Searching \ for ' viruses' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=viruses
Search entire site for: 'viruses'.

No exact or substring matches. trying for part
PICList Thread
'[OT] Re: Email Viruses'
1998\11\20@112954 by Paul BRITTON

flavicon
face
It is not just Microslop OS's and products that allow strange behaviour on
opening email.........12 yrs ago I was using a Vax system at college and
someone sent me a Christmas greeting email, upon opening it, it printed an
ASCII art Christmas tree picture on the terminal screen, beeped a tune on
the terminal beeper, and sent a copy of itself to everyone in my address
book.

It soon clogged up the system, and the sysadmin hed to run a canceller
script on the mail system to purge it.

But today the biggest worry is ActiveX controls, what is another name for
a self installing, remotely runnable program.......a VIRUS.

Paul

'OT: While we're talking of viruses...'
1998\11\20@124548 by Stig Brautaset

flavicon
face
I got a warning of a really nasty one, one of these days. I thought it was
pretty cool, so I've translated parts of it (it was VERY long :-))


Losely translated from Norwegian:

"Wirus warning! If you get a mail that says "Hi" in the subject line, you
have to delete it..."

       bla, bla goes on about 'most dangerous ever' before starting to describe
what it acually does:

"It deletes your bootsector, and that's not all. It leaps over to lose discs
within a range of 100 meters. It puts dirty language in all your outgoing
letters; make hard knots on all the cabling at the back of the PC and smudge
your keyboard with butter and jam.

It messes up your fridge's thermostat so that the butter melts and the milk
separates. It makes fake money and put them in your wallet; puts aperitive
in the dog's food, so you have to run outside all night with it; it distorts
all your music CD's, puts shrimp-peels in your bed and rocks in your
foodprocessor.

It puts defroster in your aquarium, drinks all your beer [is nothing sacred
anymore?!] and changes the mayonaise with latex adhesive when you're having
guests. It produces amphetamine in your bath tube, while frying bacon in the
kitchen - which it forgets - and goes out to chase old women with your brand
new tractor lawn mower."

Hope I never get this virus, it kind of strikes me that it would be a *pain
in the ass* to get rid of it... :-)

Stig

=====================================================
Stig Brautaset  -  spam_OUTsbrautasTakeThisOuTspamc2i.net  -  ICQ: 11052183
Student of electronics - http://home.c2i.net/sbrautas
=====================================================

1998\11\20@153247 by Sean Breheny

face picon face
At 06:42 PM 11/20/98 -0000, you wrote:
>I got a warning of a really nasty one, one of these days. I thought it was
>pretty cool, so I've translated parts of it (it was VERY long :-))

[SNIP]

ROTFL!!

I like this virus! Anyone got time to write it?? Maybe with activeX
controls and PICs on various appliances, it might work!<G>

Sean

+-------------------------------+
| Sean Breheny                  |
| Amateur Radio Callsign: KA3YXM|
| Electrical Engineering Student|
+-------------------------------+
Save lives, please look at http://www.all.org
Personal page: http://www.people.cornell.edu/pages/shb7
.....shb7KILLspamspam@spam@cornell.edu  Phone(USA): (607) 253-0315 ICQ #: 3329174

1998\11\20@154103 by Rob

flavicon
face
On Fri, 20 Nov 1998, Stig Brautaset wrote:

> I got a warning of a really nasty one, one of these days. I thought it was
> pretty cool, so I've translated parts of it (it was VERY long :-))
>

<snip>

>
> It puts defroster in your aquarium, drinks all your beer [is nothing sacred
> anymore?!] and changes the mayonaise with latex adhesive when you're having
> guests. It produces amphetamine in your bath tube, while frying bacon in the
> kitchen - which it forgets - and goes out to chase old women with your brand
> new tractor lawn mower."


I think I live with this virus.  Does it say anything about not paying
it's share of the rent? :)



>
> Stig
>
> =====================================================
> Stig Brautaset  -  sbrautasspamKILLspamc2i.net  -  ICQ: 11052183
> Student of electronics - http://home.c2i.net/sbrautas
> =====================================================
>

1998\11\20@180351 by Stig Brautaset

flavicon
face
> ROTFL!!
>
> I like this virus! Anyone got time to write it?? Maybe with activeX
> controls and PICs on various appliances, it might work!<G>
>
> Sean

Just curious:

ROTFL           equ     "Roll Over The Floor Laughing"          ; ??? (just to t
ouch PIC
subject)

1998\11\21@075021 by Peter L. Peres

picon face
On Fri, 20 Nov 1998, Sean Breheny wrote:

> At 06:42 PM 11/20/98 -0000, you wrote:
> >I got a warning of a really nasty one, one of these days. I thought it was
> >pretty cool, so I've translated parts of it (it was VERY long :-))
>
> [SNIP]
>
> ROTFL!!
>
> I like this virus! Anyone got time to write it?? Maybe with activeX
> controls and PICs on various appliances, it might work!<G>

Bite your tongue. By the time you finish school it may happen once a week,
the way things are going. The Internet is full of more or less active
controls and other things with a mind of their own and many idealist
engineers connect microcomputer-controlled household applications to the
web with frenezy and very little understanding of the implications and
security/access control issues involved. The worst thing I saw in this
direction was a guy in Canada who was trying to interface equipment in a
nuclear experiments lab with a CGI script, for online access by
students/staff, and hoped for the passwords to be enough security. I hope
he got to talk with someone professional meanwhile. Sheesh.

Peter

1998\11\22@093434 by James Merritt

flavicon
face
I thought Windows already did this?

--
James E. Merritt N0SRB                  Iowa State University
.....jemKILLspamspam.....iastate.edu                         Center for Nondestructive Evaluation
Electrical Engineering student          x-ray tech/modeller/programmer


'[PIC]: Mail viruses'
2001\05\26@080020 by Jinx
face picon face
In the past fortnight I've received four copies of the Magistr virus
from four different list members. No harm has been done, but I
worry about their security. Would everyone please keep their AV
s/w running and current please. The next virus doing the rounds
might not be so benign. Thanks

A reminder that Computer Associate's InoculateIT is free and
updated regularly. No spam, no BS, just the s/w

http://www.antivirus.cai.com

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspam_OUTspamTakeThisOuTmitvma.mit.edu


2001\05\26@085006 by Andy N1YEW

picon face
hi
----- Original Message -----
From: "Jinx" <joecolquittspamspam_OUTCLEAR.NET.NZ>
To: <@spam@PICLISTKILLspamspamMITVMA.MIT.EDU>
Sent: Saturday, May 26, 2001 7:59 AM
Subject: [PIC]: Mail viruses


{Quote hidden}

how do we know it doesnt have a backdoor in it?

andy
> --
> http://www.piclist.com hint: To leave the PICList
> KILLspampiclist-unsubscribe-requestKILLspamspammitvma.mit.edu
>
>
>

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestTakeThisOuTspammitvma.mit.edu


2001\05\26@090508 by Patrik Husfloen

picon face
that's sorta paranoid isn't it
InoculateIT is one of th ebest av solutions there is
and thats it's free for personal use is a big +
if you want to fork up huge amount of cash you should try AVP, by kaspersky labs.


{Original Message removed}

'[OT]: Mail viruses/Internet Security'
2001\05\26@095335 by michael brown

flavicon
face
{Quote hidden}

Disclaimer:  I realize that their are other forums to discuss this, but
everyone needs to be aware of what is going on nowadays.  This is why I
changed the topic to [OT]

I guess you don't.  But then you already have "backdoors/security holes" or
these viruses couldn't get in.  What about the backdoors already built into
windoze?  The German govt. doesn't like them.  I just head out to
http://www.trend.com and scan my system for free, without installing anything.  Of
course this works by using/exploiting the inherent security problem/danger
with active x.  If you think your system is somehow secure, you are
sadly/dangerously mistaken.  It's a trade off plain and simple.  For months
now I have been watching my firewall log messages such as:

May 26 07:56:09 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62386 24.93.35.161:110 L=40 S=0x00 I=2112 F=0x0000 T=255 (#51)
May 26 07:56:27 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62386 24.93.35.161:110 L=40 S=0x00 I=2113 F=0x0000 T=255 (#51)
May 26 07:57:54 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2117 F=0x0000 T=255 (#51)
May 26 07:57:56 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2118 F=0x0000 T=255 (#51)
May 26 07:58:00 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2119 F=0x0000 T=255 (#51)
May 26 07:58:08 guardian kernel: Packet log: output REJECT eth1 PROTO=6
66.25.8.185:62388 24.93.35.161:110 L=40 S=0x00 I=2120 F=0x0000 T=255 (#51)

It looks benign, doesn't it?  You say its only trying to check email.  But
that is WRONG.  That is what it is supposed to look like to the unwashed.
The destination IP address belongs to some computer at rr.com.  Funny thing
is, that this IP fails when you do a reverse DNS lookup.  These messages
only appear when outlook express is running on my laptop.  However, OE looks
like it is doing nothing as these messages appear.  This is as a result of
the roadrunner technician/spyware installer ran something on my laptop
(after being told not to run anything, he did this when I had my back turned
for a moment)  This IP IS a server at rr.  I have scoured my laptop for the
IP address or some rr.com name and I can't find anything.  So therefore the
name or IP is encrypted or somehow otherwise stored/hidden in a non plain
text format.  Since OE doesn't give any indication that this is occurring,
rr is using some undocumented "feature" that mickeysoft was kind enough to
build into OE.  This is blatant violation of my so called right to privacy,
but try to get rr to fess up to what is going on.  BTW, according to techs
at rr, other customers (running really restrictive firewalls) are now
starting to notice/question this behavior on their computers.  See, most
firewalls don't restrict access to pop-servers(port 110) or
smtp-servers(25).  Mine, however, does.  I only allow connections to the
pop/news/smtp servers that I specifically use.  The above IP is not, I
repeat NOT, one of rr's documented pop servers.  By documented, I mean one
that actually resolves via DNS to pop-server.houston.rr.com.  I may not know
much about PIC's but I damn sure know a few things about internet security.
Take my word for it, you will be hearing more about this in the future, once
enough people discover it.

Now, in all fairness, this could be a benign thing.  They could use this
technique to mass-mail to all the account holders at rr without having to
stuff each persons mailbox with a copy of the message.  This could result in
a significant amount of disk space savings.  However, why would OE go to so
much trouble to hide the fact that this is occurring???  They could have
just set up another account to check without trying to hide it.  The little
icon in the upper right corner doesn't move when this is happening.  You can
press the send/recv button when its doing its thing and that will occur
completely asynchronously with the covert-checking.  If OE is in the process
of doing this, you can close OE and it will close without delay.

Some other interesting behavior:  sometimes the destination IP changes to a
different one, this implies that the IP is not hard coded, but is looked up.
After the last big rr downtime/maintenance OE tried to connect on port 25 a
few times. This is really disturbing as it implies that OE was trying to
send something out.  Fortunately this was also stopped by my firewall.  I
have not seen anymore of that behavior since.  It becomes frighteningly
obvious that they (rr) can somehow manipulate this behavior from their end.
This in all probability has something to do with the FBI/carnivore fiasco.
Unfortunately no matter how sophisticated my firewall is, it would be
impossible for me to stop all surreptitious communications.  I am fortunate
in that this is occurring on privileged ports.  You see, when you use
windoze update to install security patches (or install anything), you really
have no idea what is really being installed, or for that matter, what was
already installed with the distribution.

Doesn't anyone wonder why the govt. stopped harping on MS.  What happened to
the break up of the company?  It seams reasonable to me that the feds made
an agreement with MS involving mutual back scratching.  You help us spy, and
we will quit hammering you.  I know all this sounds like some crazy
conspiracy theory, but remember this.  Anything, I repeat ANYTHING, that is
technically possible will be attempted by someone.  Whether it be cloning a
sheep, or genetically altering human DNA to create a super soldier.  It does
not matter what the moral implications are.  If morality and a dollar of
profit are at issue, which do you think takes priority?  Trust me, you have
no privacy.  If you even think, for a moment, that some corporation or the
govt are concerned about you and your privacy/security, I have a bridge in
SF bay to sell you.  Remember, you heard it here first.

So ends my sermon for today.  Take care and sleep well knowing that big
brother is watching.

michael brown

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestspamTakeThisOuTmitvma.mit.edu


2001\05\26@122644 by Andy N1YEW

picon face
i already knew that :-)

dont mention c a r n i v o r e in any emails or you will be logged unless
you have earthlink(carnivore free)

andrew
{Original Message removed}

2001\05\26@130133 by Alexandre Domingos F. Souza

flavicon
face
>dont mention c a r n i v o r e in any emails or you will be logged unless
>you have earthlink(carnivore free)

       Carnivore! Carnivore! CARNIVORE!!! F*** the carnivore!!! :oPPP

       And the big brother is watching you...Its in your front now...

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestEraseMEspam.....mitvma.mit.edu


2001\05\26@155857 by Peter L. Berghold

flavicon
face
At 12:25 PM 5/26/2001 -0400, Andy N1YEW wrote:


>dont mention c a r n i v o r e in any emails or you will be logged unless
>you have earthlink(carnivore free)
>

Actually... I've been known to send emails between my multiple accounts
composed of nothing but a string of "watched words" just to see what
happens. So far nothing....

If I don't want outsiders to see what I'm emailing I'll just encrypt it
anyway...



-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L.
Berghold                                                    EraseMEPeterspamBerghold.Net
Schooner Technology Consulting                            CELL: (732) 539-7920
Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI, mod_perl

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestEraseMEspamEraseMEmitvma.mit.edu


2001\05\26@155910 by Peter L. Berghold

flavicon
face
At 01:58 PM 5/26/2001 -0300, you wrote:
> >dont mention c a r n i v o r e in any emails or you will be logged unless
> >you have earthlink(carnivore free)
>
>         Carnivore! Carnivore! CARNIVORE!!! F*** the carnivore!!! :oPPP
>
>         And the big brother is watching you...Its in your front now...
>

So... you mean if we were to have an off topic discussion about CARNIVOREs
such as dogs, wolves, coyotes, then somewhere there is a  mail watching
program allegedly called "Carnivore" that will detect the word CARNIVORE in
my email and put it on its CARNIVORE list?

Kool! ;-)



-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L.
Berghold                                                    RemoveMEPeterspam_OUTspamKILLspamBerghold.Net
Schooner Technology Consulting                            CELL: (732) 539-7920
Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI, mod_perl

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestTakeThisOuTspamspammitvma.mit.edu


2001\05\26@165134 by Andy N1YEW

picon face
me too that is why i got gpg :-)

andy
----- Original Message -----
From: "Peter L. Berghold" <EraseMEPeterspamspamspamBeGoneBERGHOLD.NET>
To: <RemoveMEPICLISTKILLspamspamMITVMA.MIT.EDU>
Sent: Saturday, May 26, 2001 1:35 PM
Subject: Re: [OT]: Mail viruses/Internet Security


{Quote hidden}

PeterSTOPspamspamspam_OUTBerghold.Net
> Schooner Technology Consulting                            CELL: (732)
539-7920
> Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI,
mod_perl
>
> --
> http://www.piclist.com hint: To leave the PICList
> spamBeGonepiclist-unsubscribe-requestSTOPspamspamEraseMEmitvma.mit.edu
>
>
>

--
http://www.piclist.com hint: To leave the PICList
KILLspampiclist-unsubscribe-requestspamBeGonespammitvma.mit.edu


2001\05\26@165343 by Andy N1YEW

picon face
hi
----- Original Message -----
From: "Peter L. Berghold" <EraseMEPeterspamEraseMEBERGHOLD.NET>
To: <@spam@PICLIST@spam@spamspam_OUTMITVMA.MIT.EDU>
Sent: Saturday, May 26, 2001 1:37 PM
Subject: Re: [OT]: Mail viruses/Internet Security


> At 01:58 PM 5/26/2001 -0300, you wrote:
> > >dont mention c a r n i v o r e in any emails or you will be logged
unless
> > >you have earthlink(carnivore free)
> >
> >         Carnivore! Carnivore! CARNIVORE!!! F*** the carnivore!!! :oPPP
> >
> >         And the big brother is watching you...Its in your front now...
> >
>
> So... you mean if we were to have an off topic discussion about CARNIVOREs
> such as dogs, wolves, coyotes, then somewhere there is a  mail watching
> program allegedly called "Carnivore" that will detect the word CARNIVORE
in
> my email and put it on its CARNIVORE list?
>
> Kool! ;-)

basically.  you just get logged and unless ur wanted they cant access the
logs ;-)

>
>
>
> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> Peter L.
> Berghold
spamBeGonePeterspamKILLspamBerghold.Net
> Schooner Technology Consulting                            CELL: (732)
539-7920
> Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI,
mod_perl
>
> --
> http://www.piclist.com hint: To leave the PICList
> .....piclist-unsubscribe-requestspam_OUTspammitvma.mit.edu
>
>
>

--
http://www.piclist.com hint: To leave the PICList
TakeThisOuTpiclist-unsubscribe-request.....spamTakeThisOuTmitvma.mit.edu


2001\05\26@171255 by Peter L. Berghold

flavicon
face
At 04:52 PM 5/26/2001 -0400, you wrote:

>basically.  you just get logged and unless ur wanted they cant access the
>logs ;-)
>

OK.. I'll be modfying my mischief CRON job to include the word "Carnivore!" ;-)



-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Peter L.
Berghold                                                    TakeThisOuTPeterKILLspamspamspamBerghold.Net
Schooner Technology Consulting                            CELL: (732) 539-7920
Unix Professional Services:              Sun/Solaris, Perl, Perl/CGI, mod_perl

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestspamRemoveMEmitvma.mit.edu


2001\05\26@190524 by michael brown

flavicon
face
> i already knew that :-)
>
> dont mention c a r n i v o r e in any emails or you will be logged unless
> you have earthlink(carnivore free)
>
> andrew
Really.  You may be interested in this then. http://grc.com/su/earthlink.htm

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestspamspamBeGonemitvma.mit.edu


2001\05\26@194809 by Alexandre Domingos F. Souza

flavicon
face
>me too that is why i got gpg :-)

       Would gpg be an encrypted form of pgp? :o)

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-request@spam@spamspam_OUTmitvma.mit.edu


2001\05\26@195216 by Alexandre Domingos F. Souza

flavicon
face
>> dont mention c a r n i v o r e in any emails or you will be logged unless
>> you have earthlink(carnivore free)
>Really.  You may be interested in this then. http://grc.com/su/earthlink.htm

       BTW, Steve Gibson is someone that deserves all my respect. Excellent programmer and creator of great software :oD

--
http://www.piclist.com hint: To leave the PICList
TakeThisOuTpiclist-unsubscribe-requestspamspammitvma.mit.edu


2001\05\27@002044 by David VanHorn

flavicon
face
At 04:52 PM 5/26/01 -0400, Andy N1YEW wrote:
>hi
>----- Original Message -----
>From: "Peter L. Berghold" <PeterEraseMEspamBERGHOLD.NET>
>To: <RemoveMEPICLISTEraseMEspamspam_OUTMITVMA.MIT.EDU>
>Sent: Saturday, May 26, 2001 1:37 PM
>Subject: Re: [OT]: Mail viruses/Internet Security
>
>
> > At 01:58 PM 5/26/2001 -0300, you wrote:
> > > >dont mention c a r n i v o r e in any emails or you will be logged
>unless
> > > >you have earthlink(carnivore free)

Who told you earthlink is carnivore free?

--
Dave's Engineering Page: http://www.dvanhorn.org

I would have a link to FINDU here in my signature line, but due to the
inability of sysadmins at TELOCITY to differentiate a signature line from
the text of an email, I am forbidden to have it.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\05\27@090340 by Andy N1YEW

picon face
www.stopcarnivore.com
----- Original Message -----
From: "David VanHorn" <@spam@dvanhornRemoveMEspamEraseMECEDAR.NET>
To: <EraseMEPICLISTspam@spam@MITVMA.MIT.EDU>
Sent: Sunday, May 27, 2001 12:02 AM
Subject: Re: [OT]: Mail viruses/Internet Security


{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\05\27@090517 by Andy N1YEW

picon face
no gpg is GNU Privacy Guard. :-)

2048 bit encryption should be strong enough, considering it took about
160,000 PII 233's to crack RC4 (56 bit key) in 3 months.  thats a lot of
power (http://www.distributed.net/)
check my stats by entering my email :)
{Original Message removed}


'[OT]: Autorunning Viruses in Internet Explorer <-'
2001\11\11@185104 by Russell McMahon
picon face
The recent infection of some systems due to an AUTORUNNING virus script MAY
relate to the following problem.

Internet Explorer has a loophole which can be used to run virus files when
email is viewed even if the attachment is not opened !!!!
Well done Microsoft!

There are TWO patches referenced below.
MS0-020 covers the above problem (540 kB)
MS0-027 covers this problem plus some later less dangerous ones. (2 MB)

Installing patch MS0-027 is probably preferred but is rather larger to
download..

Details of the problem and a patch for Internet Explorer 5.01 and 5.5 is
given by Microsoft at -

Description

MS01-020
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-020.asp

MS01-027
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-027.asp

Be sure to choose correct browser version.





     Russell McMahon
_____________________________


From: "Bob Ammerman" <rammermanspamBeGonespamADELPHIA.NET>
To: <RemoveMEPICLIST@spam@spamspamBeGoneMITVMA.MIT.EDU>
Sent: Monday, 12 November 2001 14:17
Subject: Re: [OT]:Virus anyone ?


> {Original Message removed}

2001\11\12@110705 by Bob Blick

face
flavicon
face
On Mon, 12 Nov 2001, Russell McMahon wrote:
>
> Be sure to choose correct browser version.
>

That'd be Konqueror :-)

Cheers,

Bob Blick

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-request@spam@spamEraseMEmitvma.mit.edu


'[PICLIST] viruses'
2001\11\20@210128 by Kathy Quinlan

flavicon
face
goddess I hate some ppl, in one hour I have had 20 spam emails and 4 viruses
:o(


sigh

Kat.

____________________________________________________________________________
/"\   ASCII Ribbon Campaign  |        K.A.Q. Electronics
\ / - NO HTML/RTF in e-mail | Software and Electronic Engineering
X  - NO Word docs in e-mail  |      Perth Western Australia
/ \                                            |        Ph +61 419 923 731
____________________________________________________________________________

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\11\20@211913 by David VanHorn

flavicon
face
At 10:02 AM 11/21/01 +0800, Kathy Quinlan wrote:
>goddess I hate some ppl, in one hour I have had 20 spam emails and 4 viruses
>:o(

It always seems to peak around the holidays.
It's definitely worse this year.

Spam-seeking missile? :)
--
Dave's Engineering Page: http://www.dvanhorn.org

Got a need to read Bar codes?  http://www.barcodechip.com
Bi-directional read of UPC-A, UPC-E, EAN-8, EAN-13, JAN, and Bookland, with
two or five digit supplemental codes, in an 8 pin chip, with NO external parts.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\11\21@040113 by cdb

flavicon
face
Spam is easy to get rid of. Put your computer between two slice of bread and
butter or fry it with chips (frys). Then eat.

Ohh THAT kind of spam.

colin

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email .....listservRemoveMEspammitvma.mit.edu with SET PICList DIGEST in the body


2001\11\21@054224 by Kathy Quinlan

flavicon
face
A pom after my own heart, fried spam is yummy :o)

I think most of it is coming off the freebsd questions mailing list :o(

Regards,

Kat.

____________________________________________________________________________
/"\   ASCII Ribbon Campaign  |        K.A.Q. Electronics
\ / - NO HTML/RTF in e-mail | Software and Electronic Engineering
X  - NO Word docs in e-mail  |      Perth Western Australia
/ \                                            |        Ph +61 419 923 731
____________________________________________________________________________


{Original Message removed}

2001\11\21@071106 by cdb

flavicon
face
Brings back memories of school lunches (shudder)

colin

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email .....listservSTOPspamspam@spam@mitvma.mit.edu with SET PICList DIGEST in the body


2001\11\21@075550 by Kathy Quinlan

flavicon
face
naa that was ravioli <sp?> on Fridays ;o)

Regards,

Kat.

____________________________________________________________________________
/"\   ASCII Ribbon Campaign  |        K.A.Q. Electronics
\ / - NO HTML/RTF in e-mail | Software and Electronic Engineering
X  - NO Word docs in e-mail  |      Perth Western Australia
/ \                                            |        Ph +61 419 923 731
____________________________________________________________________________


{Original Message removed}

2001\11\29@074851 by Jinx

face picon face
I've just had the Win32.badtrans.29020 virus come into my mailbox

From Mark Munday, subject Re:  attached file HAMPSTER.DOC.PIF

Real-time AV s/w caught it and disposed of it. If Mark Munday is on
this list, clean your PC up pal and get some proper AV s/w. The only
way viruses propogate is by being passed on, to state the obvious

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\11\29@220724 by Quentin

flavicon
face
Maybe this will help somebody. A tip I got (and not used, I don't use
IE).

-----------
To avoid spreading computer viruses, create a contact in your email
address book with the name !0000 with no email address in the details.

This contact will then show up as your first contact. If a virus
attempts to do a "send all" on your contact list, your PC will put up an
error message saying that: "The Message could not be sent. One or more
recipients do not have an e-mail address. Please check your Address Book
and make sure all the recipients have a valid e-mail address."

You click on OK and the offending (virus) message would not have been
sent to anyone. Of course no changes have been made to your original
contacts list. The offending (virus) message may then be automatically
stored in your "Drafts" or
"Outbox" folder. Go in there and delete the offending message. Problem
is solved and virus is not spread.
------------

Q..

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\11\29@233735 by Jinx

face picon face
> To avoid spreading computer viruses, create a contact in your
> email address book with the name !0000 with no email address
> in the details.

Good idea. Although I've been as careful as I can not to spread
them, there will no doubt come a day when one slips by. And to
flog the dead horse one last time, I just do not understand why
anyone would risk being on the web these days without AV s/w.
You may think "big deal if I get a bug" until your BIOS gets trashed
or files get scrambled or worse

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics



'[PICLIST] [OT] viruses'
2001\12\01@032355 by Jinx
face picon face
From a discussion paper on MIME vulnerability at Microsoft's site.
Nice to see the chicks get a mention as possible perps

"An attacker could use this vulnerability in either of two scenarios. She
could host an affected HTML e-mail on a web site and try to persuade
another user to visit it, at which point script on a web page could open
the mail and initiate the executable. Alternatively, she could send the
HTML mail directly to the user. In either case, the executable attachment,
if it ran, would be limited only by user's permissions on the system"

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservEraseMEspam@spam@mitvma.mit.edu with SET PICList DIGEST in the body


2001\12\03@063159 by Jinx

face picon face
> To avoid spreading computer viruses, create a contact in your
> email address book with the name !0000 with no email address
> in the details.

I sent your suggestion to a bunch of people a few days ago. One
person who didn't try it got infected and sent me badtrans this
morning. She's now kicking herself, not because she got caught
but out of embarrassment. However, it did work for one other
person who got infected on Saturday and wasn't aware of it until
OE choked trying a mail-out. This badtrans seems to be quite
prevalent, I've had 6 sent to me in the past week

cheers

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\12\03@142003 by Brandon Fosdick

flavicon
face
Jinx wrote:
>
> > To avoid spreading computer viruses, create a contact in your
> > email address book with the name !0000 with no email address
> > in the details.
>
> I sent your suggestion to a bunch of people a few days ago. One
> person who didn't try it got infected and sent me badtrans this
> morning. She's now kicking herself, not because she got caught
> but out of embarrassment. However, it did work for one other
> person who got infected on Saturday and wasn't aware of it until
> OE choked trying a mail-out. This badtrans seems to be quite
> prevalent, I've had 6 sent to me in the past week

I haven't gotten any sent to me yet. I never get any of the good virii. I feel
so left out. :)

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\12\03@145202 by Dipperstein, Michael

face picon face
The !0000 trick won't work for all forms of badtrans, there's one, which hit my
wife that sends e-mail to addresses of senders in your deleted folder.

As it turned out there were several bogus spammer addresses that tipped her off
to the worm.  I wonder if there were any spammers with legitimate addresses that
got hit.

-Mike

{Original Message removed}

2001\12\03@174935 by Dale Botkin

flavicon
face
On Mon, 3 Dec 2001, Dipperstein, Michael wrote:

> The !0000 trick won't work for all forms of badtrans, there's one, which hit my
> wife that sends e-mail to addresses of senders in your deleted folder.
>
> As it turned out there were several bogus spammer addresses that tipped her off
> to the worm.  I wonder if there were any spammers with legitimate addresses that
> got hit.

We can hope.

Dale

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\12\03@194750 by Russell McMahon

picon face
> I haven't gotten any sent to me yet. I never get any of the good virii. I
feel
> so left out. :)

I get a steady stream. Which ones would you like me to send you ?
:-)

       RM

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


2001\12\04@184320 by Jinx

face picon face
> > I haven't gotten any sent to me yet. I never get any of the good virii.
I
> feel
> > so left out. :)
>
> I get a steady stream. Which ones would you like me to send you ?
> :-)
>
>         RM

Send him the new one Russell. It's supposed to be nasty and doing
the rounds. You might have it, but I can honestly say I haven't got
Goner 'ere

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\12\04@185510 by Dipperstein, Michael

face picon face
> From: Jinx [RemoveMEjoecolquittspamspamBeGoneclear.net.nz]
> Send him the new one Russell. It's supposed to be nasty and doing
> the rounds. You might have it, but I can honestly say I haven't got
> Goner 'ere

I've received a few copies of it.  It seems to be circulating around the
corporate address book.  If you'd like I can send you a copy, it's simple yet
brutal.

-Mike

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\12\04@185604 by Brandon Fosdick

flavicon
face
Jinx wrote:
>
> > > I haven't gotten any sent to me yet. I never get any of the good virii.
> I
> > feel
> > > so left out. :)
> >
> > I get a steady stream. Which ones would you like me to send you ?
> > :-)
> >
> >         RM
>
> Send him the new one Russell. It's supposed to be nasty and doing
> the rounds. You might have it, but I can honestly say I haven't got
> Goner 'ere

Ok, I spoke too soon. I've been getting copies of Goner all day long from the
FreeBSD lists. That'll teach me to open my big mouth.

Why don't the spam filtering networks take care of this stuff?

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\12\04@204431 by John Ferrell

flavicon
face
> Why don't the spam filtering networks take care of this stuff?

I once thought that would be a good idea. However, I think we are better off
in the long run if the internet remains unaware of the data context.
Anything that pursues the context of the message is in a position to censor
the data stream.

John Ferrell
6241 Phillippi Rd
Julian NC 27283
Phone: (336)685-9606
Dixie Competition Products
NSRCA 479 AMA 4190  W8CCW
"My Competition is Not My Enemy"



{Original Message removed}

2001\12\04@232411 by Jinx

face picon face
> Ok, I spoke too soon. I've been getting copies of Goner all day long
> from the FreeBSD lists. That'll teach me to open my big mouth

See ? Somebody loves you after all

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics



'[OT:] More Viruses'
2003\08\13@160549 by R Prosser
flavicon
face
AFAIK Russel is still overseas. The emails are probably origonating from
somewhere else but using his details.
RP




James, you need to block this "Russel McMahon" guy. His machine is badly
infected with viruses. I got three already today.

Thanks!

--Bob

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email spamBeGonelistservKILLspamspam@spam@mitvma.mit.edu with SET PICList DIGEST in the body

'[PIC:] URGENT - viruses with piclist headers'
2003\08\14@175449 by Peter L. Peres

picon face
> James, you need to block this "Russel McMahon" guy. His machine is badly
> infected with viruses. I got three already today.

For the past two days or so there have been hundreds of viruses sent to
various piclist members, appearing to come from me (plp) and others. They
bear old piclist message subjects. The only sure thing about them is that
the do NOT come from whom they appear to be coming. Russell is
incommunicado (probably travelling), and I run Linux and a pretty tight
firewall. Again: beware of messages with 'old' subjects and do not jump to
conclusions as to the origin of the virus email. It is NOT from whom it
appears to be.

Peter

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestspam_OUTspam@spam@mitvma.mit.edu

2003\08\14@181147 by Picdude

flavicon
face
And... it seems that the spammers finally got a hold of my piclist email address, which I use only for the piclist.  As of a few days ago, I've started receiving spam at this address.  I'll have to switch again and block off this one soon.

<sigh>,
-Neil.


On Thursday 14 August 2003 16:46, Peter L. Peres scribbled:
{Quote hidden}

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-request@spam@spammitvma.mit.edu

2003\08\14@190210 by Bob Axtell

face picon face
I figured it out yesterday, Peter.

Thanks.

At 12:46 AM 8/15/2003 +0300, you wrote:
{Quote hidden}

--------------
Bob Axtell
PIC Hardware & Firmware Dev
Tucson, AZ
1-512-219-2363

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-requestspam_OUTspamRemoveMEmitvma.mit.edu

2003\08\14@212128 by Dale Botkin

flavicon
face
On Thu, 14 Aug 2003, Picdude wrote:

> And... it seems that the spammers finally got a hold of my piclist email
> address, which I use only for the piclist.  As of a few days ago, I've
> started receiving spam at this address.  I'll have to switch again and block
> off this one soon.

Why bother?

<http://www.spamassassin.org>

In the past two days it's snagged 51 SPAM emails, including four copies of
the latest virus.  That's in addition to the 73 more my mail server
rejected due to my Sendmail access filter.  Best thing I've ever found to
squash SPAM.

Dale
--
It's a thankless job, but I've got a lot of Karma to burn off.
PicoKeyer is available for the Rock-Mite! http://www.hamgadgets.com

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestspamRemoveMEmitvma.mit.edu

2003\08\15@024103 by Picdude

flavicon
face
On Thursday 14 August 2003 20:20, Dale Botkin scribbled:
> On Thu, 14 Aug 2003, Picdude wrote:
> > And... it seems that the spammers finally got a hold of my piclist email
> > address, which I use only for the piclist.  As of a few days ago, I've
> > started receiving spam at this address.  I'll have to switch again and
> > block off this one soon.
>
> Why bother?
>
> <http://www.spamassassin.org>
>
> In the past two days it's snagged 51 SPAM emails, including four copies of
> the latest virus.  That's in addition to the 73 more my mail server
> rejected due to my Sendmail access filter.  Best thing I've ever found to
> squash SPAM.

Agreed.  I've looked at this before, and almost used it, but I like being able to know *who* actually sent the spam.  I've busted many companies, even though their privacy policy claimed otherwise.  One of the latest is buy.com, btw.  Another popular spot to never give your email address to is eio.com .  Mostly these companies blatantly sell the email addresses, but in some cases I have reason to believe that they're harvested.

Cheers,
-Neil.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@055058 by Nigel Orr

flavicon
face
pic microcontroller discussion list <> wrote on Thursday, August 14, 2003
10:46 PM:

> For the past two days or so there have been hundreds of viruses sent
> to various piclist members, appearing to come from me (plp) and
> others.

I've now received two of these, the second with the correct return address
for Peter (the first was @FLASH.NET).  They both appear to have originated
from Canada, the second was from a machine at ulaval.ca, confirmed by the
site admin there.

As Peter says, look at the headers before jumping to conclusions.  And,
more importantly, if you don't have an anti-virus (or a more secure
operating system!), GET ONE (AVG from grisoft.com is a reasonably good free
one)!

Nigel
--
Nigel Orr, Design Engineer                 nigelspam@spam@axoninstruments.co.uk
Axon Instruments Ltd., Wardes Road,Inverurie,Aberdeenshire,UK,AB51 3TT
              Tel:+44 1467 622332 Fax:+44 1467 625235
                  http://www.axoninstruments.co.uk

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@092750 by Dale Botkin

flavicon
face
(Tag changed as it's not really PIC related)

On Fri, 15 Aug 2003, Picdude wrote:

{Quote hidden}

Why wouldn't you?  I can still see the complete original mail, headers and
all...  I just have SA tag it and toss it in a SPAM folder, which I
periodically scan for false positives (quite rare) and submit en masse to
Razor.

Dale
--
It's a thankless job, but I've got a lot of Karma to burn off.
PicoKeyer is available for the Rock-Mite! http://www.hamgadgets.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@094022 by Olin Lathrop

face picon face
> Agreed.  I've looked at this before, and almost used it, but I like
> being able to know *who* actually sent the spam.  I've busted many
> companies, even though their privacy policy claimed otherwise.  One of
> the latest is buy.com, btw.  Another popular spot to never give your
> email address to is eio.com . Mostly these companies blatantly sell the
> email addresses, but in some cases I have reason to believe that
> they're harvested.

I run my own email server, so this solution isn't for everyone, but I make
up a unique email address for every different contact I have to provide on
a web page.  This makes it very easy to tell who gave my email address to
a spammer, and to shut off that channel selectively by disabling that
address.

For example, if I'm buying something from crapco.com, I'll make up a new
email address something like EraseMEcrapcoRemoveMEspamSTOPspamembedinc.com.  Another good trick if
there is no legitimate reason that crapco needs my email address but they
require it anyway, just fill in RemoveMEsalesKILLspamspamTakeThisOuTcrapco.com.  The same thing works if
a fax address is required (there's almost never a legitimate reason for
that).  Just fill in the Crapco's own toll free number.


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@104024 by Intosh, Ph.D.

flavicon
face
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

source= http://www.piclist.com/piclist/2003/08/15/024103a.txt?

By now, many of you know that I use PGP signatures.
Why?

PGP keys themselves can be signed.  The signature protocol requires
positive identity.  These signatures are a "letter of introduction."

The network of signatures is isomorphic to a neural network.

A private IMAP4 server can have internal knowledge of this neural network.

A standard email client, such as Eudora, easily lets you move an email
between "folders."

The same private IMAP4 server can have internal knowledge of the "Spam"
folder, and train its neural network.

People who introduce spammers are depreciated.
The source of email is known.
Most Spam I see involves sender identity deception or other fraud.
The spam problem itself will drive adoption of this, or a similar solution.


http://www.biglumber.com gives help in connecting to the PGP web of trust.



- ---
Aubrey  McIntosh
http://www.piclist.com/member/AM-vima-Y84
PIC/PICList FAQ: http://www.piclist.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPzzwYQKlSw8yssF7EQI6MQCg8lE6cXolbYJD168LDiokgfjx7IEAoP5Q
v1yM8o5rwpOAkw7squBAjZ+s
=7qIA
-----END PGP SIGNATURE-----

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@110714 by Bob Axtell

face picon face
Sadly, Aubrey, everything you say is exactly correct. The future will have
SOME form of encryption and ID verification.

I have privacy issues, too. In fact, I encrypt client critical files
routinely. But it caused me grief from US Homeland security. They began
intercepting my encrypted emails. Emails simply vanished from the betwork
while they cracked them. One it was held back 6 weeks (one I did with
Blowfish). When they finally passed it on, they doctored the headers so
that it appeared to have been sent today. SO, I now have the msg below on
all encrypted emails, no more problems.

So, if you started using PGP on all emails, it'll drive the Feds crazy.

--Bob


At 09:38 AM 8/15/2003 -0500, you wrote:
{Quote hidden}

--------------
Bob Axtell
PIC Hardware & Firmware Dev
Tucson, AZ
1-512-219-2363

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@113808 by Bob Axtell

face picon face
OOps, forgot the special footer.

At 08:07 AM 8/15/2003 -0700, you wrote:
{Quote hidden}

---------------
NOTICE

1. This account can accept email & attachments up to 10M in size.
2. Federal Monitors: At request of client, some attachments are encrypted.
Please DO NOT delay traffic; please reply with credentials for password.
--------------

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@125745 by Picdude

flavicon
face
On Friday 15 August 2003 08:34, Olin Lathrop scribbled:
{Quote hidden}

Yes, that's exactly what I do, and what I was referring to above.  It's a great system that works.  What's especially interesting is that some spam mail starts a year or more after I last used some email address.

I don't run my own email server, but I have full control over the emails for the domains I own.

Cheers,
-Neil.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@130318 by Robert Reimiller

flavicon
face
On Fri, 15 Aug 2003 10:49:55 +0100, you wrote:
>As Peter says, look at the headers before jumping to conclusions.  And,
>
You can find the true sender of an email using spamcop.net

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@130322 by Picdude

flavicon
face
On Friday 15 August 2003 08:27, Dale Botkin scribbled:
> > Agreed.  I've looked at this before, and almost used it, but I like being
> > able to know *who* actually sent the spam.
>
> Why wouldn't you?  I can still see the complete original mail, headers and
> all...  I just have SA tag it and toss it in a SPAM folder, which I
> periodically scan for false positives (quite rare) and submit en masse to
> Razor.

With my simple system, I know the offender immediately due to the email address they sent it to in the the header.  But with everyone using one email address to me, I'll have to trace thru the headers, and there's no guarantee I would find the offender.  And to me, the offender is not so much the person that sends the email, but the company that violated their privacy policy by selling my contact info.

My hosting provider does also provide some level of SPAM detection, and will prefix the subject with "SPAM:".  I send those to a separate folder and will check thru it as well for false positives, which I do find occassionally.  Their virus detection is also great btw, and they'll send me a virus notification before still sending the email.

Cheers,
-Neil.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\15@232304 by p.cousens

flavicon
Just got my first
Proporting to be from Russell [apptechspamspamPARADISE.NET.NZ].
Originating in Canada.
It went to my spam list folder , so the originating site must be on the
spam list I have.
I have just deleted it

Question. What virus is it
The message did not have an attachment

Peter Cousens
spam_OUTcousensspam_OUTspamspam_OUTbiscit.biz

> {Original Message removed}

2003\08\18@092940 by Mike Hord

picon face
>Just got my first
>  Proporting to be from Russell [apptechspam_OUTspamPARADISE.NET.NZ].
>Originating in Canada.
>It went to my spam list folder , so the originating site must be on the
>spam list I have.
>I have just deleted it
>
>Question. What virus is it
>  The message did not have an attachment

I'm not sure what the virus is, but had you clicked through on the links
in the e-mail, which claim to provide more info on the content of the
e-mail, that's where you get hooked.

Mike H.

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email RemoveMElistservKILLspamspam@spam@mitvma.mit.edu with SET PICList DIGEST in the body


'[OT] Viruses are getting smarter'
2004\10\22@201850 by Alex Harford
face picon face
I haven't seen this one before:

-----------------------------------
Hello user of Gmail.com e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

For more information see the attached file.

Attached file is protected with the password for security reasons. Password is

The Management,
   The Gmail.com team                 http://www.gmail.com
-------------------------------------

And it has some files attached.

Still trying to track down who sent it to me.

Alex
____________________________________________

2004\10\22@204626 by Don Taylor

flavicon
face

On Fri, 22 Oct 2004, Alex Harford wrote:
> I haven't seen this one before:
> -----------------------------------
> Hello user of Gmail.com e-mail server,
>
> Our antivirus software has detected a large ammount of viruses outgoing
> from your email account, you may use our free anti-virus tool to clean up
> your computer software.
>
> For more information see the attached file.

I've seen the same virus bilge many times, ihug.co.nz flushed a bunch of these

> Attached file is protected with the password for security reasons. Password is
>
> The Management,
>     The Gmail.com team                 http://www.gmail.com
> -------------------------------------
>
> And it has some files attached.
>
> Still trying to track down who sent it to me.

At least for some mailers, if you save the message, sometimes conveniently
in a brand new file/name, compose a new message and then read in the file
you just saved to you will often get all the headers, forged and legit,
for you to use to track down the source.

If you have trouble figuring the source you can send me the complete
message, but with a "VIRUS MAIL ENCLOSED" subject line.  Any mail I
get with that I know is someone passing me virus mail to diagnose or
to send complaints for.

don
Email address is valid, I bait Swen with it.
54797 Swen virus mail received and reported, thus far.

> Alex
> ______________________________________________

2004\10\25@102823 by Joe Jansen

picon face
Also, in gmail, you can click the More Options link at the top of the
message to get a partial header, then click Show Original and you will
get the full header info.

--Joe


On Fri, 22 Oct 2004 17:18:39 -0700, Alex Harford <harfordspamBeGonespam.....gmail.com> wrote:
{Quote hidden}

> ______________________________________________

More... (looser matching)
- Last day of these posts
- In 2004 , 2005 only
- Today
- New search...