Searching \ for '[EE:] PICLIST SPECIFIC VIRUS ALERT' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=pic
Search entire site for: 'PICLIST SPECIFIC VIRUS ALERT'.

Exact match. Not showing close matches.
PICList Thread
'[EE:] PICLIST SPECIFIC VIRUS ALERT'
2004\01\27@013834 by Jonathan Johnson

flavicon
face
I just got a virus hit picked up by Norton AV on my piclist specific
address.

Virus type

W32.Novarg.A@mm virus

apparently from

spam_OUTspjTakeThisOuTspamspjsystems.com

its made to look like a bounced message with a zip file attached titled
readme.zip

the body text of the message reads
" The message contains Unicode characters and has been sent as a binary
attachment."

If you are spj from spj systems SCAN YOUR COMPUTER, if you don't have any
antivirus software, get some or BUGGER OFF! (said with a smile of course :-)


many happy regards,

JJ

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@021201 by Jinx

face picon face
> its made to look like a bounced message with a zip file attached titled
> readme.zip
>
> " The message contains Unicode characters.......

I got that, but doc.zip, from somebody at aol.com or washington.edu
Went in the bin

Apparently it's a SoBig variant, made the 8pm radio news here. Two
payloads - one to forward the virus and one to enable remote access

I read somewhere today that they're doing some little shit's legs
for starting the last big scare

=======================================

New virus assaults users
Tuesday, 27 January 2004

A new computer virus may be opening up victims' computers to
remote access; users warned to update virus protection

The new virus was discovered this morning, but has already been
mass-mailed to hundreds of thousands of people around the world.

Security Software manufacturer Network Associates describes the
outbreak as 'high risk'.

The virus is a variant on one that is already well known, but includes
a package which experts believe could give the virus creators a 'back
door' into your system, allowing remote access to your private files.

It comes in an e-mail disguised as an error message, and says
something like "The message contains Unicode characters and
has been sent as a binary attachment."

Network Associates' Technical Support Manager Anthony Panuccio
says the virus effects are already being noticed as e-mail systems
start to slow down.

He says researchers are currently working to discover how the virus
works, and what it actually does to a victim's computer.

The firm says it received nearly 20,000 e-mails in one hour bearing the
virus.

Mr Panuccio says up-to-date virus protection will stop the virus going
any further.

He says if you ever receive an unexpected e-mail - even from
someone that you know - you should never open any attachment

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@023312 by Daniel Imfeld

flavicon
face
Jinx wrote:
> > its made to look like a bounced message with a zip file attached titled
> > readme.zip
> >
> > " The message contains Unicode characters.......
>
> I got that, but doc.zip, from somebody at aol.com or washington.edu
> Went in the bin
>
> Apparently it's a SoBig variant, made the 8pm radio news here. Two
> payloads - one to forward the virus and one to enable remote access
>
<snip>

I got one today too, and a reverse DNS on the IP gave
3dtee.apl.washington.edu.  So if anyone at the Applied Physics Lab at
Washington University reads this, be more careful next time.  The sysadmin
there said he would scan the computer first thing Tuesday morning, so
hopefully the problem will be taken care of quickly. Was the one you
received sent from 128.95.148.34?

Oddly, the "error message" I received was just a long mix of random
characters, rather than anything intelligible or even alphabetic.  I'm nto
sure what to think of that.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@031254 by Jinx

face picon face
> Was the one you received sent from 128.95.148.34 ?

Sorry, don't know. It's long gone now

> Oddly, the "error message" I received was just a long mix of
> random characters, rather than anything intelligible or even
> alphabetic.  I'm not sure what to think of that

Whenever I get something a little cooty that piques my interest
I'll delete it then have a look at Deleted Items.dbx with Word. I
saw no header suggesting an attachment with that message like
I'd normally expect to. For example, this picture received at the
same time

Content-Type: image/jpeg;
name="pic05844.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="pic05844.jpg"

http://home.clear.net.nz/pages/joecolquitt/overclocked.html

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@065715 by Sergio Masci

picon face
Daniel Imfeld wrote


> I got one today too, and a reverse DNS on the IP gave
> 3dtee.apl.washington.edu.  So if anyone at the Applied Physics Lab at
> Washington University reads this, be more careful next time.  The sysadmin
> there said he would scan the computer first thing Tuesday morning, so
> hopefully the problem will be taken care of quickly. Was the one you
> received sent from 128.95.148.34?
>

I received 4 today from 128.95.148.34 all spoofed to look like they are comming
from someone else but 128.95.148.34 does resolve to washington.edu. Needless to
say they got stomped on.

Regards
Sergio Masci

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@073731 by Olin Lathrop

face picon face
Sergio Masci wrote:
> I received 4 today from 128.95.148.34 all spoofed to look like they
> are comming from someone else but 128.95.148.34 does resolve to
> washington.edu.

I've gotten probably a half dozen of them since around noon yesterday.  They
were obviously viruses, so I've just been deleting them.  I just got another
one to my PIClist address:

> Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004 JAN
27 03:50:28  EST
{Quote hidden}

attachment.
>
>
> ------=_NextPart_000_0000_A9E6508D.897566D2
> Content-Type: application/octet-stream;
>  name="document.scr"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
>  filename="document.scr"

The address 194.129.230.253 turns out to be wan-01.london-dev.monster.co.uk,
not 7host.com as the machine claimed.  Some idiot there must be subscribed
to the PIClist (hopefully not anymore).

> Needless to say they got stomped on.

How does one do that?


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@074809 by Hulatt, Jon

flavicon
face
I have to hold my hand up and admit to being that idiot. Fixed now.

>
> The address 194.129.230.253 turns out to be
> wan-01.london-dev.monster.co.uk, not 7host.com as the machine
> claimed.  Some idiot there must be subscribed to the PIClist
> (hopefully not anymore).
>

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@090033 by Alan B. Pearce

face picon face
> I got one today too, and a reverse DNS on the IP gave
> 3dtee.apl.washington.edu.  So if anyone at the Applied Physics Lab at

I had one claiming to be from there, but when I try and ping that name I gat
an "unknown host" message, but can ping the IP address. However that message
claimed to be from a .....zaobaoKILLspamspam.....zaobao.com.sg which returns an address of
202.27.17.239 when pinged. If I leave off the 3dtee. portion, then I get a
different IP address.

Another claims to be a bounce from excalibur.netcom.net.uk, addressed to
EraseMEhelenspam_OUTspamTakeThisOuTnetcomuk.co.uk with a third coming from adsl-245-78.ns.itd.umich.edu
[141.213.245.78] purporting to be a bounce from sandraspamspam_OUTaol.com being bounced
because the mailbox is full. Interestingly the ping on this umich.edu times
out, as though the host has been taken down.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@090242 by Dominic Stratten

picon face
Why havent I had one yet :-( All I get is spam and thats not very exciting
;-)


----- Original Message -----
From: "Alan B. Pearce" <@spam@A.B.PearceKILLspamspamRL.AC.UK>
To: <KILLspamPICLISTKILLspamspamMITVMA.MIT.EDU>
Sent: Tuesday, January 27, 2004 1:49 PM
Subject: Re: [EE:] PICLIST SPECIFIC VIRUS ALERT


> > I got one today too, and a reverse DNS on the IP gave
> > 3dtee.apl.washington.edu.  So if anyone at the Applied Physics Lab at
>
> I had one claiming to be from there, but when I try and ping that name I
gat
> an "unknown host" message, but can ping the IP address. However that
message

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@103901 by John Ferrell

face picon face
Interesting picture. It appears to be an old PC chassis used as a grill.In
times past, many stampings of this nature were Cadmium plated. When you cook
with them the results can be lethal. The usual culprit is refrigerator
shelves.

BTW, I got my three virus as well, all caught by Norton.

John Ferrell
6241 Phillippi Rd
Julian NC 27283
Phone: (336)685-9606
RemoveMEjohnferrellTakeThisOuTspamearthlink.net
http://DixieNC.US
NSRCA 479 AMA 4190  W8CCW
"My Competition is Not My Enemy"

{Original Message removed}

2004\01\27@111643 by tony

flavicon
face
I've seen several of these in the past few days, including some
mailerdaemon that claimed they were from me (although a thorough scan and
a review of the headers showed that the messages originated from a
spoofing server).  I don't know who has it, but I hope they get themselves
clean soon.

-Tony

{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@112720 by hael Rigby-Jones

picon face
{Quote hidden}

This thing is getting big, and it's thanks to clueless users and even more
clueless email clients.
Had 6 at work, just checked my home account and another 6 waiting for me
there.  Worst of all it is putting random from addresses into the headers
and I have a several messages from irate mailing list members accusing me of
thing.  The fact my home PC hasn't been switched on for the last 3 days
probably won't pacify them...

Regards

Mike




=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================
Any questions about Bookham's E-Mail service should be directed to
RemoveMEpostmasterEraseMEspamEraseMEbookham.com.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@121136 by Dave VanHorn

flavicon
face
>
>Had 6 at work, just checked my home account and another 6 waiting for me
>there.



If I could get down to 6, I would be ecstatic.
60+ is more like it for me, on an average day.
I don't run any antivirus, I simply don't open the attachments when they
are in nonsensical emails.

I only got hosed once, in all the years I've been running without antivirus.
I was in the hospital, on major painkillers, and I opened the attachment.

Don't compute under the influence.. :)

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@121753 by Art

flavicon
face
Set your email so that any downloaded attachments go to the desktop without
being opened.

Do not use Bill Gates email programs.

When a new file that was not expected shows up on your desktop, delete it
without delay-if it turns out to be something you need, you can retrieve it
from the trashcan.

I practice this religiously and have deleted hundreds (if not more) virus
files. It works. Be safe-and don't waste alot of time deciding whether you
should open it or not!!!

Good luck-

Art

PS:I got 3 of them, my ISP caught one, but the other 2 went right straight
into the trashcan. If anyone wants a copy of the virus file, I'd be happy
to mail it to them.

At 11:25 AM 1/27/04, you wrote:
> >{Original Message removed}

2004\01\27@151706 by Jinx

face picon face
> Interesting picture. It appears to be an old PC chassis used as a
> grill.In times past, many stampings of this nature were Cadmium
> plated. When you cook with them the results can be lethal. The
> usual culprit is refrigerator shelves

I thought that too, wouldn't trust anything made into a BBQ that wasn't
supposed to be a BBQ. And they probably used building off-cuts with
H4 CCA preservative. Gives the meat that nice "tangy" flavour ;-)

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@162249 by Matt Pobursky

flavicon
face
On Wed, 28 Jan 2004 09:17:55 +1300, Jinx wrote:
>
> I thought that too, wouldn't trust anything made into a BBQ that
> wasn't
> supposed to be a BBQ. And they probably used building off-cuts with
> H4 CCA preservative. Gives the meat that nice "tangy" flavour ;-)

And toss in a few of your old retired auto tires, shredded, for that
nice "smoky" taste... ;-)

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@163314 by Jonathan Johnson

flavicon
face
And don't forget to add a paint spray can or two....stops you having to go
and get your food off the fire.....instead it'll just come hurtling toward
you, labour saving at it's extreme :-) never mind the 'tangy' taste...as
they say 'it's good for you'.;-)




{Original Message removed}

2004\01\27@193901 by Manuel Bessler

flavicon
face
On Tue, Jan 27, 2004 at 09:42:58AM -0600, RemoveMEtonyspam_OUTspamKILLspamELROYNET.COM wrote:
> I've seen several of these in the past few days, including some
> mailerdaemon that claimed they were from me (although a thorough scan and
> a review of the headers showed that the messages originated from a
> spoofing server).  I don't know who has it, but I hope they get themselves
> clean soon.

Same here. now someone seems to be using my domain with all kinds of different
usernames to send out viruses... and all that after I posted ONCE on
piclist, with this email address I use only for piclist (and another
list i haven't posted on)  :(((


Already bracing for the next impact of spam/virus bounces as a result of
this mail,
Manuel

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@193901 by Manuel Bessler

flavicon
face
On Tue, Jan 27, 2004 at 09:42:58AM -0600, RemoveMEtonyTakeThisOuTspamspamELROYNET.COM wrote:
> I've seen several of these in the past few days, including some
> mailerdaemon that claimed they were from me (although a thorough scan and
> a review of the headers showed that the messages originated from a
> spoofing server).  I don't know who has it, but I hope they get themselves
> clean soon.

Same here. now someone seems to be using my domain with all kinds of different
usernames to send out viruses... and all that after I posted ONCE on
piclist, with this email address I use only for piclist (and another
list i haven't posted on)  :(((


Already bracing for the next impact of spam/virus bounces as a result of
this mail,
Manuel

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

.

2004\01\27@224637 by Picdude

flavicon
face
Wow, you guys are lucky, if you got only a half-dozen ... I got over 200 yesterday, and over 900 today!!!  All have a readme.zip file, and I'm on dial-up .... arrrggghhh!

Apparently this new virus (Novarg, I believe?) was discovered yesterday, speads itself via email, and will allegedly record keystrokes.  Most interesting of all is that it will perform denial-of-service attacks against http://www.sco.com .  I'm still looking into the specific details, but slashdot has some info.

Interestingly, I use independent email addresses for each mailing list I'm on (piclist, car clubs, etc), and it seems to have found a bunch of these.

Cheers,
-Neil.


On Tuesday 27 January 2004 06:36 am, Olin Lathrop scribbled:
> I've gotten probably a half dozen of them since around noon yesterday.
> They were obviously viruses, so I've just been deleting them.  I just got
> another
>
> one to my PIClist address:
> > Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004
> > JAN

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2004\01\27@224637 by Picdude

flavicon
face
Wow, you guys are lucky, if you got only a half-dozen ... I got over 200 yesterday, and over 900 today!!!  All have a readme.zip file, and I'm on dial-up .... arrrggghhh!

Apparently this new virus (Novarg, I believe?) was discovered yesterday, speads itself via email, and will allegedly record keystrokes.  Most interesting of all is that it will perform denial-of-service attacks against http://www.sco.com .  I'm still looking into the specific details, but slashdot has some info.

Interestingly, I use independent email addresses for each mailing list I'm on (piclist, car clubs, etc), and it seems to have found a bunch of these.

Cheers,
-Neil.


On Tuesday 27 January 2004 06:36 am, Olin Lathrop scribbled:
> I've gotten probably a half dozen of them since around noon yesterday.
> They were obviously viruses, so I've just been deleting them.  I just got
> another
>
> one to my PIClist address:
> > Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004
> > JAN

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

.

2004\01\28@020416 by Denny Esterline

picon face
Well, I got hit with it. First virus I've been infected with in two years.
I knew my machine was acting funny yesterday (lots of disk access without
anything running) but repeated scans with Norton revealed nothing. Even
when I updated the virus defs, still nothing. Apparently this one can't be
detected unless you run the virus scan from safe mode (at least in win98).
I got really suspicious when I dialed the internet and the connection
monitor showed me sending lots of data, hmmm...

So a big sorry to anybody that might have received it from me. Here's a
link to more info and removal instructions if you need them:
EraseMEw32.novarg.aspamspamspamBeGonemm.html">http://www.symantec.com/avcenter/venc/data/RemoveMEw32.novarg.aKILLspamspammm.html

-Denny


Wow, you guys are lucky, if you got only a half-dozen ... I got over 200
yesterday, and over 900 today!!!  All have a readme.zip file, and I'm on
dial-up .... arrrggghhh!

Apparently this new virus (Novarg, I believe?) was discovered yesterday,
speads itself via email, and will allegedly record keystrokes.  Most
interesting of all is that it will perform denial-of-service attacks
against
http://www.sco.com .  I'm still looking into the specific details, but slashdot
has
some info.

Interestingly, I use independent email addresses for each mailing list I'm
on
(piclist, car clubs, etc), and it seems to have found a bunch of these.

Cheers,
-Neil.


On Tuesday 27 January 2004 06:36 am, Olin Lathrop scribbled:
> I've gotten probably a half dozen of them since around noon yesterday.
> They were obviously viruses, so I've just been deleting them.  I just got
> another
>
> one to my PIClist address:
> > Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004
> > JAN

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2004\01\28@020416 by Denny Esterline

picon face
Well, I got hit with it. First virus I've been infected with in two years.
I knew my machine was acting funny yesterday (lots of disk access without
anything running) but repeated scans with Norton revealed nothing. Even
when I updated the virus defs, still nothing. Apparently this one can't be
detected unless you run the virus scan from safe mode (at least in win98).
I got really suspicious when I dialed the internet and the connection
monitor showed me sending lots of data, hmmm...

So a big sorry to anybody that might have received it from me. Here's a
link to more info and removal instructions if you need them:
w32.novarg.aSTOPspamspamspam_OUTmm.html">http://www.symantec.com/avcenter/venc/data/spamBeGonew32.novarg.aSTOPspamspamEraseMEmm.html

-Denny


Wow, you guys are lucky, if you got only a half-dozen ... I got over 200
yesterday, and over 900 today!!!  All have a readme.zip file, and I'm on
dial-up .... arrrggghhh!

Apparently this new virus (Novarg, I believe?) was discovered yesterday,
speads itself via email, and will allegedly record keystrokes.  Most
interesting of all is that it will perform denial-of-service attacks
against
http://www.sco.com .  I'm still looking into the specific details, but slashdot
has
some info.

Interestingly, I use independent email addresses for each mailing list I'm
on
(piclist, car clubs, etc), and it seems to have found a bunch of these.

Cheers,
-Neil.


On Tuesday 27 January 2004 06:36 am, Olin Lathrop scribbled:
> I've gotten probably a half dozen of them since around noon yesterday.
> They were obviously viruses, so I've just been deleting them.  I just got
> another
>
> one to my PIClist address:
> > Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004
> > JAN

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

.

2004\01\28@220902 by Picdude

flavicon
face
I don't have the virus (I'm on Linux and so far there is only indication that Win* is affected), but I am suffering from it due to the excessive spam mail.  I have been creating more and more filters to send them directly to the trash.

What concerns me is that I'm getting emails from one of my domains to another with random names on each (such as from KILLspamname1spamBeGonespamdomainA.com to EraseMEname2spamEraseMEdomainB.com).  The catch-all email mailbox is receiving these.

Any idea what I can do about this, and why *I* am affected so badly?

Much thanks,
-Neil.


On Wednesday 28 January 2004 01:02 am, Denny Esterline scribbled:
{Quote hidden}

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

.

2004\01\28@235202 by Art

flavicon
face
>
>
>What concerns me is that I'm getting emails from one of my domains to another
>with random names on each (such as from .....name1spam_OUTspamdomainA.com to
>TakeThisOuTname2.....spamTakeThisOuTdomainB.com).  The catch-all email mailbox is receiving these.
>
>Any idea what I can do about this, and why *I* am affected so badly?

Neil,

Spammers are guessing at usernames and sending blindly. There are only so
many possible combinations of letters and numeric characters and they send
one copy of each combination to all the domains.

There is little escape from this and the traffic it makes on backbones is
absolutely unimaginable. It constitutes a denial of service attack,
although it is often misfor a DOS attack-but it's just spam.

You aren't affected any worse than any other domain, they all have to
tolerate this.

My guess is that the 'name1@domainA' is forged and that the spammer is
guessing all the possible email addresses in your domainB.com.

Subscribe to the RBL, it's free and rejects all mail from known spam
friendly domains. There is a newer initiative by the same people that
rejects any mail relayed from domains with open relays. I hope you don't
have open relays in your domains:>:

The IT department at my school uses these services religiously and spam has
been cut down so much that head administratot in IT recently disabled the
keyword and similar spam filters!

Art

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

.

2004\01\29@045002 by Win Wiencke

flavicon
face
<Picdude writes in part>
>What concerns me is that I'm getting emails from one of my
>domains to another with random names on each (such as
> from TakeThisOuTname1KILLspamspamspamdomainA.com to .....name2spamRemoveMEdomainB.com).
> The catch-all email mailbox is receiving these.

> Any idea what I can do about this, and why *I* am affected
> so badly?

Can you "blackhole" the catch-all mailbox?  After all, the catch-all box is
designed to be indiscriminate and any spammer worthy of having been whelped
will take advantage of that.

Consider setting up a bunch of forwarding mail boxes for logical
misspellings or address typos and have them all dump into a single mail box
that you check.  Then point the catch-all to a "blackhole" -- do not bounce
the messages because you'll lose lots of bandwidth and cycle time attempting
to complete delivery to the spammer's bogus return address.

Win Wiencke

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

.

More... (looser matching)
- Last day of these posts
- In 2004 , 2005 only
- Today
- New search...