Home > Archive > Cobol > March 2004 > [OT] Virus Alert - A Real One
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[OT] Virus Alert - A Real One
|
|
| docdwarf@panix.com 2004-03-26, 10:59 pm |
|
The other day I received an email purporting to have been sent by
warren.simmons@worldnet.att.net ; it has the Subject: line of 're:
something for you', a single word of text ('never!') and an attachment
named 'undefined.zip'.
The .zip file contained a single .scr file, undefined.htm.scr, which
contained - you guessed it - a virus; McAfee says it is W32/Netsky.c@MM.
A word to the wise and all that.
DD
| |
| Binyamin Dissen 2004-03-26, 10:59 pm |
| On 9 Mar 2004 21:34:28 -0500 docdwarf@panix.com wrote:
:>The other day I received an email purporting to have been sent by
:>warren.simmons@worldnet.att.net ; it has the Subject: line of 're:
:>something for you', a single word of text ('never!') and an attachment
:>named 'undefined.zip'.
:>The .zip file contained a single .scr file, undefined.htm.scr, which
:>contained - you guessed it - a virus; McAfee says it is W32/Netsky.c@MM.
:>A word to the wise and all that.
You have only received one????
--
Binyamin Dissen <bdissen@dissensoftware.com>
http://www.dissensoftware.com
Director, Dissen Software, Bar & Grill - Israel
| |
| docdwarf@panix.com 2004-03-26, 10:59 pm |
| In article <u84u40d0c1o828r2mb109oa2gj42dv3oa4@4ax.com>,
Binyamin Dissen <postingid@dissensoftware.com> wrote:
>On 9 Mar 2004 21:34:28 -0500 docdwarf@panix.com wrote:
>
>:>The other day I received an email purporting to have been sent by
>:>warren.simmons@worldnet.att.net ; it has the Subject: line of 're:
>:>something for you', a single word of text ('never!') and an attachment
>:>named 'undefined.zip'.
[snip]
>You have only received one????
Only one from Mr Simmons' old email address, aye.
DD
| |
| Andreas Lerch 2004-03-26, 10:59 pm |
|
Am 10.03.04, 02:34:28, schrieb docdwarf@panix.com zum Thema [OT] Virus=20=
Alert - A Real One:
[color=darkred]
> The .zip file contained a single .scr file, undefined.htm.scr, which
> contained - you guessed it - a virus; McAfee says it is=20
W32/Netsky.c@MM.
Why do you use window$
Sorry only german: http://service.t-online.de/c/15/27/07/1527076.html
> A word to the wise and all that.
Andreas
| |
| Andreas Lerch 2004-03-26, 10:59 pm |
|
Am 10.03.04, 16:42:43, schrieb Andreas Lerch <andreas@andreas-lerch.de> =
zum Thema Re: [OT] Virus Alert - A Real One:
Hi
[color=darkred]
> Why do you use window$
Sorry i am to fast :-))
Andreas
| |
| docdwarf@panix.com 2004-03-26, 10:59 pm |
| In article <20040310.16495060@rechner12.lerch.home>,
Andreas Lerch <andreas@andreas-lerch.de> wrote:
>
>
>
>Am 10.03.04, 16:42:43, schrieb Andreas Lerch <andreas@andreas-lerch.de> =
>
>zum Thema Re: [OT] Virus Alert - A Real One:
>
>Hi
>
>Sorry i am to fast :-))
Oh, I *cannot* resist... don't worry, women tell me that *all* the time.
DD
| |
| docdwarf@panix.com 2004-03-26, 10:59 pm |
| In article <20040310.16424389@rechner12.lerch.home>,
Andreas Lerch <andreas@andreas-lerch.de> wrote:
>
>
>
>Am 10.03.04, 02:34:28, schrieb docdwarf@panix.com zum Thema [OT] Virus=20=
>
>Alert - A Real One:
>
>
>W32/Netsky.c@MM.
>
>Why do you use window$
I use a variety of operating systems... the account that received it is on
a dial-up Unix shell.
DD
| |
| Richard 2004-03-26, 10:59 pm |
| docdwarf@panix.com wrote
> The other day I received an email purporting to have been sent by
> warren.simmons@worldnet.att.net ; it has the Subject: line of 're:
> something for you', a single word of text ('never!') and an attachment
> named 'undefined.zip'.
>
> The .zip file contained a single .scr file, undefined.htm.scr, which
> contained - you guessed it - a virus; McAfee says it is W32/Netsky.c@MM.
His Windows machine has probably become 'owned' by McDoom and is being
used as a relay by russian spammer gangs.
It has been claimed that up to 10% of all Windows machine on the
internet are potential or actual remailers of spam and viruses.
(no, seriously).
| |
| docdwarf@panix.com 2004-03-26, 10:59 pm |
| In article <217e491a.0403101027.61827d20@posting.google.com>,
Richard <riplin@Azonic.co.nz> wrote:
>docdwarf@panix.com wrote
>
>
>His Windows machine has probably become 'owned' by McDoom and is being
>used as a relay by russian spammer gangs.
Could be... but if that were the case I'd expect it to show his present
addres, not a former one.
My thought is that the Google archives were address-harvested and folks
use addresses from the newsgroup to target other newsgroup users... makes
sense, in a twisted sort of way.
DD
| |
| John Simpson 2004-03-26, 10:59 pm |
|
<docdwarf@panix.com> wrote in message news:c2lurk$3b4$1@panix1.panix.com...
>
> The other day I received an email purporting to have been sent by
> warren.simmons@worldnet.att.net ; it has the Subject: line of 're:
> something for you', a single word of text ('never!') and an attachment
> named 'undefined.zip'.
>
> The .zip file contained a single .scr file, undefined.htm.scr, which
> contained - you guessed it - a virus; McAfee says it is W32/Netsky.c@MM.
>
> A word to the wise and all that.
>
> DD
>
How long have you been on this planet?? These virus's have been floating
around for a long, long time.
JAS
| |
| docdwarf@panix.com 2004-03-26, 10:59 pm |
| In article <HlM3c.15037$oP.2430@lakeread03>,
John Simpson <jasimp@earthlink.net> wrote:
>
><docdwarf@panix.com> wrote in message news:c2lurk$3b4$1@panix1.panix.com...
>
>How long have you been on this planet?? These virus's have been floating
>around for a long, long time.
I've been around this planet long enough to realise that if someone is
harvesting the email addresses of posters to this newsgroup and sending
viruses under these addresses to other posters to this newsgroup - in hope
that someone might say 'Hey, I know ol' Joe!' - then the amount of time
that I take to post a warning about this possibility is, to me,
inconsequential and, possibly, valuable to another.
My apologies if those who have been around less time are unfamiliar with
or  by such a courtesy.
DD
| |
| Michael Wojcik 2004-03-26, 10:59 pm |
|
In article <c2nobk$epe$1@panix5.panix.com>, docdwarf@panix.com writes:
>
> My thought is that the Google archives were address-harvested and folks
> use addresses from the newsgroup to target other newsgroup users... makes
> sense, in a twisted sort of way.
It's probably not specifically targetted at c.l.c users, just random.
There are viruses in the wild which use at least two of my old email
addresses (probably harvested from Usenet archives) when forging their
From headers. This is a widely-recognized annoyance, particularly
since brain-damaged email virus scanners written by brain-damaged
virus-scanning firms insist on sending alerts to the "senders" of
such messages.
In short, never believe the From field in an email message sent by
a virus (or trojan, or worm, or other malware). Or, for that matter,
in any email message. Forging unauthenticated email messages is
trivial.
--
Michael Wojcik michael.wojcik@microfocus.com
Reversible CA's are -automorphisms- on shift spaces. It is a notorious
fact in symbolic dynamics that describing such things on a shift of finite
type are -fiendishly- difficult. -- Chris Hillman
| |
| berlutte@sympatico.ca 2004-03-26, 10:59 pm |
| Xref: kermit comp.lang.cobol:85978 comp.software.year-2000:154265
On 9 Mar 2004 21:34:28 -0500, docdwarf@panix.com wrote:
>The other day I received an email purporting to have been sent by
>warren.simmons@worldnet.att.net ; it has the Subject: line of 're:
>something for you', a single word of text ('never!') and an attachment
>named 'undefined.zip'.
When was that, 2 w s ago?
>The .zip file contained a single .scr file, undefined.htm.scr, which
>contained - you guessed it - a virus; McAfee says it is W32/Netsky.c@MM.
Perhaps one of them pissed off russki coders is lurkin' and did it to
for me as a subtle wink..
>A word to the wise and all that.
Thanks so much for alerting the good folks at csy2k!
Yer one big smelly, I say, old f*rt!
| |
| docdwarf@panix.com 2004-03-26, 10:59 pm |
| In article <c2oil80tb1@enews4.newsguy.com>,
Michael Wojcik <mwojcik@newsguy.com> wrote:
>
>In article <c2nobk$epe$1@panix5.panix.com>, docdwarf@panix.com writes:
>
>It's probably not specifically targetted at c.l.c users, just random.
That might be the case as well... hmmmmm, what better way to check this
hypothesis than by posting to the newsgroup and seeing if a 'me, too'
comes up?
DD
| |
| JerryMouse 2004-03-26, 10:59 pm |
| Andreas Lerch wrote:
>
> Am 10.03.04, 02:34:28, schrieb docdwarf@panix.com zum Thema [OT] Virus
> Alert - A Real One:
>
>
>
> Why do you use window$
Is this a trick question?
|
|
|
|
|