RE: v*r*s question
The pathogen in question searches all kinds of files on an infected computer for anything that looks like an email address. It picks one of those addresses to be the From and sends to all the rest. It also has a list of common names that it attaches to the email domains it finds, thus trying to guess additional email addresses. That accounts for a lot of the NDRs. You were the lucky From person found on someone else's infected computer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Julia Thompson Sent: Saturday, February 07, 2004 2:25 PM To: Killer Bs Discussion Subject: Re: v*r*s question Kevin Tarr wrote: I started getting mail saying something from me was undeliverable. AVG said it had the myd**m v*r*s in it. AVG isn't finding the v*r*s anywhere else, just the mail coming in. Since them I'm getting messages coming in with the v*r*s. But I'm more confused by the returned mail. Is my computer sending out mail with me knowing it? Or is my mail being spoofed, it's being sent from somewhere else with my address? Or third option, is this a backwards way to get a person to open mail, it sends you a bogus e-mail claiming to be a delivery failure? More than a few have come from ASU, I'm assuming Arizona State but I know no one there. Thanks in Advance Kevin T. - VRWC I'm getting the same thing, from ASU no less, and my computer is virus-free. I'm guessing spoofing -- it's the most likely option given the data we have about it. Julia ___ http://www.mccmedia.com/mailman/listinfo/brin-l ___ http://www.mccmedia.com/mailman/listinfo/brin-l
v*r*s question
I started getting mail saying something from me was undeliverable. AVG said it had the myd**m v*r*s in it. AVG isn't finding the v*r*s anywhere else, just the mail coming in. Since them I'm getting messages coming in with the v*r*s. But I'm more confused by the returned mail. Is my computer sending out mail with me knowing it? Or is my mail being spoofed, it's being sent from somewhere else with my address? Or third option, is this a backwards way to get a person to open mail, it sends you a bogus e-mail claiming to be a delivery failure? More than a few have come from ASU, I'm assuming Arizona State but I know no one there. Thanks in Advance Kevin T. - VRWC --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.577 / Virus Database: 366 - Release Date: 2/3/2004 ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
Kevin Tarr wrote: I started getting mail saying something from me was undeliverable. AVG said it had the myd**m v*r*s in it. AVG isn't finding the v*r*s anywhere else, just the mail coming in. Since them I'm getting messages coming in with the v*r*s. But I'm more confused by the returned mail. Is my computer sending out mail with me knowing it? Or is my mail being spoofed, it's being sent from somewhere else with my address? Or third option, is this a backwards way to get a person to open mail, it sends you a bogus e-mail claiming to be a delivery failure? From what I understand, it's option two, with three as a side effect. It infected somebody who has your email address in their address book, then used that information to send itself in your name to other systems. One of those other systems had an automated virus scanner, that griped at you because the virus it got claimed to be from you. __ Steve Sloan . Huntsville, Alabama = [EMAIL PROTECTED] Brin-L list pages .. http://www.brin-l.org Science Fiction-themed online store . http://www.sloan3d.com/store Chmeee's 3D Objects http://www.sloan3d.com/chmeee 3D and Drawing Galleries .. http://www.sloansteady.com Software Science Fiction, Science, and Computer Links Science fiction scans . http://www.sloan3d.com ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
On Sat, Feb 07, 2004 at 05:31:10PM -0600, Steve Sloan II wrote: From what I understand, it's option two, with three as a side effect. It infected somebody who has your email address in their address book, then used that information to send itself in your name to other systems. One of those other systems had an automated virus scanner, that griped at you because the virus it got claimed to be from you. A couple weeks ago I started getting a lot of spam slipping through my filter ( bogofilter is what I use ). It actually appears to be mail sent by automated mail responders in reply to spam sent to them with my return address. Since my filter was originally trained to consider such bounce messages to be important messages and not spam, these get through my filters (I'm trying to retrain the filters, but as a result I may miss some legitimate bounce message in the future). A lot of the time the automated mail responder does not copy the entire spam message to me, except for the subject, so in that case the spam has no chance of having its intended effect on me (getting me to buy their product or visit their web site or whatever). But often enough the mailers DO copy the entire spam, so in effect the original spammers trick these automated mail responders into to spamming me for them, and it is quite effective since the original spammer would not have gotten through my filter but the legitimate sender does get though the filters. I'm still wondering whether that was the spammer's intended goal, or whether the spammers just wanted a valid email address to forge their From: and Reply-To:, and I was their unlucky choice. Anyway, if I have any point in this rambling, it is that anyone setting up automated mail responders should be VERY careful. You may inadvertently be spamming innocent victims! -- Erik Reuter http://www.erikreuter.net/ ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
That is one of several of its propagation methods. It uses faked mail delivery failure notices among other methods to try to trick people into opening the attached file. Another posibility is that it used your email address as a false from address from an infected computer's address book, and the message went to a dead email address, resulting in a bounce to you. You can find out more about that and other viruses at : http://www3.ca.com/virusinfo/ Or any number of other antivirus sites. Michael Harney [EMAIL PROTECTED] - Original Message - From: Kevin Tarr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, February 07, 2004 2:32 PM Subject: v*r*s question I started getting mail saying something from me was undeliverable. AVG said it had the myd**m v*r*s in it. AVG isn't finding the v*r*s anywhere else, just the mail coming in. Since them I'm getting messages coming in with the v*r*s. But I'm more confused by the returned mail. Is my computer sending out mail with me knowing it? Or is my mail being spoofed, it's being sent from somewhere else with my address? Or third option, is this a backwards way to get a person to open mail, it sends you a bogus e-mail claiming to be a delivery failure? More than a few have come from ASU, I'm assuming Arizona State but I know no one there. Thanks in Advance Kevin T. - VRWC --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.577 / Virus Database: 366 - Release Date: 2/3/2004 ___ http://www.mccmedia.com/mailman/listinfo/brin-l ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
- Original Message - From: Erik Reuter [EMAIL PROTECTED] To: Killer Bs Discussion [EMAIL PROTECTED] Sent: Saturday, February 07, 2004 7:40 PM Subject: Re: v*r*s question On Sat, Feb 07, 2004 at 05:31:10PM -0600, Steve Sloan II wrote: From what I understand, it's option two, with three as a side effect. It infected somebody who has your email address in their address book, then used that information to send itself in your name to other systems. One of those other systems had an automated virus scanner, that griped at you because the virus it got claimed to be from you. A couple weeks ago I started getting a lot of spam slipping through my filter ( bogofilter is what I use ). It actually appears to be mail sent by automated mail responders in reply to spam sent to them with my return address. Since my filter was originally trained to consider such bounce messages to be important messages and not spam, these get through my filters (I'm trying to retrain the filters, but as a result I may miss some legitimate bounce message in the future). A lot of the time the automated mail responder does not copy the entire spam message to me, except for the subject, so in that case the spam has no chance of having its intended effect on me (getting me to buy their product or visit their web site or whatever). But often enough the mailers DO copy the entire spam, so in effect the original spammers trick these automated mail responders into to spamming me for them, and it is quite effective since the original spammer would not have gotten through my filter but the legitimate sender does get though the filters. I'm still wondering whether that was the spammer's intended goal, or whether the spammers just wanted a valid email address to forge their From: and Reply-To:, and I was their unlucky choice. Anyway, if I have any point in this rambling, it is that anyone setting up automated mail responders should be VERY careful. You may inadvertently be spamming innocent victims! I'm getting similar kinds of mail, viral and spam. Of course my anti-virus kills the viruses, but the spam is getting to be quite annoying. I've noticed that my addy is being spoofed by a few spammers and I'm guessing that it is so I can't killfile them to prevent the spam. xponent Spam Trends Maru rob ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
From: Steve Sloan II [EMAIL PROTECTED] From what I understand, it's option two, with three as a side effect. It infected somebody who has your email address in their address book, then used that information to send itself in your name to other systems. One of those other systems had an automated virus scanner, that griped at you because the virus it got claimed to be from you. And it's high time that virus scanner software stopped sending out these gripe messages. No modern email-borne actually puts the sender's true address in the email's header fields. All this *ever* accomplishes is to annoy/worry some third party person who can do nothing about the virus sender. _ Optimize your Internet experience to the max with the new MSN Premium Internet Software. http://click.atdmt.com/AVE/go/onm00200359ave/direct/01/ ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
On Feb 7, 2004, at 2:32 PM, Kevin Tarr wrote: Or third option, is this a backwards way to get a person to open mail, it sends you a bogus e-mail claiming to be a delivery failure? This is the operandi of the latest mail virus, W32/MyDoom.B See http://www.us-cert.gov/cas/techalerts/TA04-028A.html ___ http://www.mccmedia.com/mailman/listinfo/brin-l
Re: v*r*s question
Kevin Tarr wrote: I started getting mail saying something from me was undeliverable. AVG said it had the myd**m v*r*s in it. AVG isn't finding the v*r*s anywhere else, just the mail coming in. Since them I'm getting messages coming in with the v*r*s. But I'm more confused by the returned mail. Is my computer sending out mail with me knowing it? Or is my mail being spoofed, it's being sent from somewhere else with my address? Or third option, is this a backwards way to get a person to open mail, it sends you a bogus e-mail claiming to be a delivery failure? More than a few have come from ASU, I'm assuming Arizona State but I know no one there. Thanks in Advance Kevin T. - VRWC I'm getting the same thing, from ASU no less, and my computer is virus-free. I'm guessing spoofing -- it's the most likely option given the data we have about it. Julia ___ http://www.mccmedia.com/mailman/listinfo/brin-l