|
|
|
|
|
|||||||
 |
A+ Certification - Re: Virus Problem ** Help!** |
|
|
Thread Tools | Search this Thread |
02-26-2004, 06:52 AM
|
#1 |
Re: Virus Problem ** Help!**
Sounds like a good moral to me. And you mean to tell me that all those
Microsoft updates were fakes!? Man that's scary. I'm glad I didn't act on any of them. I was somewhat suspicious as they all came along at the same time I started getting the virus e-mails. We live and learn. -- David Bland "Karl S." <> wrote in message news  . ..> On Fri, 20 Feb 2004 08:05:46 +0000, David BlandIII wrote: > > > Perhaps some of you bright lads & lasses can help me with a rather > > perplexing problem. Having cruised the net since the early days of the > > web, I have (on occasion) run into the random virus here and there, > > perhaps as many as five or six time a year. I always keep NAV running > > and I do a lot of downloading. Every one in a while I'll download a > > virus infected file and get that cool little sound letting me know that > > Norton's found one. > > > > This is all quite normal and no problem at all. In all of my webbing > > years I have probably only gotten two or three virus infected e-mails. > > However, after visiting several newsgroups early in January of this > > year, I noticed a slow tide of virus infected e-mails that has recently > > turned into a torrent. At this rate I may have to pull this account > > altogether. I'd like to avoid this scenario, however, so I was wondering > > if anyone could shed some light on the root cause of my problem? > > > > Over the last month I have been instituting e-mail filters in an attempt > > to prevent the infected emails from being downloaded from my server > > altogether. I thought it would be simple enough to do as all of the > > infected e-mail notices came from a handful of sources and all contained > > similar messages. The sources seem to be from the various ISP's own > > e-mail management systems and included addresses such as: > > > > - > > - > > - > > - > > - even Norton Antivirus's own E-mail Protection Program > > > > The names listed in the "From" field all contained terms such as > > Microsoft Internet Mail Storage System, Inet Mail Delivery Service, or > > the ever-ubiquitous "Administrator," and the message line would always > > be blank or say something like "user unknown." > > > > In the body of all of these e-mails there is usually a simple message > > always stating the same thing such as: > > > > "I'm afraid the message returned below could not be delivered to the > > following addresses: > > Undeliverable mail to " > > > > I've included the full return path of the latest such e-mail which had > > listed "Administrator" in the From filed and "mail: user unknown" in the > > message field. The body of the letter stated: > > > > Undeliverable mail to Message follows: > > > > The e-mail usually has an attachment with the original infected e-mail. > > > > ================================================== =========== > > > > > > Return-Path: <> > > Received: from prserv.net ([192.168.1.7]) by mta015.verizon.net > > (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with > > ESMTP id > > <20040219183211.XIMD6907.mta015.verizon.net@prserv .net> for > > <>; Thu, 19 Feb 2004 12:32:11 -0600 > > Received: from prserv.net (32.97.166.32) by sc009pub.verizon.net > > (MailPass SMTP server v1.1.1 - 121803235448JY) with ESMTP id > > <4-26778-35-26778-125958-1-1077315531> for mta015.verizon.net; Thu, 19 > > Feb 2004 12:32:12 -0600 Date: Thu, 19 Feb 2004 18:31:50 +0000 (GMT) > > X-Comment: Sending client does not conform to RFC822 minimum > > requirements X-Comment: Date has been added by Maillennium. Received: > > from rbpgp (slip32-106-141-81.bar.es.prserv.net[32.106.141.81]) > > by attglobal.net (out2) with SMTP > > id <2004021918313320206pca04e>; Thu, 19 Feb 2004 18:31:37 > > +0000 > > FROM: "Administrator" <> TO: " " > > <> > > SUBJECT: mail: user unknown > > Mime-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="vylvuuh" > > Message-Id: <20040219183211.XIMD6907.mta015.verizon.net@prserv .net> > > > > ================================================== ============== > > > > The thing that perplexes me about all of these e-mails is that they all > > seem to be messages from other systems' e-mail programs telling me that > > an e-mail that I was sending was for some reason undeliverable. Of > > course I have sent no such e-mail to any of the return addresses listed > > in the messages. I assumed that some program was sniffing the newsgroups > > I posted mesages in and got my e-mail and started trying to replicate a > > virus infected message by sending it out to others using my return > > address, thus these various e-mail systems are sending this junk back to > > me. That's my theory anyway. > > > > The problem is that the volume of e-mail is increasing despite over > > fifteen e-mail filters that I've tried to establish (including a block > > sender list). Apparently these e-mail management systems are designed to > > alter the messages to avoid blocking as e-mail from the same systems > > (even blocked addresses) keep showing up again and again using slightly > > wording in the From and Message fields, as well as in the message body. > > > > Seeing as how the block senders list and e-mail filters have been > > unsuccessful, I resorted changing the email address that I have been > > using but today I found that two of my other e-mail addresses that I > > never use when visiting newsgroups and only use in business > > correspondence, have now also become infected with this virus problem. > > In other words I'm receiving virus e-mails from on all three e-mail > > accounts now. At this point I don't know what to do. Is my only recourse > > to pull the entire Verizon account and never again venture into an > > online newsgroup such as this? Any suggestions would be very much > > appreciated. Thanks. > > > > David Bland<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 > > Transitional//EN"> <HTML><HEAD> > > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> > > <META content="MSHTML 6.00.2800.1400" name=GENERATOR> <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=#ffffff> > > <DIV><FONT face=Arial>Perhaps some of you bright lads & > > lasses can help me with a rather perplexing problem.</FONT></DIV> > > <DIV><FONT face=Arial>Having cruised the net since the early days of the > > web, I have (on occasion) run into</FONT></DIV> <DIV><FONT > > face=Arial>the random virus here and there, perhaps as many as > > five or six time a year. I always</FONT></DIV> <DIV><FONT > > face=Arial>keep NAV running and I do a lot of downloading. Every one in > > a while I'll download a</FONT></DIV> <DIV><FONT face=Arial>virus > > infected file and get that cool little sound letting me know that > > Norton's found</FONT></DIV> <DIV><FONT face=Arial>one.</FONT></DIV> > > <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial>This is > > all quite normal and no problem at all. In all of my webbing years I > > have probably</FONT></DIV> <DIV><FONT face=Arial>only gotten two or > > three virus infected e-mails. However, after visiting several > > newsgroups</FONT></DIV> <DIV><FONT face=Arial>early in January of this > > year, I noticed a slow tide of virus infected e-mails that has > > recently</FONT></DIV> <DIV><FONT face=Arial>turned into a torrent. At > > this rate I may have to pull this account altogether. I'd like to > > avoid</FONT></DIV> <DIV><FONT face=Arial>this scenario, however, so I > > was wondering if anyone could shed some light on the root</FONT></DIV> > > <DIV><FONT face=Arial>cause of my problem?</FONT></DIV> <DIV><FONT > > face=Arial></FONT> </DIV> <DIV><FONT face=Arial>Over the last month > > I have been instituting e-mail filters in an attempt to prevent the > > infected</FONT></DIV> <DIV><FONT face=Arial>emails from being downloaded > > from my server altogether. I thought it would be > > simple</FONT></DIV> <DIV><FONT face=Arial>enough to do as all of the > > infected e-mail notices came from a handful of sources and > > all</FONT></DIV> <DIV><FONT face=Arial>contained similar messages. The > > sources seem to be from the various ISP's own e-mail</FONT></DIV> > > <DIV><FONT face=Arial>management systems and included addresses such > > as:</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT > > face=Arial> - <A > > href="private.php?do=newpm&u=">mailroutine@ netmail.net</A></FONT></DI V> > > <DIV><FONT face=Arial> - <A > > href="mailto  ">omailprogr </A></FONT></DIV> > > <DIV><FONT face=Arial> - <A > > href="private.php?do=newpm&u=">wmailrout </A></FON T></DIV> > > <DIV><FONT face=Arial> - <A > > href="private.php?do=newpm&u=">masterbot@r ocketmail.net</A></FONT></ DIV> > > <DIV><FONT face=Arial> - even Norton Antivirus's own > > E-mail Protection Program</FONT></DIV> <DIV> </DIV> <DIV><FONT > > face=Arial>The names listed in the "From" field all contained terms > > such as Microsoft Internet Mail</FONT></DIV> <DIV><FONT > > face=Arial>Storage System, Inet Mail Delivery Service, or the > > ever-ubiquitous "Administrator," and</FONT></DIV> <DIV><FONT > > face=Arial>the message line would always be blank or say something like > > "user unknown."</FONT> </DIV> <DIV> </DIV> > > <DIV><FONT face=Arial>In the body of all of these e-mails there is > > usually a simple message always stating the</FONT></DIV> <DIV><FONT > > face=Arial>same thing such as:</FONT></DIV> <DIV><FONT > > face=Arial></FONT> </DIV> <DIV><FONT face=Arial> > > "</FONT><FONT face="Times New Roman">I'm afraid the message returned > > below could not be delivered to the following addresses:<BR><FONT > > face=Arial> </FONT>Undeliverable mail to > > <B>"</B></FONT></DIV> <DIV><FONT face="Times New > > Roman"></FONT> </DIV> <DIV><FONT face=Arial>I've included the > > full return path of the latest such e-mail which had listed > > "Administrator"</FONT></DIV> <DIV><FONT face=Arial>in the From filed and > > "mail: user unknown" in the message field. The body of the > > letter</FONT></DIV> <DIV><FONT face=Arial>stated:</FONT></DIV> > > <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT > > face=Arial> <FONT face="Times New Roman">Undeliverable > > mail to <B><A > > href="private.php?do=newpm&u=">gqtibver@netmai l.com</A></B> > > </FONT></FONT></DIV> > > <DIV><FONT face=Arial><FONT face="Times New > > Roman"><STRONG> </STRONG>Message > > follows:</FONT><BR></FONT></DIV> <DIV><FONT face=Arial>The e-mail > > usually has an attachment with the original infected > > e-mail.</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> > > <DIV><FONT > > face=Arial>======================================= ======================</DI V> > > <DIV><BR></DIV></FONT> > > <DIV><FONT face=Arial>Return-Path: <<A > > href="private.php?do=newpm&u=">loren48@attglo bal.net</A>><BR>Receive d: > > from prserv.net ([192.168.1.7]) by > > mta015.verizon.net<BR> &nbs p; > > (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with > > ESMTP<BR>   ; id > > <<A > > href="mailto:20040219183211.XIMD6907.mta015.verizo ">20040219 </A>><BR> & nbsp; > > for <<A > > href="private.php?do=newpm&u=">dbland3@verizon. net</A>>; Thu, 19 > > Feb 2004 12:32:11 -0600<BR>Received: from prserv.net (32.97.166.32) by > > sc009pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) > > with ESMTP id > > <4-26778-35-26778-125958-1-1077315531> for mta015.verizon.net; > > Thu, 19 Feb 2004 12:32:12 -0600<BR>Date: Thu, 19 Feb 2004 18:31:50 +0000 > > (GMT)<BR>X-Comment: Sending client does not conform to RFC822 minimum > > requirements<BR>X-Comment: Date has been added by > > Maillennium.<BR>Received: from rbpgp > > (slip32-106-141-81.bar.es.prserv.net[32.106.141.81])<BR> &n bsp; > > by attglobal.net (out2) with > > SMTP<BR> id > > <2004021918313320206pca04e>; Thu, 19 Feb 2004 18:31:37 > > +0000<BR>FROM: "Administrator" <<A > > href="private.php?do=newpm&u=">smtpform@netmai l.com</A>><BR>TO: " > > " <<A > > href="private.php?do=newpm&u=">recipient@y ourserver.com</A>><BR>S UBJECT: > > mail: user unknown<BR>Mime-Version: 1.0<BR>Content-Type: > > multipart/alternative;<BR> boundary="vylvuuh"<BR>Messag e-Id: <<A > > href="mailto:20040219183211.XIMD6907.mta015.verizo ">20040219 </A>></FONT></DIV> > > <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT > > face=Arial>======================================= =========================< /FONT></DIV> > > <DIV><FONT face=Arial></FONT> </DIV> <DIV><FONT face=Arial>The > > thing that perplexes me about all of these e-mails is that they all seem > > to be</FONT></DIV> <DIV><FONT face=Arial>messages from other systems' > > e-mail programs telling me that an e-mail that I was</FONT></DIV> > > <DIV><FONT face=Arial>sending was for some reason undeliverable. Of > > course I have sent no such e-mail</FONT></DIV> <DIV><FONT face=Arial>to > > any of the return addresses listed in the messages. I assumed that some > > program</FONT></DIV> <DIV><FONT face=Arial>was sniffing the newsgroups I > > posted mesages in and got my e-mail and started</FONT></DIV> <DIV><FONT > > face=Arial>trying to replicate a virus infected message by sending it > > out to others using my</FONT></DIV> <DIV><FONT face=Arial>return > > address, thus these various e-mail systems are sending this junk back to > > me.</FONT></DIV> <DIV><FONT face=Arial>That's my theory > > anyway.</FONT></DIV> <DIV><FONT face=Arial></FONT> </DIV> > > <DIV><FONT face=Arial>The problem is that the volume of e-mail is > > increasing despite over fifteen e-mail</FONT></DIV> <DIV><FONT > > face=Arial>filters that I've tried to establish (including a block > > sender list). Apparently these</FONT></DIV> <DIV><FONT face=Arial>e-mail > > management systems are designed to alter the messages to avoid > > blocking</FONT></DIV> <DIV><FONT face=Arial>as e-mail from the same > > systems (even blocked addresses) keep showing up again</FONT></DIV> > > <DIV><FONT face=Arial>and again using slightly wording in the From and > > Message fields, as well as in the </FONT></DIV> <DIV><FONT > > face=Arial>message </FONT><FONT face=Arial>body.</FONT></DIV> <DIV><FONT > > face=Arial></FONT> </DIV> <DIV><FONT face=Arial>Seeing as how the > > block senders list and e-mail filters have been unsuccessful, > > I</FONT></DIV> <DIV><FONT face=Arial>resorted changing the email address > > that I have been using but today I found that two</FONT></DIV> > > <DIV><FONT face=Arial>of my other e-mail addresses that I never use when > > visiting newsgroups and only use</FONT></DIV> <DIV><FONT face=Arial>in > > business correspondence, have now also become infected with this virus > > problem.</FONT></DIV> <DIV><FONT face=Arial>In other words I'm receiving > > virus e-mails from on all three e-mail accounts now. At > > this</FONT></DIV> <DIV><FONT face=Arial>point I don't know what to do. > > Is my only recourse to pull the entire Verizon account</FONT></DIV> > > <DIV><FONT face=Arial>and never again venture into an online newsgroup > > such as this? Any suggestions</FONT></DIV> <DIV><FONT face=Arial>would > > be very much appreciated. Thanks.</FONT></DIV> <DIV><FONT > > face=Arial></FONT> </DIV> <DIV><FONT face=Arial>David > > Bland</FONT></DIV></BODY></HTML> > > > Those "Failed to send your email" emails are probably fakes, just like the > "Microsoft Update" fakes that "swen" is still throwing around. Your email > address was probably harvested from a newsgroup and used as a fake "From:" > address. There's no reason to believe your computer is itself infected. I > receive similar junk email, and I use linux. There are no viable viruses > or worms at this time that will infect linux. I don't know which email > software you use, but I find that Netscape 7 / Mozilla have a very > effective combination of junkmail and spam filters. Even that wasn't > enough, however, when I was receiving 60-80 virus-loaded junkmails a day, > so I changed my email address slightly, and kept the old one in my "From:" > line. Now the junk goes to a dead address. I still get some spam and virus > junkmail in my main inbox, but no more than a dozen at worst in a day. And > yes, some of those pretend to be bounces of email that "I" was supposed to > have originated... Until I check the "Received from" lines and determine > that they forged the "From:" line. > > Moral: Never post to any newsgroup with your main email address in the > "From:" line. > > Karl S. > > -- > I'm still waiting for someone to WTFM! > David BlandIII |
|
|
|
03-02-2004, 06:00 PM
|
#2 |
|
Posts: n/a
|
Re: Virus Problem ** Help!**
Doug,
I finally had time to review and install POPFile. I'm in evaluation/learning phase now. It looks interesting. I'll be interested to see how well it eventually categorizes all my e-mail. If I can get it to identify those nuisance virus alert messages so I can have Outlook Express not download them from the server, it'll be worth whatever amount of time it takes. Its not the prospect of a virus that bothers me but having to constantly delete those damned messages every time I open my inbox. Over the last week they had slowed to a trickle with my having received none for about three days. But now they've started ebbing in again.  David "Doug Scott" <> wrote in message news:... > David, > > > Sounds like a good moral to me. And you mean to tell me that all those > > Microsoft updates were fakes!? > > Microsoft had to put out a announcement that they will never send anyone > an email. What a defeat for the system, eh? > > > I started getting the virus e-mails. We live and learn. > > I just got a dozen in the last connect with my ISP. All were detected by > POPfile. > > Did you ever follow that up? > > > --- > > Doug > > > > > David BlandIII |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| problem with VIRUS | manojgj | General Help Related Topics | 0 | 01-28-2008 05:26 AM |
| Manchester United Virus | Kenny | A+ Certification | 3 | 09-07-2004 07:41 PM |
| Re: Virus Problem ** Help!** | jim6538980 | A+ Certification | 7 | 02-25-2004 04:39 PM |
| Re: Virus Problem ** Help!** | David BlandIII | A+ Certification | 0 | 02-21-2004 08:38 AM |
| Re: Serious Computer Problem | hootnholler | A+ Certification | 1 | 11-24-2003 12:18 PM |
