Gossamer Forum
Home : General : Chit Chat :

regarding spam mail

(Page 3 of 4)
> > > >
Quote Reply
Re: [Paul] Spam with VIRUS! In reply to
I love it when I get up in the morning and you forum Veterans have been going at itWink!! (jokingly)

Yes, the attack was through Outlook Express 6. And very interesting to read your comments on how a virus can attack without opening.

I am 99% sure that I do not open any attachments where I do not know the author.

There is always the possiblity the author did not realise their attachment had a virus in it either as well.

Thanks guys.

I think I removed the last of these bad guys (viruses) this morning.
Quote Reply
Re: [sooke] Spam with VIRUS! In reply to
Yes, as this is exactly what most worms try to achieve. They look in the recpient's address book and forwards itself onto everyone in there, so the virus may *appear* to be coming from a friend or colleague.

- wil
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
Scary!

I am still getting around 20-60 per hour from *.com.br. (this contains the klez worm). Although this is spam related, spamcop seem to not get involved with virus related spam.... I may be wrong on this, but it was the impression I got from their rules.

I have put them into the Outlook blocked senders list, but it still "bugs" me. I'd like to get these guys.

I could not find a report an virus attack on the symantec site. There really should be way of reporting these guys, but I guess it is the attention they are after.
Quote Reply
Re: [sooke] Spam with VIRUS! In reply to
No, I think the reason these aren't blocked or traced is that these are usually bogus email accounts, or relayed over open servers whith bogus accounts. If you actually sent something back to them, it would more than probably bounce anyway.

- wil
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
What virus is this one again? It sounds like it could be one of these?

- wil
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
Yes, you are right. My autoresponder has been getting bounced continuously... I may have to shut it off for a while. Because I get a 'bounced' message each time this happens.
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
The .com.br one is the

W32.Klez.H@mm

I also got the

JS.Exception.Exploit this morning, that is not a biggie.

(not to mention a SUB7 attempt every 10 minutes or so Wink)

Are attacks this common, or am I being targeted here??

Quote Reply
Re: [sooke] Spam with VIRUS! In reply to
Yes, you are being targetted. This is not common practice at all in my case. Or maybe my firewall blocks these kind of attacks, I'm not sure, but I've never been pounced upon like you're having now.

And no, I don't want to be either <g>.

- wil
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
What are you using for a firewall may I ask? Is this a software or a hardware job?

I just installed Nortons Internet Security... I only had the XP built in prior to yesterday.
Quote Reply
Re: [sooke] Spam with VIRUS! In reply to
>>
not to mention a SUB7 attempt every 10 minutes or so
<<

Hehe too funny. How do you know that is happening?....is your firewall telling you?....if so then theres no need to worry as obviously the firewall is blocking it.

...and yes it is common...I used to gets alerts all the time for port scans and stuff...quite annoying....I ended up getting rid of the firewall :)

Last edited by:

Paul: Apr 25, 2002, 9:56 AM
Quote Reply
Re: [Paul] Spam with VIRUS! In reply to
Yes, the latest version of the Internet Security has this neat little side bar... which tells you the ip, port and type of virus or whatever that is attempting attack. It then automatically blocks that computer from accessing your computer for 30 minutes. I like it actually. Though I am using an older Dell Inspiron, and it was struggling to keep up with the applications before I installed this firewall!! The little engine that could, is now the little engine that gets hits by virus, and STILL CAN!

I know what you mean by continuous firewall irritation though. This version seems to be a little more intellegent in auto senseing everything, and leaving you alone. Does it sounds like I work for Symantec? Actually I don't but, it seems to be keeping my system alive during this attack.

This attack only started two or three days ago, but no end in sight yet.
Quote Reply
Re: [Paul] Spam with VIRUS! In reply to
Paul

You had continous port scans, huh? Have you got a static IP?

- wil
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
>>
You had continous port scans, huh? Have you got a static IP?
<<

Yes and yes. 213.106.15.150

Last edited by:

Paul: Apr 25, 2002, 11:24 AM
Quote Reply
Re: [Paul] Spam with VIRUS! In reply to
What is socket.net ?

I figured it be something.co.uk or so.
Quote Reply
Re: [Watts] Spam with VIRUS! In reply to
How did you get socket.net?
Quote Reply
Re: [Paul] Spam with VIRUS! In reply to
erm... looks like the winXP login screen to me. I thought all the Longhorn stuff that was posted there was BS??

--Philip
Links 2.0 moderator
Quote Reply
Re: [Paul] Spam with VIRUS! In reply to
Quote:
How did you get socket.net?

From a DOS prompt type:

tracert ip address

I was going to try telnet, but I figured it'd be too creepy.
Quote Reply
Re: [Wil] Spam with VIRUS! In reply to
People still use Pine? Good grief. Maybe they're stuck at university somewhere.
Quote Reply
Re: [Watts] Spam with VIRUS! In reply to
Yeah thats why I asked because when I do a traceroute I don't see it :)
Quote Reply
Re: [Paul] Microsoft In reply to
In Reply To:
Microsoft's job isn't to hold your hand...its up to you to make sure you are using up-to-date software. The update button sits on your start menu...it isn't hiding anywhere.

As Microsoft IS supplying a mechanism to detect vital security updates, then they should make sure these work for ALL bloody programs coming out of their workshops. Such a statement suggests a lack of proper understanding on how MS IS responsible for supplying safe software to the masses. If your new car had faulty wheels, you would expect the recall to include your model as well as the very latest model comming out of the factory.

~ ERASER


Free JavaScripts @ Insight Eye

Last edited by:

Eraser: Apr 25, 2002, 3:19 PM
Quote Reply
Re: [Eraser] Microsoft In reply to
You misinterpreted what I meant. Im not saying they shouldn't provide a good level of support...of course they should....and I have to say updates are extremely simple to install on XP and the majority are downloaded in the background without you having to lift a finger....all Im saying is that when you don't bother to keep your software up to date and then get a virus or something when a patch has been available for months then you shouldn't start whining at Microsoft. How do you expect them to tell you about updates other than post it on their site and provide you with an updates facility on your desktop?...you want them to make a personal phone call to 50 million people?

It yanks my chain when people using Windows95 or Windows98 complain about all the security problems....umm try upgrading...things have come on along way since like 1996 or whatever ;) (Im not referring to you specifically Eraser).

Disagree with what I've just said if you like...Im sure you will :) ....I don't mind as Im going to bed.

Last edited by:

Paul: Apr 25, 2002, 3:29 PM
Quote Reply
Re: [Eraser] Microsoft In reply to
Would you recall an entire line of cars and loose $M before knowing for sure that model is faulty as well? Appearently, you would. By that reasoning, you seem to expect MS to patch bugs and security holes before they know they exist.

I agree with Paul. It is entirely up to the end-user to keep their software up to date. You can't expect the software company to call you every time a fix was released, or send a new version in the mail.

--Philip
Links 2.0 moderator
Quote Reply
Re: [sponge] Microsoft In reply to
Personally, I think Microsoft just needs to put a greater emphasis on security, something they haven't done in previous releases. Some of my all time favorite ms bugs include (all fixed now):

IIS: Ability to view source of ASP pages by going to http://site/page.asp. (trailing dot). You could also do http://site/page.asp::$DATA I believe.

IE: Ability to run arbitrary code by sending a cookie with Javascript as the contents. The JS would get evaluated in the local security settings -- my god, why anyone would want to have a browser that runs the javascript contained inside cookies is beyond me. This one is really nasty, as for a while, any site that sent you a cookie could wipe your hard drive.

IE: Ability to auto run downloadable programs due to IE not properly checking content type headers.

Outlook: auto running attached files - about 20+ variations on this.

Outlook: displaying html mail leads to running code automatically - about 20+ variation on this as well.

Most of these can be summed up with "don't trust user input". Maybe perl -T might help. =)

Cheers,

Alex
--
Gossamer Threads Inc.
Quote Reply
Re: [sponge] Microsoft In reply to
And you misunderstood my point sponge. I dont expect MS to tell me personally about every fix, or send me an update - my post is in reference to the office update facility that Microsoft provide as part of the ongoing security awareness. This facility excludes older version (pre-2000) and with no indication that such software is excluded from such a security/update scan. I know this based on trying to make such an update. And your bit about expecting a patch before knowing the problem is just nonsense. Blimy, I didn't suggest that at all!

~ ERASER


Free JavaScripts @ Insight Eye

Last edited by:

Eraser: Apr 25, 2002, 4:27 PM
Quote Reply
Re: [Eraser] Microsoft In reply to
ugh... maybe I should drop English as my primary language. what do you think?

--Philip
Links 2.0 moderator
> > > >