-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[EMAIL PROTECTED]
Subject: virus information
Reply-To:
Twice in the last 24 hours, I've received e-mail with a virus
attached. The IP address which both e-mails came from is the same:
66.31.4.184. This is an AT&T cable modem customer, so I'm sending
this message to everyone I know who has or might have a cable modem,
as well as several of the mailing lists I'm on.
Here's what I can tell you about the e-mail, and corresponding
attachment:
- This appears to be a typcial MS-Outlook virus. I probably received
this mail because I am listed in the sender's address book
- both originated from the same IP address: 66.31.4.184. This
appears to be a cable modem, and based on the traceroute info,
it's probably in the Nashua, NH area. But can't be certain.
- The e-mail client which sent the e-mail was Microsoft Outlook
- The sender was forged -- it is either random, or it is someone who
is listed in the sender's address book
- I don't recall the From: address of the first mail and didn't save
it. The second one was [EMAIL PROTECTED] I do remember
that the first one was also a hotmail address. I'm leaning toward
this being a random, made up address...
- The attachment of the first mail was supposedly a screen saver,
called lovers.scr. It was an MS-DOS executable.
- The attachment of the second mail was masked as an MP3, but was
actually a windows PIF file.
The headers of the message revealed there were no intermediate hops;
the messages both originated at the IP address listed, and were
delivered directly to me. This suggests that the virus which
delivered them is one of the variants that uses its own SMTP engine.
I have no inclination to try to do any other analysis on the virus to
try to determine which it is. As I use Linux, I'm impervious to
Windows viruses. I just want them to stop arriving here.
Based on the IP address, you should be able to figure out if you were
the one who sent me these messages. For those who might not know how,
to determine your IP address, follow these directions:
1. click on the start menu
2. select "run..."
3. type in winipcfg and press enter
4. make sure your ethernet card (not PPP Adaptor) is selected in the
drop-down selection box
This should bring up a window that contains a variety of network
information. Your IP address should be listed here.
Note that you did not actually send this e-mail to me; someone used
your buggy MS-Outlook client to do it for them. If you are the owner
of this IP address, I would like you to let me know. If I continue to
get viruses from this IP address, I will call AT&T and complain about
it, and it's not out of the realm of possibility that they will turn
your service off as a result. Obviously, I'd rather that didn't
happen... If you tell me that it's your IP, I will not notify AT&T.
I would also ask that, if this is your IP, you do one or more of the
following:
- update your virus scanning software, or install some if you don't
have any.
- stop using Microsoft Outlook; it is the #1 method by which virii
propogate today.
- barring that, please visit www.windowsupdate.com (you must use
internet explorer for this) and install all critical updates, to
ensure that you have the latest security fixes, which should
prevent this from happening in the future.
Thanks.
- --
Derek Martin [EMAIL PROTECTED]
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9KcMCdjdlQoHP510RAkRJAKCxbV2HO8PnamhYORUthBn3I5UShQCfRiRi
j7dKnfxZnS68k3lmIG5M8PA=
=IYlU
-----END PGP SIGNATURE-----
*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************
