| Author |
Message |
flatulent
Joined: 19 Jul 2002
Posts: 4849
Helped: 289
Location: Middle Earth
|
 10 Mar 2004 7:09 VIRUS IN EMAILS |
|
|
|
| From some limited information it seems that members of this site are receiving emails from what looks like other members with .zip attachments. Do not open the attachment. It is a virus. You should email back to the originator and ask them if they sent the email and what the attachment is.
|
|
| Back to top |
|
 |
eirp
Joined: 11 Dec 2001
Posts: 807
Helped: 9
Location: Phase center
|
| 10 Mar 2004 10:04 Re: VIRUS IN EMAILS |
|
|
|
Originator is falsified also so reply don't helps.
I received W32.Beagle(at)mm! 
|
|
| Back to top |
|
|
gulson
Joined: 01 Jan 1970
Posts: 482
Helped: 1
Location: Poland
|
| 10 Mar 2004 10:08 |
|
|
|
There is no chance to view e-mails database, maybe you wrote your email in a message so robots ate this email. I'm receiving about 40-50 viruses per day just because I put elektroda_at_elektroda.pl public and many members has elektroda_at_elektroda.pl in own address books. Also this virus is very smart, because it change "from" header. Once time I've got virus from myself because it change "from" elektroda_at_elektroda.pl I also got many viruses from noreply(at)elektroda.pl webmaster(at)elektroda.pl support(at)elektroda.pl but I know these mailboxes doesn't exist.
example:
| Quote: |
Hello user of Elektroda.pl e-mail server,
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Further details can be obtained from attached file.
For security reasons attached file is password protected. The password is "21565".
Have a good day,
The Elektroda.pl team http://www.elektroda.pl
|
this is email from administrator(at)elektroda.pl and this email doesn't exist. I've never sent this e-mail...
source:
| Quote: |
Received: from unknown (HELO pawel) (80.51.31.29)
|
First do not email back to origination because this person doesn't have a virus. It's very easy to change "from" header. You must check always source message.
|
|
| Back to top |
|
|
makswell
Joined: 09 Jan 2003
Posts: 243
Helped: 1
|
| 10 Mar 2004 10:12 Re: VIRUS IN EMAILS |
|
|
|
Hi!
I also received an email with zip-file and asked the sender what this file is. The answer was 4 emails with zip-files and there was virus in everyone.
--
makswell
|
|
| Back to top |
|
|
klug
Joined: 04 Jul 2002
Posts: 740
Helped: 5
|
| 10 Mar 2004 10:48 Re: VIRUS IN EMAILS |
|
|
|
I also received an e-mail with *.zip attach from member of Elektroda and was asking him confirmation.
1. It is using old address list, since I have changed my E-mail 3-4 months ago and it was sended to my old address.
2. It has falsified ordinator address but there is relay address from logs of my server : relay=pd145.piotrkow.sdi.tpnet.pl [217.99.99.145]
There is removal utilite if somebody have open this script :
http://www.f-secure.com/v-descs/bagle_h.shtml
|
|
| Back to top |
|
|
flatulent
Joined: 19 Jul 2002
Posts: 4849
Helped: 289
Location: Middle Earth
|
| 10 Mar 2004 16:40 Re: VIRUS IN EMAILS |
|
|
|
The critical clue was from Klug who emailed me about receiving one from me. I use a web based service and never open attachments that are not sent by my request. I then did a virus scan on my computer and found none. The only source of addresses with both his and mine is related to this site. I do not have his address on my computer or the web based address book.
This may point to the possibility of someone monitoring the internet traffic and collecting email addresses from that source.
|
|
| Back to top |
|
|
eirp
Joined: 11 Dec 2001
Posts: 807
Helped: 9
Location: Phase center
|
| 10 Mar 2004 18:11 Re: VIRUS IN EMAILS |
|
|
|
Similar for me - mail has been sent from this IP:
pd145.piotrkow.sdi.tpnet.pl [217.99.99.145]
Strange thing is that it has been sent to my old mail which isn't anymore used for Elektroda purposes 
|
|
| Back to top |
|
|
