View previous topic :: View next topic |
Author |
Message |
Garbz Apprentice
Joined: 02 Jul 2003 Posts: 260 Location: Brisbane, Australia
|
Posted: Thu Apr 01, 2004 11:46 pm Post subject: Hey Mods: Posible virus on gentoo server? |
|
|
Paging all moderators.
I just got an email, and with the current names of the viruses going around i'm not sure if it was NetSky or MyDoom. Either way the email came from nitro@gentoo.org had the body text: "Is this your website?" and an attached zip file with a .pif like all the others going aruond.
No harm done to my end, (it takes a certain type of person to open .pif files in an email).
I just thought u might like to know. For all i know it's a false alarm, but it couldn't hurt to post. _________________ Every begining is another begining's end. |
|
Back to top |
|
|
avenj Retired Dev
Joined: 11 Oct 2002 Posts: 495 Location: New Hampshire
|
Posted: Fri Apr 02, 2004 12:23 am Post subject: |
|
|
Most new email worms forge From: in headers to look like real mail. Not really anything anybody can do about it (other than implementing SPF everywhere); it's definitely not from the real address. |
|
Back to top |
|
|
Garbz Apprentice
Joined: 02 Jul 2003 Posts: 260 Location: Brisbane, Australia
|
Posted: Fri Apr 02, 2004 5:55 am Post subject: |
|
|
ok figured as much because i've got a few reply messages saying that an email was blocked because of virus, yet i've never even seen the email i was supposed to have sent it to, and i most definatly don't have the virus.
Just thought i'd let everyone know because i know for a fact that the nitro@gentoo.org server has my email.
But then again wouldn't it run gentoo anyway and be immune to microsoft-nasties _________________ Every begining is another begining's end. |
|
Back to top |
|
|
Mnemia Guru
Joined: 17 May 2002 Posts: 476
|
Posted: Fri Apr 02, 2004 5:25 pm Post subject: |
|
|
Garbz wrote: |
Just thought i'd let everyone know because i know for a fact that the nitro@gentoo.org server has my email.
But then again wouldn't it run gentoo anyway and be immune to microsoft-nasties |
That's probably not even the case unless you checked the originating SMTP server and it is one belonging to Gentoo. Most likely someone else with both the nitro@gentoo.org address and your own in their address book got infected and the virus forged their return address to nitro@gentoo.org and sent it to you. Both of the addresses are pulled randomly from the infected system; it doesn't mean that Gentoo's servers had anything to do with it.
Before you start wondering about these things, you should always check the servers that sent the virus in the email headers. It may very well be someone you know who has been infected, or it could be someone else if you've posted to mailing lists, etc....essentially the return address of any email tells you nothing about where it actually came from. |
|
Back to top |
|
|
Garbz Apprentice
Joined: 02 Jul 2003 Posts: 260 Location: Brisbane, Australia
|
Posted: Sat Apr 03, 2004 2:34 am Post subject: |
|
|
ahhh that type of forged reply didn't even occure to me.
yeah it originated from a yahoo server.
Better safe then sorry anyway. _________________ Every begining is another begining's end. |
|
Back to top |
|
|
stonent Veteran
Joined: 07 Aug 2003 Posts: 1139 Location: Texas
|
Posted: Thu Apr 22, 2004 4:31 am Post subject: |
|
|
Windows viruses on a Linux server? Unlikely. _________________ Inspiron 4100 & Sun UltraAXe
Portage on Solaris|Dell Laptop Hacks
The way you feel about organized religion is the same way I feel about organized socialism. |
|
Back to top |
|
|
|