OT: pirated email
Ric
fhj52ads at yahoo.com
Mon Sep 22 07:58:02 CEST 2003
--- Matthew Weier OPhinney <matthew-lists at weierophinney.net> wrote:
> -- Olivier Fourdan <fourdan at xfce.org> wrote
> (on Friday, 19 September 2003, 06:37 PM +0200):
> > On Fri, 2003-09-19 at 17:14, edscott wilson garcia wrote:
> > > It seems some #$#$%&%$ is spoofing my email address to send junk mail,
> > > probably to get past mail servers which bounce mail which come from
> > > fictitious source accounts. Anybody have similar problem? What to do?
> >
> > Yes, I keep receiving delivery errors on mails I've never sent (and the
> > mail agent shows it's been sent with Outlook!!!)
> >
> > There is not much you can do, AFAIK, just wait for Microsoft and its
> > unsecure tools to disappear from the surface of this planet :)
>
> Actually, the behaviour you're seeing is likely from the SoBig.F virus
Actually there is a *new* one that started this weekend,
From: "Microsoft Security Section" , "Security Assistance" , " Microsoft
Corporation Technical Support " and others with similar "official" names. The
email _looks_ like a MS document that _requests_ the user to download and apply
the "patch"; includes an attachment:
File names: pack.exe , PATCH.exe, upgrade.exe and others
File types: application/x-msdownload
Scan results: Virus Worm.Automat.AHB found
^^^^^^^^^^^^
the attachment is usually ~ 154kB but I got one that was a 14kB .exe file and
the virus scanner did not recognize it as *.exe(i'm thinking/hoping it was
because it was corrupted).
I also have several of those *bogus* returns now and had ~ dozen of them on the
last MS caused problem a couple of weeks ago. All are going to _this_ email
address.
This is a problem for linux too. I have been getting DoS sometimes because
my FW/Gateway logs are full of martians trying to get into port 135. Snort and
kernel logs have grown exponentially. Normallly the logs would be kB in size;
now they are MB! It's a small drive...
I am more than just a little PO'd by the whole thing as it has taken more time
from my short supply...
> -- it goes through all the mail headers in an Outlook mail store and
> both sends to each and tries to mail as each in order to spread itself.
> Since it happens on the client end, often the server it's using for
> outgoing mail will be configured to accept any mail from any address on
> the internal LAN... which means *you* get the bounceback, even though it
> came from someone else's machine. Yuck.
>
> I started analyzing the subject lines from the bounce backs, and set up
> some procmail filters to nuke them before they reach my inbox. Since
> they all include the virus as an attachment, you can also look for that.
>
> Ah, the joys of email... ;-)
>
> --
> Matthew Weier O'Phinney
> http://weierophinney.net/matthew/
> _______________________________________________
=====
Have A Great Day!
Ric
***
Thought for today:
After 10 years writing object-orientated enterprise code, one of the most
important things I've learned is to code as if the next guy to come along and
maintain your code is a short-tempered 30-stone gorilla who knows where you
live.
-- Caspian Rychlik-Prince
-- http://www.puppygames.net/articles/alienflux_postmortem.php
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the Xfce4-dev
mailing list