Announcement

Collapse
No announcement yet.

Email virus - do you have one?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Email virus - do you have one?

    Someone mentioned some time ago that some of the viruii that affect your email will send out fake email and make it look as it it comes from your address book. I have recently started receiving "undeliverable" type emails. I have checked, and the originals are NOT in my sent folder, though I suppose that could be misleading. Why am I asking here? one of them was undeliverable to [email protected].

  • #2
    Ah...

    It's very possible you may have a virus...

    Number one question, did you recently send anything to any of the people who you are receiving the undeliverable messages from? If not, then I'd start to worry right there. Also check your address book and see if those people are listed there.

    Second, what email program are you using? I know Outlook Express has a habit of saving email addresses of everyone you send email to. Which means they end up in your address book.

    How email viruses work is they tend to go through your address book and do a mass mailing to everyone there. So basically, your friends, family, and everyone you know gets a copy of the virus, courtesy of you =(

    definitely may want to Update your virus definitions and run a full virus scan on your system. And if you don't have a virus scanner....get one! Every computer should have one installed, or around so it can be installed when needed (least IMHO).
    http://members.cox.net/jessamynsarmor/heraldic.html



    http://www.magelo.com/eq_view_profile.html?num=163245Magelo

    Comment


    • #3
      I use Netscape for email, and I've never sent any email that I know of to the people the undeliverables were sent to. I have about five emails in my address book, since I rarely use it, and netscape DOESN'T save them. I did use Outlook for a short time, but given the one I mentioned (the eq2news) would be very recent and that was some time ago, I would imagine it's not running through that, assuming that the virus could run without my starting the software.

      I have, um, *ponders* I think it was AVG, the freeware one the House Ogre recommended, and it updates itself. I'll make sure I rerun it tonight, but I have this sinking feeling it's NOT my computer, so I can't fix it that easily.

      Thank you for the advice, though.

      Comment


      • #4
        Another thing to know about e-mail virii -

        They often use someone else's e-mail address to delay detection.

        Example:
        <ul><li>Infected user a [email protected] has an e-mail virus.
        <li>His computer sends out 2,000 copies of itself, but changes the From: field in all the copies to some address victim has in his address book. Maybe yours.
        <li>2,000 recipients blame <b>you</b> for sending them a virus, or <b>you</b> get all the bounce messages.</ul>

        The best thing you can do is to ensure that <b>YOU</b> have an up to date virus scanner and firewall installed on your computer, and get everyone with whom you exchange e-mail to <strong>do the same thing</strong>.
        Lothay retired from EQ in 2003
        EQ Traders - Moderator - MySpace or LiveJournal

        Comment


        • #5
          If you use Netscape the odds are very very low you actually have a virus. Most likely someone that has YOU in their OUTLOOK addressbook has a virus.


          Welp, fess up. Who out there has Heartsong and EQStratics news BOTH in their Outlook address book.


          Heartsong, if you post the FULL headers from the emails that bounce back to you, we can very likely track down who actually sent the email, or at least rough idea of their description.

          Comment


          • #6
            Thats why I love using Linux at my job

            Comment


            • #7
              I'll see what I can do when I get home, although I will only have how much of the header the offended (rather than offending) postmaster has sent me, and I don't believe either of them have sent the full thing.

              I also posted this over on the PoM board I moderate, but I imagine even fewer people there have my email...

              Comment


              • #8
                Hah, one did include the full header.

                From &lt;[email protected]> Wed Dec 11 05:21:07 2002
                Received: from stratics3.stratics.com (mail.stratics.com [209.194.105.22])
                by mx6.mx.voyager.net (8.12.6/8.10.2) with ESMTP id gBBAKs1g018031
                for &lt;[email protected]>; Wed, 11 Dec 2002 05:20:55 -0500 (EST)
                Received: from smtp-01-003.root-mail.com (smtp-01-003.root-mail.com [64.7.192.136] (may be forged))
                by stratics3.stratics.com (8.11.3/8.11.3) with ESMTP id gBBAKik20008
                for &lt;[email protected]>; Wed, 11 Dec 2002 05:20:44 -0500
                Received: from Delg (24-148-68-228.na.21stcentury.net [24.148.68.228])
                by smtp-01-003.root-mail.com (8.12.3/8.12.3) with SMTP id gBBAK7jq007630
                for &lt;[email protected]>; Wed, 11 Dec 2002 02:20:07 -0800
                Date: Wed, 11 Dec 2002 02:20:07 -0800
                Message-Id: &lt;[email protected]>
                From: krilia &lt;[email protected]>
                To: [email protected]
                Subject: Fw:eq2news,spice girls' vocal concert
                MIME-Version: 1.0
                Content-Type: multipart/alternative;
                boundary=Db903Z71n26s67tKV66865q18OQ2XO884M2Q
                Status: U
                --Db903Z71n26s67tKV66865q18OQ2XO884M2Q
                Content-Type: text/html;
                Content-Transfer-Encoding: quoted-printable

                &lt;HTML>&lt;HEAD>&lt;/HEAD>&lt;BODY>
                &lt;iframe src=3Dcid2S246S79IP54cM885 height=3D0 width=3D0>
                &lt;/iframe>
                &lt;FONT>&lt;/FONT>&lt;/BODY>&lt;/HTML>

                --Db903Z71n26s67tKV66865q18OQ2XO884M2Q
                Content-Type: audio/x-midi;
                name=notice .scr
                Content-Transfer-Encoding: base64
                Content-ID: &lt;D2S246S79IP54cM885>

                Comment


                • #9
                  from Delg (24-148-68-228.na.21stcentury.net [24.148.68.228])

                  Thats the person with the virus


                  I have to deal with this weekly as my site get flooded this person and others. I have a list of 85 people who have or had a virus on thier system that have hit my site and the one listed above is on my list.

                  send an e-mail to [email protected] with the header that you posted with the subject line VIRUS SPAM DETECTED from (24-148-68-228.na.21stcentury.net [24.148.68.228])

                  They will inform the person and either a remove thier cable access untill they get it fixed or b turn on virus detection for thier mail servers.

                  or if the person with IP Addy 24.148.68.228 happens to read this board then they can fix it before then
                  There is a Search feature so use it!

                  Comment


                  • #10
                    Thank you very much.

                    Comment


                    • #11
                      Er, but my email to that address got bounced... ? That can't be right...

                      Comment


                      • #12
                        It generally shouldn't bounce, as that usually is a catch all email address. Try 'webmaster' instead.

                        Comment


                        • #13
                          I'll give that a try.

                          Comment

                          Working...
                          X