Microsoft is bombing me! help! help!

Discussion in 'Computer Information' started by Fogar, Sep 19, 2003.

  1. Fogar

    Heather Guest

    You are sending out the virus.......I just got one from Charter.net. I
    will post part of the headers to show you.......so please get the virus
    off your computer.....or stay offline. Aw hell, that won't matter as
    there are 32 gazillion copies floating around.

    OK......see the first line??? Is that a friend of yours, or is it you.
    And you will see further down that the TO and FROM are totally
    different. So it forges the FROM.......but the "charter.net" is at the
    top.......

    Hey Rafters.....is this like Klez? Or could it be combining two parts
    to the reply to address......hmmm.

    Cheers....Heather

    Return-Path: <>
    Received: from remt20.cluster1.charter.net ([209.225.8.30])

    FROM: "Program Security Center" <>
    TO: "Commercial Client" <>

    SUBJECT: Newest Network Security Patch
    Mime-Version: 1.0
    Content-Type: multipart/mixed; boundary="obmybgntf"
    Date: Mon, 22 Sep 2003 00:03:12 -0400
     
    Heather, Sep 22, 2003
    #61
    1. Advertisements

  2. Fogar

    Heather Guest

    Just got two more from your ISP.....different name in first
    half......know a person named "sfogarty"???

    These seem to come in pairs......two from Musselwhite, two from
    Fogarty.....both Charter.net.

    Heather
     
    Heather, Sep 22, 2003
    #62
    1. Advertisements

  3. Fogar

    San Guest

    Heather,
    I followed your instructions after printing them out, but I don't know where
    you and Thor are getting the phrase "Cumulative Patch". That didn't come in
    any of my mails, did you have to open one to read that in the message? Last
    night, before I turned the computer off, I deleted all the mails in my
    inbox, and deleted box, one thousand in all, after making several rules
    using phrases in the , not the from header, but the message content part,
    and this morning I had about 49 in the deleted box, and 58 in the inbox. So
    some of the rules did not work. But the Microsoft ones seem to be stopped.
    Sorry, I'm not really up to all this stuff, although I'm really trying.
    I don't want to do that, that's why I asked.

    Thanks for your help,
    San
     
    San, Sep 22, 2003
    #63
  4. Fogar

    San Guest

    "Heather" <
    I don't understand why you are asking that, I have not sent you any mails
    other than on this group.
    This ISP is all over the country. It could be coming from anywhere AFAIK.
     
    San, Sep 22, 2003
    #64
  5. Fogar

    San Guest

     
    San, Sep 22, 2003
    #65
  6. Fogar

    Jason Wade Guest

    AFAIK, this leaves the message on the server. Is there
    any way to delete the message from the server without
    downloading it?
     
    Jason Wade, Sep 22, 2003
    #66
  7. Fogar

    Thor Guest

    Last

    That was just an example. You need to look at all your messages, and pick
    out s distinctive word or phrase that sets them apart from legitemate email,
    yet is common to most of the ones you want to filter out.
    In your news account settings in Outlook Express, there is a box for your
    email address. What you put in that box is what is displayed in the headers
    of your newsgroup posts. All you need to do is put a fake or "munged"
    address (munged means take your real address and put something in it like
    "nospam") so something other than your real address is shown. Usenet is
    crawling with bots (automated programs) that search out email addresses for
    spammers to send to. When the address is harvested from one of your
    messages, it will be useless to the spammer if you put in a fake one, or
    munge it in such a way that it cannot be readily used without being edited
    first.
     
    Thor, Sep 22, 2003
    #67
  8. Fogar

    San Guest

    The message rules must be working now, as I'm only receiving a few at a
    time, and they have new words in them.

    But I need to figure out how to eliminate the worm from my system, which is
    just going to continue living here if I don't. I don't know what other
    damage it does besides being annoying in email.

    Okay, I did that too. If I did it right, it will show up in this message as
    .

    Thanks,
    Sandra
     
    San, Sep 22, 2003
    #68
  9. Fogar

    Bill Guest


    Just because you're being deluged with the infected email doesn't mean
    your system is infected. That would require that you be stupid enough
    to launch the infected file.
     
    Bill, Sep 22, 2003
    #69
  10. Fogar

    V W Wall Guest

    With MailWasher, I've set up a "not to me" filter. i.e. if the "To" box
    "does not contain" my normal e-mail address, then delete. Works fine
    since none of the fake MS junk has my addy in the "To" box. I haven't
    been able to do this with OE, but Netscape has this option in filtering.

    I've noticed many of the "bounce" messeges are no longer containing the
    whole (146KB-156KB), attachment sent in the original message. Maybe they're
    learning something?

    Virg Wall
     
    V W Wall, Sep 22, 2003
    #70
  11. Fogar

    Thor Guest

    It's easy to do it with OE. You just set up a rule based on the "TO:" field,
    put in your email address as the criteria, and then reverse the rule
    behavior with the options button to make it reject all mail except those
    that specifically have your email address in the "TO:" field. Then set the
    action as "delete from server". I have this set up on mine, but it is of
    limited use because a substantial part of the spam I usually receive *does*
    have my email address in the "TO:" field.
     
    Thor, Sep 22, 2003
    #71
  12. Fogar

    Dale Guest

    Thanks Thor. :)

    --
    Dale's simple method of dealing with swen creator.

    1) Identify Creator.
    2) Throw on ground.
    3) Hit with big stick
    4) Repeat step 3 until creator no longer moves.
    5) Depose of body where it will never be found.
     
    Dale, Sep 22, 2003
    #72
  13. This could very well mean that you *are* actually infested
    by this worm.

    Sorry.
     
    FromTheRafters, Sep 22, 2003
    #73
  14. She gets the error box when she tries to run regedit, Bill. :eek:(
     
    FromTheRafters, Sep 22, 2003
    #74
  15. You propose murdering someone because you were inconvenienced?
    ~ Nice....

    ....many happy "returns" dude.
     
    FromTheRafters, Sep 22, 2003
    #75
  16. It can evidently harvest e-mail addresses directly from newsgroup
    posts on some servers in a list it contains. I think that the "reply-to"
    field depends on how the mail server treats the "envelope-from"
    field of the incoming SMTP send.

    http://www.f-secure.com/v-descs/swen.shtml

    So...that means the "circle of friends" ripple effect has
    been removed one more level. Sort of like the STDs
    being spread not only from partners to partners, but
    to everyone who frequents the same restaraunts as well.
    Harvesting from the TIF did this too, but I think this is
    worse because almost every post has an address, and
    both valid and invalid addresses get sent to.
     
    FromTheRafters, Sep 22, 2003
    #76
  17. Outlook Express can do it too:

    Where the To and CC lines contain people.
    click on "people" to add your own name in
    the text box, click on add ~ then on options
    to reverse the logic.

    ...of course you then lose the sends from your mass mailing friends
    with enough of a clue to use Bcc instead of CC ~ but I sort of
    whitelisted them by other settings.

    Mailwasher is much easier to use than OE though, as far
    as setting up filters.
     
    FromTheRafters, Sep 22, 2003
    #77
  18. FromTheRafters, Sep 22, 2003
    #78
  19. Fogar

    V W Wall Guest

    Thanks for the info. I don't use OE very much--should have known to look for
    the typical MS "reverse logic". I guess my spamming friends don't know me too
    well, as most spam doesn't have my correct addy, even though I left it in this
    and other NGs for some time. This method may work better for others, rather
    than trying to guess the subject phrase used in the fake MS junk. The stuff
    without an address that I have subscribed to is set as "friend" in MailWasher.

    Virg Wall
     
    V W Wall, Sep 22, 2003
    #79
  20. Fogar

    cein Guest

    The problem with that is if you're subscribed to mailing lists then mail to
    that lists will have the address of the list in the 'to' field and not your
    own addy.
    But even if you have your filters set to delete it, you still have to waste
    your time and connection by downloading it into OE.

    ceindreadh
     
    cein, Sep 22, 2003
    #80
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.