Virus Madness!!! - Can somebody help?
Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley
Re: Virus Madness!!! - Can somebody help?
I have at least 30 a day with all kinds of viruses like the ones you mention. I don't know if it's anything to do with the sam-users list though. I receive them from all over the world, and yes, the addresses are normally faked. But it's beginning to drive me to the point of distraction as well... God, I want to wring their pathetic little necks! :-D --Matt. On 5 Apr 04, at 18:54, Aley Keprt wrote: Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley
Re: Virus Madness!!! - Can somebody help?
- Original Message - From: Aley Keprt [EMAIL PROTECTED] To: Sam Users sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 6:54 PM Subject: Virus Madness!!! - Can somebody help? Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands That says enough. UPC has a bit of a reputation overhere, and it is a Cable-provider, so pretty much bandwidth for virusses. Robert van der Veeke Email: [EMAIL PROTECTED] www: http://home.kabelfoon.nl/~rjvveeke/ Currently listening to: Ragnarok Online BGM Basugasubasubasu Basugasubakuhaku Gasubakuhakuhaku!! --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.648 / Virus Database: 415 - Release Date: 31/03/2004
Re: Virus Madness!!! - Can somebody help?
I usually get lots of SPAM, but no viruses. As several Sam users already mentioned, I use a simple whitelist system to block 100% of SPAM, and allow only known addresses. But this can't currently block viruses. Unfortunatelly... btw. You can find who sent you viruses. Although the sender e-mail address is faked, there is a valid IP address (can't be effectively faked), and with cooperation of its internet service provider, you can find the real computer. (If you have got some luck. :-) /--- Aley -- Mgr.(MSc.) Ales Keprt (also known as Aley) [EMAIL PROTECTED] *** www.keprt.cz *** ICQ: 82357182 Dept. of Computer Science, VSB Technical University Ostrava, CZ - [EMAIL PROTECTED] - www.cs.vsb.cz -- - Original Message - From: Matthew J. Craven [EMAIL PROTECTED] To: sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 7:11 PM Subject: Re: Virus Madness!!! - Can somebody help? I have at least 30 a day with all kinds of viruses like the ones you mention. I don't know if it's anything to do with the sam-users list though. I receive them from all over the world, and yes, the addresses are normally faked. But it's beginning to drive me to the point of distraction as well... God, I want to wring their pathetic little necks! :-D --Matt. On 5 Apr 04, at 18:54, Aley Keprt wrote: Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley
Re: Virus Madness!!! - Can somebody help?
Anything can be faked, ever heard about remailers? That is a server thatstrips the real IP from header and sends the mail further. Excellent for people that are living in dictatorship countries like China, USA or EU, that want to send their opinion to newsgroups or mailing lists. They usualy can also hack into WLAN of innocent people, and use their IP to make some idiotic or illegal moves. So even if the IP in header cannot be faked, it is not sure that the attack comes really from the person that subscribed the IP. And finally, viruses send themself without the knowledge of the users. The user is just too stupid to own a PC, if he opens each attachement or has no firewall... Greetings to all LCD Aley Keprt wrote: I usually get lots of SPAM, but no viruses. As several Sam users already mentioned, I use a simple whitelist system to block 100% of SPAM, and allow only known addresses. But this can't currently block viruses. Unfortunatelly... btw. You can find who sent you viruses. Although the sender e-mail address is faked, there is a valid IP address (can't be effectively faked), and with cooperation of its internet service provider, you can find the real computer. (If you have got some luck. :-) /--- Aley -- Mgr.(MSc.) Ales Keprt (also known as Aley) [EMAIL PROTECTED] *** www.keprt.cz *** ICQ: 82357182 Dept. of Computer Science, VSB Technical University Ostrava, CZ - [EMAIL PROTECTED] - www.cs.vsb.cz -- - Original Message - From: Matthew J. Craven [EMAIL PROTECTED] To: sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 7:11 PM Subject: Re: Virus Madness!!! - Can somebody help? I have at least 30 a day with all kinds of viruses like the ones you mention. I don't know if it's anything to do with the sam-users list though. I receive them from all over the world, and yes, the addresses are normally faked. But it's beginning to drive me to the point of distraction as well... God, I want to wring their pathetic little necks! :-D --Matt. On 5 Apr 04, at 18:54, Aley Keprt wrote: Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley
RE: Virus Madness!!! - Can somebody help?
Aley Keprt wrote: this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I've also had a lot of them over the last few weeks, mostly to this address, but also to the mis-spelling [EMAIL PROTECTED]. Many are from the same IP, with the most recent collection from these addresses: cpc1-bary1-6-0-cust111.cdif.cable.ntl.com [81.103.40.111] 82-34-160-8.cable.ubr02.maid.blueyonder.co.uk [82.34.160.8] 82-34-160-206.cable.ubr02.maid.blueyonder.co.uk [82.34.160.206] modem-3.hippo-tang.dialup.pol.co.uk [62.137.28.3] dsl-217-155-245-13.zen.co.uk [217.155.245.13] The BlueYonder and NTL machines were still sending viruses out a week or so after I'd reported them using the appropriate forms/addresses. Top marks to Zen for the quick and helpful response :-) Si
Re[2]: Virus Madness!!! - Can somebody help?
Several of the new viri out there actually open up a port on the infected machine and report back to a website somewhere that the machine is ready and it is then as a SPAM server. So it looks like you sent the emails (and in fact you did!), but without knowing it. Sophos has a lot on the new set of ones doing the rounds. There is a virus on the loose, whose sole purpose, is to disable one of the other ones. They then retaliate with a new version, sometimes 3 or 4 new versions in one day and so the cycle continues. Those of us on BTinternet (at least Dave on this list) can at least relax a little - they've stopped 100% of the virus infected emails I would of received. They currently stop around 80 SPAM messages a day to this account alone - frightening stuff indeed. Monday, April 5, 2004, 7:17:18 PM, you wrote: LCD Anything can be faked, ever heard about remailers? That is a server LCD thatstrips the real IP LCD from header and sends the mail further. Excellent for people that are LCD living in dictatorship LCD countries like China, USA or EU, that want to send their opinion to LCD newsgroups or mailing LCD lists. LCD They usualy can also hack into WLAN of innocent people, and use their IP LCD to make some LCD idiotic or illegal moves. LCD So even if the IP in header cannot be faked, it is not sure that the LCD attack comes really from LCD the person that subscribed the IP. LCD And finally, viruses send themself without the knowledge of the users. LCD The user is just too LCD stupid to own a PC, if he opens each attachement or has no firewall... LCD Greetings to all LCD LCD LCD Aley Keprt wrote: I usually get lots of SPAM, but no viruses. As several Sam users already mentioned, I use a simple whitelist system to block 100% of SPAM, and allow only known addresses. But this can't currently block viruses. Unfortunatelly... btw. You can find who sent you viruses. Although the sender e-mail address is faked, there is a valid IP address (can't be effectively faked), and with cooperation of its internet service provider, you can find the real computer. (If you have got some luck. :-) /--- Aley -- Mgr.(MSc.) Ales Keprt (also known as Aley) [EMAIL PROTECTED] *** www.keprt.cz *** ICQ: 82357182 Dept. of Computer Science, VSB Technical University Ostrava, CZ - [EMAIL PROTECTED] - www.cs.vsb.cz -- - Original Message - From: Matthew J. Craven [EMAIL PROTECTED] To: sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 7:11 PM Subject: Re: Virus Madness!!! - Can somebody help? I have at least 30 a day with all kinds of viruses like the ones you mention. I don't know if it's anything to do with the sam-users list though. I receive them from all over the world, and yes, the addresses are normally faked. But it's beginning to drive me to the point of distraction as well... God, I want to wring their pathetic little necks! :-D --Matt. On 5 Apr 04, at 18:54, Aley Keprt wrote: Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley
Re: Virus Madness!!! - Can somebody help?
You are right, IP is just a computer number, not a human. But if I have the IP address which originated the mail, it means that this particular computer was used to spread the virus. And I will ask the ISP to stop this. They are able to do it. Not sure, but I hope they can help me. Aley - Original Message - From: LCD [EMAIL PROTECTED] To: sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 8:17 PM Subject: Re: Virus Madness!!! - Can somebody help? Anything can be faked, ever heard about remailers? That is a server thatstrips the real IP from header and sends the mail further. Excellent for people that are living in dictatorship countries like China, USA or EU, that want to send their opinion to newsgroups or mailing lists. They usualy can also hack into WLAN of innocent people, and use their IP to make some idiotic or illegal moves. So even if the IP in header cannot be faked, it is not sure that the attack comes really from the person that subscribed the IP. And finally, viruses send themself without the knowledge of the users. The user is just too stupid to own a PC, if he opens each attachement or has no firewall... Greetings to all LCD Aley Keprt wrote: I usually get lots of SPAM, but no viruses. As several Sam users already mentioned, I use a simple whitelist system to block 100% of SPAM, and allow only known addresses. But this can't currently block viruses. Unfortunatelly... btw. You can find who sent you viruses. Although the sender e-mail address is faked, there is a valid IP address (can't be effectively faked), and with cooperation of its internet service provider, you can find the real computer. (If you have got some luck. :-) /--- Aley -- Mgr.(MSc.) Ales Keprt (also known as Aley) [EMAIL PROTECTED] *** www.keprt.cz *** ICQ: 82357182 Dept. of Computer Science, VSB Technical University Ostrava, CZ - [EMAIL PROTECTED] - www.cs.vsb.cz -- - Original Message - From: Matthew J. Craven [EMAIL PROTECTED] To: sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 7:11 PM Subject: Re: Virus Madness!!! - Can somebody help? I have at least 30 a day with all kinds of viruses like the ones you mention. I don't know if it's anything to do with the sam-users list though. I receive them from all over the world, and yes, the addresses are normally faked. But it's beginning to drive me to the point of distraction as well... God, I want to wring their pathetic little necks! :-D --Matt. On 5 Apr 04, at 18:54, Aley Keprt wrote: Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley
Re: Re[2]: Virus Madness!!! - Can somebody help?
Once again, you all are right, but absolutely not helping me. All you wrote here is correct, but my problems are caused by a simple virus, which doesn't do any tricks, doesn't use any security hole in MS applications. It just sends itself to other people from the infected machine using its own SMTP routine. It is so simple, it even doesn't make any damage to the infected machine (except some bandwith usage). I just need to find out who is the owner of that particular IP address to ask him to deinfect the computer. /--- Aley - Original Message - From: Andy Chandler [EMAIL PROTECTED] To: LCD sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 8:41 PM Subject: Re[2]: Virus Madness!!! - Can somebody help? Several of the new viri out there actually open up a port on the infected machine and report back to a website somewhere that the machine is ready and it is then as a SPAM server. So it looks like you sent the emails (and in fact you did!), but without knowing it. Sophos has a lot on the new set of ones doing the rounds. There is a virus on the loose, whose sole purpose, is to disable one of the other ones. They then retaliate with a new version, sometimes 3 or 4 new versions in one day and so the cycle continues. Those of us on BTinternet (at least Dave on this list) can at least relax a little - they've stopped 100% of the virus infected emails I would of received. They currently stop around 80 SPAM messages a day to this account alone - frightening stuff indeed. Monday, April 5, 2004, 7:17:18 PM, you wrote: LCD Anything can be faked, ever heard about remailers? That is a server LCD thatstrips the real IP LCD from header and sends the mail further. Excellent for people that are LCD living in dictatorship LCD countries like China, USA or EU, that want to send their opinion to LCD newsgroups or mailing LCD lists. LCD They usualy can also hack into WLAN of innocent people, and use their IP LCD to make some LCD idiotic or illegal moves. LCD So even if the IP in header cannot be faked, it is not sure that the LCD attack comes really from LCD the person that subscribed the IP. LCD And finally, viruses send themself without the knowledge of the users. LCD The user is just too LCD stupid to own a PC, if he opens each attachement or has no firewall... LCD Greetings to all LCD LCD LCD Aley Keprt wrote: I usually get lots of SPAM, but no viruses. As several Sam users already mentioned, I use a simple whitelist system to block 100% of SPAM, and allow only known addresses. But this can't currently block viruses. Unfortunatelly... btw. You can find who sent you viruses. Although the sender e-mail address is faked, there is a valid IP address (can't be effectively faked), and with cooperation of its internet service provider, you can find the real computer. (If you have got some luck. :-) /--- Aley -- Mgr.(MSc.) Ales Keprt (also known as Aley) [EMAIL PROTECTED] *** www.keprt.cz *** ICQ: 82357182 Dept. of Computer Science, VSB Technical University Ostrava, CZ - [EMAIL PROTECTED] - www.cs.vsb.cz -- - Original Message - From: Matthew J. Craven [EMAIL PROTECTED] To: sam-users@nvg.ntnu.no Sent: Monday, April 05, 2004 7:11 PM Subject: Re: Virus Madness!!! - Can somebody help? I have at least 30 a day with all kinds of viruses like the ones you mention. I don't know if it's anything to do with the sam-users list though. I receive them from all over the world, and yes, the addresses are normally faked. But it's beginning to drive me to the point of distraction as well... God, I want to wring their pathetic little necks! :-D --Matt. On 5 Apr 04, at 18:54, Aley Keprt wrote: Hello friends, this is what I can the virus madness! In last fortnight I got over 50 e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think and hope it isn't. In recent 12 hours I got 6 new e-mails with Netsky.Q. This is absolutely unbelievable. I looked to the e-mail headers, and I can see the sender is always the same. Really unbelievable. The e-mail address of the sender is not visible (it is faked), but I have got the IP address. I write it below, so you all can check, if it is somewhat connected with sam-users. It is an address in Netherlands, and my only contact to Netherlands is via sam-users. Computer name: node-d-1d4e.a2000.nl IP number: 62.195.29.78 Provider: UPC Netherlands Is this a private computer, or a multiuser node/proxy? Can somebody help? And does anybody receive such viruses by e-mail as well (in recent few days)? /--- Aley