Re: [meteorite-list] Virus warning!!
Hello, Dave and the list, the address [EMAIL PROTECTED] is from my sign. Have recived same kind of failure notices from; [EMAIL PROTECTED] [EMAIL PROTECTED] That doesnt mean, the computers using these addresses are infected, Mydoom just pics up random addresses from the WAB (Windows adress-book file) from the infected computers and uses them as the sender. It can also collect the fake sending addresses / addresses to senddfrom the following files in the infected computer; Mail Propagation The worm collects addresses where to send itself from Windows' Address Book and from files with extension: pl adb tbb dbx asp php sht htm txt Peer-to-Peer Spreading The worm will look up form the Windows' Registry the value containing the users Kazaa shared folder, and it will copy itself to that location with a filename composed from the following list: winamp5 icq2004-final activation_crack strip-girl-2.0bdcom_patches rootkitXP office_crack nuke2004 The summary and disinfection of Mydoom can be found from; http://www.f-secure.com/v-descs/novarg.shtml take care, pekka s DNAndrews wrote: Hi Mark and list, (Sorry Art I know we're not supposed to talk about this on the list). Looks like it's already made the list. I just got a returned message or failure notice for a message I never sent to a "[EMAIL PROTECTED]". The address was spoofed to make me look like the sender. The body.pif file was the intended payload. I traced the header information to the real sender: Received: from sgrelayg1.core.theplanet.net (195.92.195.145) by indium.smartgroups.com with SMTP; 27 Jan 2004 16:56:18 - Received: from aputeaux-115-1-3-220.w193-251.abo.wanadoo.fr ([193.251.71.220] Bruno Drouet is the owner of this domain. Not sure if he's the owner of the IP address though. Beware out there and update your virus programs! Dave -- Pekka Savolainen Jokiharjuntie 4 FIN-71330 Rasala FINLAND + 358 400 818 912 Group Home Page: http://www.smartgroups.com/groups/eurocoin Group Email Address: [EMAIL PROTECTED]
Re: [meteorite-list] Virus warning!!
Hi Mark and list, (Sorry Art I know we're not supposed to talk about this on the list). Looks like it's already made the list. I just got a returned message or failure notice for a message I never sent to a [EMAIL PROTECTED]. The address was spoofed to make me look like the sender. The body.pif file was the intended payload. I traced the header information to the real sender: Received: from sgrelayg1.core.theplanet.net (195.92.195.145) by indium.smartgroups.com with SMTP; 27 Jan 2004 16:56:18 - Received: from aputeaux-115-1-3-220.w193-251.abo.wanadoo.fr ([193.251.71.220] Bruno Drouet is the owner of this domain. Not sure if he's the owner of the IP address though. Beware out there and update your virus programs! Dave mark ford wrote: There is a particularly nasty virus doing the rounds at the moment Called W32/[EMAIL PROTECTED] If you see anything that matches the following, delete it: From: (spoofed email sender) - to spoof (v): to fool. In this context, it means the message may appear to come from someone you know. It probably didn't. Subject: any of the following... Error Status Server Report Mail Transaction Failed Mail Delivery System hello hi Body: any of the following... The message cannot be represented in 7-bit ascii encoding and has been sent as a binary attachment The message contains Unicode characters and has been sent as a binary attachment Mail transaction failed. Partial message is available Attachment: any of the following, but can be random... doc.bat document.zip message.zip readme.zip text.pif hello.cmd body.scr test.htm.pif data.txt.exe file.scr The attachment icon will make it look like a text file. Don't open it. If in doubt, chuck it out! Regards, MARK __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list
Re: [meteorite-list] Virus Warning to Meteorite List
If someone happens to have this not so nice worm, which is spreading in the wild, the disinfection tool can be found from; http://www.f-secure.com/v-descs/sobig_f.shtml take care, pekka Mike Groetz wrote: Hi Everyone- The only email I have coming into this Yahoo email address is that of the meteorite list. Kind of nice since it is dedicated to meteorites and nothing else- until today. 24 messages so far were isolated into the Bulk spam box- all with the Sobig F virus attached. Look to be about 98-102K big. Some of the message from addresses had a reference to this meteorite list. Thats the scary part. So everyone be careful, don't open attachments and keep your virus scan up to date. Have a good night and take care. Sorry off topic, I don't mean to be an alarmist- but I have never seen it like this. Mike __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list -- Pekka Savolainen Jokiharjuntie 4 FIN-71330 Rasala FINLAND + 358 400 818 912 Group Home Page: http://www.smartgroups.com/groups/eurocoin Group Email Address: [EMAIL PROTECTED] __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list
Re: [meteorite-list] Virus Warning to Meteorite List
Hello I am full of this emails in my ebay email, at 20 for day regards Matteo --- Pekka Savolainen [EMAIL PROTECTED] wrote: If someone happens to have this not so nice worm, which is spreading in the wild, the disinfection tool can be found from; http://www.f-secure.com/v-descs/sobig_f.shtml take care, pekka Mike Groetz wrote: Hi Everyone- The only email I have coming into this Yahoo email address is that of the meteorite list. Kind of nice since it is dedicated to meteorites and nothing else- until today. 24 messages so far were isolated into the Bulk spam box- all with the Sobig F virus attached. Look to be about 98-102K big. Some of the message from addresses had a reference to this meteorite list. Thats the scary part. So everyone be careful, don't open attachments and keep your virus scan up to date. Have a good night and take care. Sorry off topic, I don't mean to be an alarmist- but I have never seen it like this. Mike __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list -- Pekka Savolainen Jokiharjuntie 4 FIN-71330 Rasala FINLAND + 358 400 818 912 Group Home Page: http://www.smartgroups.com/groups/eurocoin Group Email Address: [EMAIL PROTECTED] __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list = M come Meteorite - Matteo Chinellato Via Triestina 126/A - 30030 - TESSERA, VENEZIA, ITALY Email: [EMAIL PROTECTED] Sale Site: http://www.mcomemeteorite.com Collection Site: http://www.mcomemeteorite.info International Meteorite Collectors Association #2140 MSN Messanger: [EMAIL PROTECTED] EBAY.COM:http://members.ebay.com/aboutme/mcomemeteorite/ __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com __ Meteorite-list mailing list [EMAIL PROTECTED] http://www.pairlist.net/mailman/listinfo/meteorite-list
