View previous topic :: View next topic |
Author |
Message |
Chickpea l33t
Joined: 03 Jun 2002 Posts: 846 Location: Vancouver WA
|
Posted: Tue Aug 19, 2003 9:33 pm Post subject: Speaking of viruses |
|
|
Speaking of viruses (from another post ) I just want to be absolutely clear, as I am pretty sure I know what the answer is.
If a virus is targeted at a vunerability in Windows, does this mean only windows machines are affected? I would not be able to send it from my linux email client right?
I have been getting return emails from people I have never heard of saying that my email could not be received because some virus was attached to it.
I know it is one of F**king! Windows (or should I say loser ) user friend but I have no idea who....
This wouldnt be so bad if the messages were actually coming from my computer I could fix it on my end
But now I have these emails going out to people I dont now and I have not a clue how many are being sent
I am so F**KING PISSED OFF!!
Okay, thanks for letting me vent |
|
Back to top |
|
|
paranode l33t
Joined: 06 Mar 2003 Posts: 679 Location: Texas
|
Posted: Tue Aug 19, 2003 10:36 pm Post subject: |
|
|
Actually it's probably the Sobig.F worm. Someone who has your contact probably has it because it can spoof addresses from their contact list. Therefore you get the virus warnings. Read the full headers and find out what IP address it's really coming from (well...possibly). _________________ Meh. |
|
Back to top |
|
|
masseya Bodhisattva
Joined: 17 Apr 2002 Posts: 2602 Location: Baltimore, MD
|
Posted: Tue Aug 19, 2003 10:45 pm Post subject: |
|
|
paranode is probably right, but I would like to expand on this topic. You can send windows viruses with a linux email client. Generally, this has to be done manually and on purpose. For example, if you got an email that you didn't recognize or understand (which contains a virus) and you sent it to a windows-using friend asking them what they thought then they could be infected.
However, as paranode said, it was probably spoofed. Email is very, very easy to forge and I highly recommend using an authentication method such as GNUPG or PGP. Make sure your friends know what that means and are able to at least understand it.
Moving from Off The Wall. _________________ if i never try anything, i never learn anything..
if i never take a risk, i stay where i am.. |
|
Back to top |
|
|
Chickpea l33t
Joined: 03 Jun 2002 Posts: 846 Location: Vancouver WA
|
Posted: Tue Aug 19, 2003 11:13 pm Post subject: |
|
|
Yea, I know (figured) it was spoofed because it is the wrong email address or at least an old version of a current email address.
My main problem is I dont know who sent it or where it was sent from. The headers really have not given me that much info.
I do believe it is the Sobig.F (paranode, how did you know?)
It is still irritating. |
|
Back to top |
|
|
Black Apprentice
Joined: 10 Dec 2002 Posts: 158 Location: Québec, Canada
|
Posted: Wed Aug 20, 2003 2:11 am Post subject: |
|
|
I had the same thing (bounced messages) in my inbox this evening, but looking at the headers do reveal some information:
Code: | Received: from WSLEXSECO04 (64-112-130-198.user.uswo.net [64.112.130.198])
by flmx04.mgw.rr.com (8.12.8p1/8.12.8) with ESMTP id h7JMqxQS019349
for <dakhalil@tampabay.rr.com>; Tue, 19 Aug 2003 18:52:59 -0400 (EDT)
Message-Id: <200308192252.h7JMqxQS019349@flmx04.mgw.rr.com>
From: My email address, removed
To: <dakhalil@tampabay.rr.com>
Subject: Re: Your application
Date: Tue, 19 Aug 2003 18:52:01 --0400
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_05E87997"
X-Virus-Scanned: Symantec AntiVirus Scan Engine
X-Virus-Scan-Result: Repaired 36527 W32.Sobig.F@mm |
Well, RoadRunner's Anti-Virus did see the Sobig.F virus, but I can see that the mail originated from 64.112.130.198, which, according to their web site, is located in Louisville, Kentuchy, USA. I also got another bounce, this time from AOL, that comes from the same address. Since I don't know anyone in KY, all i can assume is that is a spammer. |
|
Back to top |
|
|
Chickpea l33t
Joined: 03 Jun 2002 Posts: 846 Location: Vancouver WA
|
Posted: Wed Aug 20, 2003 2:20 am Post subject: |
|
|
I noticed quite a few of mine came from AOL and I dont know anyone on AOL. but none the less my email is on someones contact list and it is being sent out.
The ip source address is similar 64.12.138.5 or something like that.
I am on a fvwm mailing list and that list also got a bounced email.
Driving me crazy
C |
|
Back to top |
|
|
slartibartfasz Veteran
Joined: 29 Oct 2002 Posts: 1462 Location: Vienna, Austria
|
Posted: Wed Aug 20, 2003 7:11 am Post subject: |
|
|
this sounds definitely like sobig.f
another thread with some informative links is here
u need not be in an adress book necessarily to get flodded - the worm also reads html and browses it for mail adresses. and yes it spoofes the adress - quite annoying _________________ To an engineer the glass is neither half full, nor half empty - it is just twice as big as it needs to be. |
|
Back to top |
|
|
viperlin Veteran
Joined: 15 Apr 2003 Posts: 1319 Location: UK
|
Posted: Wed Aug 20, 2003 8:21 am Post subject: |
|
|
i have received 8 since 6:30 am (9:15am at time of writing, last one received was at 9:26am)
i have a "Spam&Viri" folder and keep all of the viri i get in there , dunno why, but then again some people collect stamps, so go say "why" at them.
EDIT: amount and time.last received, won't do this again |
|
Back to top |
|
|
To Veteran
Joined: 12 Apr 2003 Posts: 1145 Location: Coimbra, Portugal
|
Posted: Wed Aug 20, 2003 9:06 am Post subject: |
|
|
Had one email too, i thought it was kinda strange. Thanx for the info on that sobig.f worm.
Tó _________________
------------------------------------------------
Linux Gandalf 3.2.35-grsec
Gentoo Base System version 2.2
------------------------------------------------ |
|
Back to top |
|
|
|