 28 of which were virus infected. Our ISP traps them, but we get a report along with anything that wasn't deleted. Along with the messages were three from other ISP's suggesting that I am sending mail that is infected, that I should attend to my computer before re-sending the messages, which they had deleted. Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Harold |
|
#4
|
|||
|
|||
|
OT Gremlins have been busy!
"Keith Marshall" wrote in message m... Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Yep, afraid so. Since yesterday morning I have received 2733 messages with a virus attached (but removed by Norton Antivirus) and an unknown number (probably a few hundred) of messages like you described where I was supposedly the sender. The "From" address is one that I had posted on my Web site for support (I knew better but never got around to hiding it until now) and I have never sent any email from that address so I know it's the virus doing it. Here's a link with info if you're interested: They actually seem to be slowing down now, finally. I've only gotten 3 or 4 copies in the last couple of hours. After reading of your experience, I'll hold my whining for something more serious! I can't even begin to imagine receiving that many messages, let alone that many bad ones! Thanks for the link, Keith. I guess the one good thing is the virus will die a natural death eventually (September 10th). Mean time, I keep my delete key ready to go! Harold |
|
#5
|
|||
|
|||
|
OT Gremlins have been busy!
Harold & Susan Vordos wrote:
Booted up tonight after putting in a day of work on the house we're building. Waiting for me were 67 messages, 28 of which were virus infected. Our ISP traps them, but we get a report along with anything that wasn't deleted. Along with the messages were three from other ISP's suggesting that I am sending mail that is infected, that I should attend to my computer before re-sending the messages, which they had deleted. Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Unfortunately, some of these virus checkers don't really have a clue. They detect the virus in an email (sent by the virus) and then take the absurd leap that the From: line (set by the virus) is true, and mail the 'originator' about it. You can't really trust email headers, unless you know just how to read them for your ISP, and all the ISPs that the message passed through. It's near impossible for software to do this. -- http://inquisitor.i.am/ | | Ian Stirling. ---------------------------+-------------------------+-------------------------- Lord, grant me the serenity to accept that I cannot change, the courage to change what I can, and the wisdom to hide the bodies of those I had to kill because they ****ed me off. - Random |
|
#6
|
|||
|
|||
|
OT Gremlins have been busy!
Oops, hit the send key before I typed anything. It's been a busy couple of
days. :-) I just hit 2994 copies but I've setup Outlook to move them all to a special folder so I don't really have to do anything for now. I'll leave them so I can keep a running total of how many I've received and then I'll delete them when it stops... if it ever does. :-) Best Regards, Keith Marshall "The universe is full of magical things, patiently waiting for our wits to grow sharper." -Eden Phillpotts, A Shadow Passes, 1934 "Harold & Susan Vordos" wrote in message ... "Keith Marshall" wrote in message m... Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Yep, afraid so. Since yesterday morning I have received 2733 messages with a virus attached (but removed by Norton Antivirus) and an unknown number (probably a few hundred) of messages like you described where I was supposedly the sender. The "From" address is one that I had posted on my Web site for support (I knew better but never got around to hiding it until now) and I have never sent any email from that address so I know it's the virus doing it. Here's a link with info if you're interested: They actually seem to be slowing down now, finally. I've only gotten 3 or 4 copies in the last couple of hours. After reading of your experience, I'll hold my whining for something more serious! I can't even begin to imagine receiving that many messages, let alone that many bad ones! Thanks for the link, Keith. I guess the one good thing is the virus will die a natural death eventually (September 10th). Mean time, I keep my delete key ready to go! Harold |
|
#7
|
|||
|
|||
|
OT Gremlins have been busy!
In article ,
Harold & Susan Vordos wrote: Booted up tonight after putting in a day of work on the house we're building. Waiting for me were 67 messages, 28 of which were virus infected. Our ISP traps them, but we get a report along with anything that wasn't deleted. Along with the messages were three from other ISP's suggesting that I am sending mail that is infected, that I should attend to my computer before re-sending the messages, which they had deleted. Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Of course. The virii pick up not only the addresses of new potential victims from the current victim's e-mail collections (address books, unread e-mail, unread news articles, etc), but also the address to forge as the "From: " headers. I've gotten several, and I *know* that these virii can't run on my unix systems, so they can't be infected. (This does not say that it is impossible to write a virus for a unix system, but it is more work, and fewer victims, so in general, they don't bother.) The victim who is sending these is probably a reader of the rec.crafts.metalworking newsgroup, whether active or a lurker, which explains how your address (and mine) came to be used. You *do* have all the security patches up to date, don't you? Not the ones from two days ago, but from *today*? (Microsoft has opened new holes with some of the patches closing the old ones, so staying up-to-date will help. Using a non-Microsoft OS will help a lot more. :-) I've added about a half-dozen IP addresses of infected machines to my blocklist, to slow down the flow that I've been getting. As a result, I've not been getting them direct, but the bounces from ISPs who filter out virii show the same IP addresses that I'm blocking as the source (with my e-mail address forged). The virus will usually send out a number under one forged "From: " address, then move on to the next. Good Luck, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
|
#8
|
|||
|
|||
|
OT Gremlins have been busy!
In article ,
Harold & Susan Vordos wrote: "Keith Marshall" wrote in message om... [ ... ] They actually seem to be slowing down now, finally. I've only gotten 3 or 4 copies in the last couple of hours. After reading of your experience, I'll hold my whining for something more serious! I can't even begin to imagine receiving that many messages, let alone that many bad ones! :-) Thanks for the link, Keith. I guess the one good thing is the virus will die a natural death eventually (September 10th). Mean time, I keep my delete key ready to go! Note that when it expires, they release a new version. I believe that these things are being used to install backdoors in victimized systems which can be used by spammers to send out their spam floods, and bring the retribution down on the heads of the victims, not the spammers. While there is no proof, I think that the spammers are using the virus writers as hired help. It was interesting that for a few days following the power outage, (which lasted longer in the area of a known spammer), almost all of the spam relayed through systems in China, Korea, etc dropped off. It would seem worthwhile to continue the outage in one very narrow area. :-) Enjoy, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
|
#9
|
|||
|
|||
|
OT Gremlins have been busy!
|
|
#10
|
|||
|
|||
|
OT Gremlins have been busy!
On Thu, 21 Aug 2003 04:50:05 GMT, "Harold & Susan Vordos" wrote:
Booted up tonight after putting in a day of work on the house we're building. Waiting for me were 67 messages, 28 of which were virus infected. Our ISP traps them, but we get a report along with anything that wasn't deleted. Along with the messages were three from other ISP's suggesting that I am sending mail that is infected, that I should attend to my computer before re-sending the messages, which they had deleted. Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Sure. Lots of viruses and worms will forge the Reply To field with an address they got from the infected computer's contact list. So the virus may actually be spamming from the computer of an aquaintence who has your email address in his address book. Some viruses can actually grab an address off a usenet posting and use that. So you might not even be in the infected machine's address book. Your address might have been picked up on the fly while the person with the infected machine was reading this newsgroup with Outlook Express or a browser. (Shouldn't happen if they're reading with Agent.) Or, a commercial spammer's machine might have gotten infected, and the virus is using the spammer's list of email addresses as Reply To spoofs as well as targets. (This seems to have happened with the latest worm making the rounds. The flooding has been too rapid and too huge for it not to have had access to a major spammer's address list. At least that's what some network security types are claiming.) Gary |
|
#11
|
|||
|
|||
|
OT Gremlins have been busy!
On Thu, 21 Aug 2003 06:10:18 GMT, "Keith Marshall"
pixelated: Funny thing is, I'm not the sender. I hadn't even heard of the recipients, all of which were commercial establishments. Anyone out there having the same "good luck"? Yep, afraid so. Since yesterday morning I have received 2733 messages with a virus attached (but removed by Norton Antivirus) and an unknown number (probably a few hundred) of messages like you described where I was supposedly the sender. The "From" address is one that I had posted on my Web site for support (I knew better but never got around to hiding it until now) I, too, have received tons of virus-infected mail lately, some with 3 virii apiece, some from "me"! Strange. I guess it's almost time for the spammers to go back to school so they're out in force, eh? Just 2 weeks ago, after returning from vacation (9 days) to a mailbox full of 5,000 spams and 9 valid messages, I went to my host and turned off wildcarding. That cut about 500 per day. I have Spam Assassin going locally but am about to let my host do it there since it works flawlessly. I'm down to ~50 spams/day (5 addresses but most to the one I have on my website; time to change/hide it there, too) with SA catching 40 of them. - The advantage of exercising every day is that you die healthier. ------------ http://diversify.com Dynamic Websites, PHP Apps, MySQL databases |
| Reply |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
