Re: debianppc list and sven virus
I suppose you would only need to take these measures if you run Outlook or MS Messenger or Internet Explorer, n'est-ce pas? I don't run any of those, don't even have them on the system, use Moz for both browser & mail. So there's no way I can actually be infected, right? Just getting abused by the emails from infected systems. . . --Harvey David Oakes wrote: As a generic suggestion to everybody, an ideal way to discover that your system has been infected is to add an illegal e-mail address such as the following to your address book: v.alert [EMAIL PROTECTED] Any virus that uses your address book to spread itself will use this address which is completely non-existant so it will bounce back to you from your e-mail server. On seeing such a bounce, disconnect and begin cleansing.
Re: debianppc list and sven virus
Mick Weiss wrote: I have no control over what is filtered in my mail so this is extremely annoying. I have unsubscribed from the list till I will start hosting my own e-mail. The e-mails are still coming regularly. Till then I will have to use another e-mail and just read the archives :-/ If anyone finds the root of this problem. Please e-mail me. I think it may be the SVEN virus, but I'm still uncertain. I doubt that it is coming from a linux box though. If you have Win32 running - please do make sure that it isn't you. As a generic suggestion to everybody, an ideal way to discover that your system has been infected is to add an illegal e-mail address such as the following to your address book: v.alert [EMAIL PROTECTED] Any virus that uses your address book to spread itself will use this address which is completely non-existant so it will bounce back to you from your e-mail server. On seeing such a bounce, disconnect and begin cleansing. -- David Oakes| mail: doakes at ns dot sympatico dot ca Eastern Passage NS | remove the *.obvious* to reply to newsgroup messages Canada| ICQ #14502477 "We're wanted men. I have the death sentence in twelve systems."
Re: debianppc list and sven virus
As has been mentioned before, it is not necessarily, and probably is not, a list user. AAUI, Swen looks for publicly available web list archives and grabs email addresses from them. A Swen expert could conjecture on why it picks on powerpc and not other Debian lists. I bothered my ISP until they installed an ISP-level filter, which gets all but 1 or 2 a day now. Your ISP should be interested too, it eats up a tremendous amount of bandwidth and disk space. On Wed, Dec 03, 2003 at 06:14:13AM +0100, Mick Weiss wrote: > I have no control over what is filtered in my mail so this is extremely > annoying. I have unsubscribed from the list till I will start hosting my own > e-mail. The e-mails are still coming regularly. Till then I will have to use > another e-mail and just read the archives :-/ > > If anyone finds the root of this problem. Please e-mail me. I think it may > be the SVEN virus, but I'm still uncertain. I doubt that it is coming from a > linux box though. If you have Win32 running - please do make sure that it > isn't you. > > Regards, > > - Mick > > (o> Web / software developer > ( ) UNIX Systems Admin > --- ~ www.mickweiss.com ~ > > > I do not know, but seems a common problem here. > > > > On Wednesday 26 November 2003 02:15, florian klinglmueller wrote: > > > hi, > > > > > > same problem with me, very annoying. any possibility this comes from a > > > linuxbox (maybe even me)? > > > > > > ffpx flo > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > -- > +++ GMX - die erste Adresse für Mail, Message, More +++ > Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Debian GNU/Linux Operating System By the People, For the People Chris Tillman (a people instance) toff one at cox dot net
Re: debianppc list and sven virus
I have no control over what is filtered in my mail so this is extremely annoying. I have unsubscribed from the list till I will start hosting my own e-mail. The e-mails are still coming regularly. Till then I will have to use another e-mail and just read the archives :-/ If anyone finds the root of this problem. Please e-mail me. I think it may be the SVEN virus, but I'm still uncertain. I doubt that it is coming from a linux box though. If you have Win32 running - please do make sure that it isn't you. Regards, - Mick (o> Web / software developer ( ) UNIX Systems Admin --- ~ www.mickweiss.com ~ > I do not know, but seems a common problem here. > > On Wednesday 26 November 2003 02:15, florian klinglmueller wrote: > > hi, > > > > same problem with me, very annoying. any possibility this comes from a > > linuxbox (maybe even me)? > > > > ffpx flo > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- +++ GMX - die erste Adresse für Mail, Message, More +++ Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
Re: debianppc list and sven virus
I do not know, but seems a common problem here. On Wednesday 26 November 2003 02:15, florian klinglmueller wrote: > hi, > > same problem with me, very annoying. any possibility this comes from a > linuxbox (maybe even me)? > > ffpx flo
Re: debianppc list and sven virus
On Nov 21, 2003, at 1:20 PM, Mick Weiss wrote: I think that sombody's box on the debianppc mailing list has the Sven virus. After subscribing, I get 100+ e-mails that say that they are from Microsoft. I talked to some people at the local linux user group and thats what they told me. Anyone else have this problem? If this is indeed the case, and someone happens to be running windows --- please use an anti-virus :o) pleez Any more mail and I will cringe. thanks, - Mick (o> Web / software developer ( ) UNIX Systems Admin --- ~ www.mickweiss.com ~ Yes, I am having the same problem. Since signing up, I can average 80-100+ of those in my Inbox every day. I use a Mac, so I know it's not me. -- Barry C. Hawkins All Things Computed site: www.allthingscomputed.com weblog: www.yepthatsme.com
Re: debianppc list and sven virus [off-topic]
On 26/11/2003 at 14:24, Martin-Éric Racine wrote: > That's correct, but the mailing list's posts are available publicly on > Debian's > servers. Same thing for the BTS bug reports. If I go to bugs.debian.org, > every > bug report I have ever sent to the Debian Project is available in raw form, > with > the sender's address and return path, etc.. THAT is what must be fixed; no > more > raw e-mail on the BTS; it's okay to be able to search the bugs, but not to get > the sender's whole, raw e-mail on a web site. Yes, that's right (IMHO), but I just was pointing that the suggestion of implementing some type of mail filter in list servers is pointless. I agree with what you are pointing here, but I guess _this_ list it's not the right place to discuss it. AFAICT, it has been deeply discussed in debian-user (or some other debian list, I have not followed at all those discussions). Muddling email addresses in the archives (as you suggest) would be nice to prevent spam, the worms problem has nothing to see with the address appearing in a webpage. The problem is that debian lists are published in newsgroups (usenet), and thus, many, many people have posters addresses in their Outlook mailboxes. OTOH, some damage has already been done; my email address is already in those Outlook mailboxes. and if they get infected by this crap, I will get more and more unwanted worm copies. Since Swen came out, many days I receive more than a hundred copies (many days I have received more than 20 MBytes of worms; in a single day). With this numbers, a procmail/mailfilter rule in my desktop computer is not enough for me. Fortunately, I administer my own email server and have been able to set this kind of rule in the server (see my signature). As I said before, I guess this is not the list to discuss this (sorry about the IMHO, off-topic). Just wanted to add some more information. -- Kiko Please do not reply to the sender address of this email; due to spam and Windows (TM) worms, everything not comming from the list is "stored" in /dev/null. Put menorqui in the user part to send me anything. _Although_, I prefer replies sent to the list so that others can benefit from the discussion. Thanks.
Re: debianppc list and sven virus
On (26/11/03 13:15), Kiko Piris wrote: > On 26/11/2003 at 12:10, Clive Menzies wrote: > > On (26/11/03 13:39), Martin-Éric Racine wrote: > > > > Nice, but this really ought to be implemented on the mailing list host, > > > not by > > > each and every mailing list subscriber. > > > Good idea. A number of solutions were discussed on debian-user but > > I can't recall anyone suggesting this. Perhaps a note to the list > > meister would be in order? > > It does not make sense, because the worms do not come from the list > servers. The worm has it's own smtp engine and delivers the mail from > the victim's computer to your mx exchanger directly. Ah yes - that explains why it wasn't mentioned - other ideas concerned munging addresses or restricting access, the former was regarded as being probably easy to overcome and the latter, undesirable. Although it took me a while to reorganise my mail system (switching from getmail to fetchmail and setting up mailfilter), now its done, swen is a trivial issue for me. I am also using spamassassin for other crap but not yet got it working properly need to spend more time on it ;) Regards Clive -- http://www.clivemenzies.co.uk strategies for business
Re: debianppc list and sven virus
On Wed, 26 Nov 2003, Kiko Piris wrote: > On 26/11/2003 at 12:10, Clive Menzies wrote: > > > On (26/11/03 13:39), Martin-Éric Racine wrote: > > > > Nice, but this really ought to be implemented on the mailing list host, > > > not by > > > each and every mailing list subscriber. > > > Good idea. A number of solutions were discussed on debian-user but > > I can't recall anyone suggesting this. Perhaps a note to the list > > meister would be in order? > > It does not make sense, because the worms do not come from the list > servers. The worm has it's own smtp engine and delivers the mail from > the victim's computer to your mx exchanger directly. That's correct, but the mailing list's posts are available publicly on Debian's servers. Same thing for the BTS bug reports. If I go to bugs.debian.org, every bug report I have ever sent to the Debian Project is available in raw form, with the sender's address and return path, etc.. THAT is what must be fixed; no more raw e-mail on the BTS; it's okay to be able to search the bugs, but not to get the sender's whole, raw e-mail on a web site. -- Martin-Éric Racine, ICT Consultant http://www.pp.fishpool.fi/~q-funk/
Re: debianppc list and sven virus
On 26/11/2003 at 12:10, Clive Menzies wrote: > On (26/11/03 13:39), Martin-Éric Racine wrote: > > Nice, but this really ought to be implemented on the mailing list host, not > > by > > each and every mailing list subscriber. > Good idea. A number of solutions were discussed on debian-user but > I can't recall anyone suggesting this. Perhaps a note to the list > meister would be in order? It does not make sense, because the worms do not come from the list servers. The worm has it's own smtp engine and delivers the mail from the victim's computer to your mx exchanger directly. -- Kiko Please do not reply to the sender address of this email; due to spam and Windows (TM) worms, everything not comming from the list is "stored" in /dev/null. Put menorqui in the user part to send me anything. _Although_, I prefer replies sent to the list so that others can benefit from the discussion. Thanks.
Re: debianppc list and sven virus
On (26/11/03 13:39), Martin-Éric Racine wrote: > On Wed, 26 Nov 2003, Clive Menzies wrote: > > On (21/11/03 19:20), Mick Weiss wrote: > > > I think that sombody's box on the debianppc mailing list has the Sven > > > virus. > > > After subscribing, I get 100+ e-mails that say that they are from > > > Microsoft. > > > > > > I talked to some people at the local linux user group and thats what they > > > told me. > > > > > > Anyone else have this problem? > > > > > > If this is indeed the case, and someone happens to be running windows --- > > > please use an anti-virus :o) pleez Any more mail and I will cringe. > > This has been an issue for some months and if you could check the > > archive (which appears to be down still) you would see copious posts on > > the problem and various ways of dealing with it. > > > > It appears that the debian lists are being harvested for addresses and > > if you post to any of them, you are a target. > > The reason for this is simple: any and all posts to Debian mailing lists are > available in the open. Reports sent to the BTS are also posted in raw form. > This makes it WAY too easy for people's e-mail addresses to be harvested! > > IMHO, Debian Project leaders ought to be wisen up on the basics of network > security and spam prevention. > > > FWIW I use mailfilter in conjunction with fetchmail to remove most of > > the swen stuff before download. Attached is a copy of my mailfilterrc. > > Nice, but this really ought to be implemented on the mailing list host, not by > each and every mailing list subscriber. Good idea. A number of solutions were discussed on debian-user but I can't recall anyone suggesting this. Perhaps a note to the list meister would be in order? Regards Clive > > -- > Martin-Éric Racine, ICT Consultant > http://www.pp.fishpool.fi/~q-funk/ Funky website;) -- http://www.clivemenzies.co.uk strategies for business
Re: debianppc list and sven virus
On Wed, 26 Nov 2003, Clive Menzies wrote: > On (21/11/03 19:20), Mick Weiss wrote: > > I think that sombody's box on the debianppc mailing list has the Sven virus. > > After subscribing, I get 100+ e-mails that say that they are from Microsoft. > > > > I talked to some people at the local linux user group and thats what they > > told me. > > > > Anyone else have this problem? > > > > If this is indeed the case, and someone happens to be running windows --- > > please use an anti-virus :o) pleez Any more mail and I will cringe. > This has been an issue for some months and if you could check the > archive (which appears to be down still) you would see copious posts on > the problem and various ways of dealing with it. > > It appears that the debian lists are being harvested for addresses and > if you post to any of them, you are a target. The reason for this is simple: any and all posts to Debian mailing lists are available in the open. Reports sent to the BTS are also posted in raw form. This makes it WAY too easy for people's e-mail addresses to be harvested! IMHO, Debian Project leaders ought to be wisen up on the basics of network security and spam prevention. > FWIW I use mailfilter in conjunction with fetchmail to remove most of > the swen stuff before download. Attached is a copy of my mailfilterrc. Nice, but this really ought to be implemented on the mailing list host, not by each and every mailing list subscriber. -- Martin-Éric Racine, ICT Consultant http://www.pp.fishpool.fi/~q-funk/
Re: debianppc list and sven virus
On (21/11/03 19:20), Mick Weiss wrote: > I think that sombody's box on the debianppc mailing list has the Sven virus. > After subscribing, I get 100+ e-mails that say that they are from Microsoft. > > I talked to some people at the local linux user group and thats what they > told me. > > Anyone else have this problem? > > If this is indeed the case, and someone happens to be running windows --- > please use an anti-virus :o) pleez Any more mail and I will cringe. This has been an issue for some months and if you could check the archive (which appears to be down still) you would see copious posts on the problem and various ways of dealing with it. It appears that the debian lists are being harvested for addresses and if you post to any of them, you are a target. FWIW I use mailfilter in conjunction with fetchmail to remove most of the swen stuff before download. Attached is a copy of my mailfilterrc. HTH Clive -- http://www.clivemenzies.co.uk strategies for business # --- # Clive's RC file from example rcfile in the INSTALL document # --- # --- # Logile path (be sure you have write permission in this # directory; you MUST specify a logfile) LOGFILE=/home/your-home_dir/.mailfilter.log # --- # Level of verbosity VERBOSE=3 # --- # POP3 server list (do not change the order of the fields!) # Note: Port 110 is usually the port POP3 servers use. # Currently only POP3 is supported. SERVER=whatever.net USER=your_username PASS=your_password PROTOCOL=pop3 PORT=110 SERVER=another_whatever.net USER=another_username PASS=another_password PROTOCOL=pop3 PORT=110 # --- # Do you want case sensitive e-mail filters? { yes | no } REG_CASE=no # --- # Sets the type of Regular Expression used { extended | basic } # # (The default is 'basic', don't change unless you know what you # are doing. Extended REs are more complex to set up.) REG_TYPE=basic # --- # Maximum e-mail size in bytes that should not be exceeded. # MAXSIZE_DENY=100 # --- # Set maximum line length of any field in the message header # (default is 998 characters per line; 0 to disable option) # MAXLENGTH=998 # -- # Filter rules for detecting spam (each rule must be placed # in a seperate line) # These filters detect certain unpleasant e-mail subjects: DENY=^Subject:.*Network \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+ DENY=^Subject:.*Net \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+ DENY=^Subject:.*Security \(Critical\|Patch\|Security\|Upgrade\|Update\|Pack\)\+ DENY=^Subject:.*Latest \(Critical\|Internet\|Patch\|Security\|Upgrade\|Update\|Pack\)\+ DENY=^Subject:.*Abort \(Announcement\|Report\)* DENY=^Subject:.*Current \(Internet\|Security\|Microsoft\|Pack\|Update\)* DENY=^Subject:.*Error Letter DENY=^Subject:.*Bug Letter DENY=^Subject:.*New Pack DENY=^Subject:.*viagra DENY=^Subject:.*\(penis\|Dick\)\+ DENY=^Subject:.*home loan DENY=^Subject:.*\(Phentermine\|Valium\|Vicodin\|Xanax\)\+ DENY=^Subject:.*Medications DENY=^Subject:.*Online Pharmacy DENY=^Subject:.*DISCREET OVERNIGHT PHARMACY DENY=^Subject:.*Lowest Rates DENY=^Subject:.*hey there\.\.\. DENY=^From:.*Microsoft \(Network\|Security\|Corporation\|Email\|Inet\|Mail\|Service\|Message\|Internet\|Customer\|Public\|Support\)* DENY=^From:.*MS \(Net\|Network\|Security\|Corporation\|Mail\|Service\|Message\|Internet\|Customer\|Support\)* DENY=^From:.*Customer Bulletin DENY=^From:.*Internet \(Delivery\|Email\|Service\|System\|Mail\|Message\|Storage\|Upgrade\)\+ DENY=^From:.*Net \(Delivery\|Email\|Service\|System\|Mail\|Message\|Storage\|Upgrade\)\+ DENY=^From:.*Delivery Service DENY=^From:.*Security Department DENY=^From:.*Email \(Delivery\|Service\)\+ DENY=^From:.*Storage \(Service\|System\)* DENY=^From:.*Network \(Client\|Mail\|Storage\|System\|Security\|Service\)\+ DENY=^From:.*Technical \(Assistance\)\+ DENY=^From:.*Public Services DENY=^From:.*CyberAtlas DENY=^From:.*youask4it DENY=^To:.*Net \(Client\|Consumer\|Recipient\|Receiver\|User\)\+ DENY=^To:.*Inet \(Client\|Recipient\)* DENY=^To:.*Internet \(Client\|Consumer\|Recipient\|Receiver\|User\)\+ DENY=^To:.*Network \(Client\|Consumer\|Recipient\|Receiver\|User\)\+ DENY=^To:.*Mail \(Client\|Consumer\|Recipient\|Receiver\|User\)\+ DENY=^To:.*Email \(Client\|Consumer\|Recipient\|Receiver\|User\)\+ DENY=^To:.*Commercial \(Client\|Customer\|Consumer\|User\)* DENY=^To:.*Microsoft \(Client
Re: debianppc list and sven virus
I am sayng just the same that you, but nobody hearme. If the problem is here, please solve it, Use antivir, Format your Harddisk or better begin to use linux really. My desperate solution was: I am using a POP account for lists Kmail filters on lists pickup mail from list to a selected folder I delete Everything in inbox But please the problem is in Debian lists if you have it (the PC or PPC infected owner ) please solve it On Friday 21 November 2003 12:20, Mick Weiss wrote: > I think that sombody's box on the debianppc mailing list has the Sven > virus. After subscribing, I get 100+ e-mails that say that they are from > Microsoft. > > I talked to some people at the local linux user group and thats what they > told me. > > Anyone else have this problem? > > If this is indeed the case, and someone happens to be running windows --- > please use an anti-virus :o) pleez Any more mail and I will cringe. > > thanks, > > - Mick > > (o> Web / software developer > ( ) UNIX Systems Admin > --- ~ www.mickweiss.com ~ > > > > > -- > NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... > Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService > > Jetzt kostenlos anmelden unter http://www.gmx.net > > +++ GMX - die erste Adresse für Mail, Message, More! +++
debianppc list and sven virus
I think that sombody's box on the debianppc mailing list has the Sven virus. After subscribing, I get 100+ e-mails that say that they are from Microsoft. I talked to some people at the local linux user group and thats what they told me. Anyone else have this problem? If this is indeed the case, and someone happens to be running windows --- please use an anti-virus :o) pleez Any more mail and I will cringe. thanks, - Mick (o> Web / software developer ( ) UNIX Systems Admin --- ~ www.mickweiss.com ~ -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++