Virus emails

Hi all

I received an email from Randy Ludington this morning informing me that my email address has been used to send out emails containing virus's.

I have been onto our IT department and they have assured me that my machine is clean and the emails have not originated from my PC.

I will therefore offer an apology to anyone who is on the wrong end of these emails and assure you that I am not responsible for them.

I am posting this message here on the assumption that, possibly, my address was gotten from this site, especially as one of the recipients is also a member of this site (and Ron's, where I have also posted this message.)

Paul

Paul,

Why don't you ask Randy to look up who sended the email.


Just right click the email in the inbox, select properties and in the
internetheader you can see from were the email came and were it passed during his travel.

Perhaps then you can locate the distributor?

Rudi

Rudi

That's not a bad idea, but what would it achieve? Ok I would know where the messages are originating from, but, I would have thought that the people responsible for this are a bit more cleverer than that, surely they would cover their tracks, possibly?

Judging from the amount of automated 'delivery failed' messages I am receiving there are lots of people not too happy at the moment.

Paul

The 'auto delivery failed' email reply that you are getting seems to be a new way of delivering viruses and spam. I have been getting them for quite some time from my Hotmail accounts and have recently started getting them from my home account. If you look closely at some of them they have an attachment. This attachment is a MS-DOS .Pif file. A .Pif file is used by all Windows OS's to launch a DOS program (supposedly at least). In this case I think it is being used to launch a URL return to let the spammer know that the address is good if it is clicked. The .Pif file appears to be corrupt if you try to open it, so you can't check to see what it is supposed to do.

BTW, most virus scanners will not block .Pif files from coming through.

I think you are right about that its camouflaged spam mail.
I got some of those. When I clicked on one in order to delete it, it immediately tried to connect to an URL (*sigh*, I knew I had been suckered - bot too late to do anything about it).
DAMN ! Why does Microsoft assume that just by clicking on a mail that you want to trigger all the URLs, scripts, etc. etc.

check this out...

http://story.news.yahoo.com/news?tmpl=story&cid=620&e=1&u=/nf/20040319/bs_nf/23458

Hope this URL is working!

I have also just deleted 12 messages from " Mail Admistrator" regarding "sent mail" that I have no knowledge of sending...Please do not open anything that you may recieve from me until I post otherwise here. I also offer my apologies if you have gotten any from me...I am working to track down the problem right now.
David :roll:

I've had five netsky emails today alone. For some reason my automatic virus updates had stopped 2 weeks ago. I was smart enough to delete the emails, but they weren't tagged as viruses until I updated the signatures. Be sure your definitions are up to date.

David- you may have netsky or bagel. I know netsky includes its own email client. It can send emails even when your mail program is closed. I know Mcafee will catch the outgoing stuff.

I know that these goddamn email virus's have been flying around for a while now, but, now that my name has been used and someone that I 'know' has received a dodgy email from me, I wanted to ensure anyone else that 'knows' me and receives a dodgy email from my address, is well aware that I am not responsible for them.

I thought is more than a coincidence that someone who is registered here and at Ron's received a dodgy email from my email address, as I am also registered here and at Ron's. That said I am not accusing Phil or Ron of their web site security being breached, I am saying that it doesn't take a genius to work out that by clicking on someones profile you can get their email address.

Paul

It appears that my bosses' laptop has a 'sickness'due to his failing to renew his virus SW back in Nov...it looks like his Outlook list was mass mailed repeatedly...my email address was in there, and thats how I got the error messages... to the best of my knowlege, none were sent to anyone here or at Ron's site.

What a pain.....

I think that I will type in "format C:" when I wouk on his laptop tomorrow...and then hand him back a blank, wiped, unit...all he does w/ it is make more work for me anyway!!
David

The new virus that is speading may not be seen by your anti-virus software or firewall. Get the update and get the protection.
See POST# 6

My laptop is fine, it's set to update it's self every morning...and I haven't had any problems w/ it...it's just my d@#$@d boss!!

David

BTW: I will accept alternate plans and plots for his machine...I wonder if I could load Win 3.1 on it, or QDos...that would keep him busy for a while!!!

Netsky is an absolute pain. Apparaently, it generates it's own e-mail addresses as well as obtaining addresses from peoples computers. Your computer may not be at fault Paul.

Go to www.nod32.com and there is an explanation of the virus. I believe there would also be an explanation at www.vb.com.

I have received up to 10 a day from e-mail addresses that I do not know or have been generated by this virus. I have also received automatic notification from others, who I do not know, that the e-mail I sent them had the Netsky virus attached. Has been going on for weeks. Good old NOD32 picked it up the first time it was sent to me and at that stage there were no virus definitions available for it from the virus scanner people. NOD32 heuristic scan picked it up.

The last one I got had a subject line "Is this your password?" then had a note like "Checked and virus free- Mcafee Antivirus www.mcafee.com "

I wonder how many get suckered by that.

Paul, there's no need to apologize for emails spamming your name and IP..

Sending email with fake headers is much,,,much,, easier then programming a traffic-light, and unfortunately there is little one can do to prevent these idiots from doing so... What's worse, is the fact that there is no need for them to manually extract addresses from sources such as your profile on this site, as the viruses they create are self propagating once the first person's mailbox has been breached... From that point on it's simply a matter of passing all contained email addresses along with the virus.... I can assure you that you aren't the only one targeted by these attacks, and if you operated even a modest site such as mine you would likely see dozens of these mail server alerts every day..

The really unfortunate thing here is that all mail server response messages now have to be treated as suspect... Once you start seeing dozens a day, one soon gives up on trying to verify their authenticity and instead elects to simply divert them all to scrap..... In my case these diversions can include paying customers,,,, and for this I am truly sorry!....but what can one do?....

As for Fritz's idea of confronting the party whose address is spammed... Well it doesn't take a genius to tell you what that will accomplish....just more spam to deal with..