Attu

Norton has just stopped a virus from webmaster@scoobynet, has some one got a problem ?

Andy

scoobchrissy

iTrader: (1)

I have just got one but dont know who from?

scooby-si

and me

sarasquares

iTrader: (1)

hello

Brit_in_Japan

I had two emails yesterday with the W32/Netsky.c@MM virus attached, Subjects: "Re: unknown" and "stolen". Virus checker picked them up, but these are the first viruses I've ever received. I'm very protective of my email address, never post on BB's etc. Is it possible Scoobynet got infected and then emailed everyone?

Please investigate admin boys & girls.

S.B.

I never got one

Neil Smalley

No, It's one of those spoof the mail header viruses. Just because an email says it's from so and so does'nt mean it actually is. A better(but not infalibile guide) is to look at the full mail header and note down the IP address xxx.yyy.zzz.nnn. If you then go to a whois web page and type in the address it'll tell you where (more or less) it came from.

salsa-king

I had it... also had >>>>@sidc.co.uk emails with virus too over the lsat week.
Just deleted them with out opening .
not that persons fault.. just scanned Emails address's from somes address book who had them in it... arn't they?

CHRIS_D

im getting these 3-4 times daily

I'm not sayings its related, but its happened since the launch of SN3 and all the e-mail addresses seem to be SN users, ie Redkop, pele etc etc

the subject usually refers to 'stolen' or something similar. always contains an attachment which is picked up and deleted by norton.

annoying cos i have now blocked a lot of SN users

chris

Danny B

I am getting about 4 of these bloody things a day, I never ever used to get them before my e-mail address went public on Scoobynet.

Here are the headers of one I recieved a few mins ago

From: =?iso-8859-1?q?"Yahoo!=20Mail=20Virus=20Protection=20<mail-antivirus@yaho?=
=?iso-8859-1?q?o-inc.com>"?=
To: d.blanchfield@btinternet.com
Date: Sun, 29 Feb 2004 12:15:28 +0000
Subject: =?iso-8859-1?q?"Alert:=20Virus=20Detected=20but=20not=20Clean ed=20-=20Att?=
=?iso-8859-1?q?achment=20Removed"?= [hello]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="0-71823840-1078056948-11963"
--0-71823840-1078056948-11963
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
"Yahoo! Mail Virus Protection detected the virus '"W32.Netsky.B@mm"' in the file '"part2.zip"', attached to the enclosed email message. We scanned the file using Norton AntiVirus but were unable to clean it. Therefore, we removed the content of the attachment from the message. Please contact the message sender if you want to receive the attachment. They must clean the file and resend it before we can deliver it to you safely.
"
"Yahoo! Mail successfully cleans most infected attachments, which protects you from viruses.
"
--0-71823840-1078056948-11963
Content-Type: message/rfc822
X-Apparently-To: d.blanchfield@btinternet.com via 217.12.12.68; Sun, 29 Feb 2004 12:15:32 +0000
X-YahooFilteredBulk: 213.105.108.200
X-Originating-IP: [213.105.108.200]
Return-Path: <kent@rushcorp.com>
Received: from 194.73.73.82 (EHLO praseodumium.btinternet.com) (194.73.73.82)
by mta803.mail.ukl.yahoo.com with SMTP; Sun, 29 Feb 2004 12:15:32 +0000
Received: from cpc1-heck1-3-0-cust200.hudd.cable.ntl.com ([213.105.108.200] helo=btinternet.com)
by praseodumium.btinternet.com with smtp (Exim 3.22 #25)
id 1AxPqy-0003TJ-00
for d.blanchfield@btinternet.com; Sun, 29 Feb 2004 12:15:28 +0000
From: kent@rushcorp.com
To: d.blanchfield@btinternet.com
Subject: hello
Date: Sun, 29 Feb 2004 12:15:28 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="78860140"
Message-Id: <E1AxPqy-0003TJ-00@praseodumium.btinternet.com>
X-Originating-IP: [213.105.108.200]
--78860140
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
something is fool
--78860140
Content-Type: application/x-zip-compressed; name="part2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="part2.zip"

--78860140--

--0-71823840-1078056948-11963


Make any sense to anyone??

Redkop

The email address of the sender will be spoofed, when someone has this virus, it sends it to everyone in their address book using random addresses.

When the Mydoom virus did the rounds about a month ago, I received well over a 1000 emails containing viruses all with addresses replicated from address books being spoofed and nearly all from SN members

farmer1

Perhaps the spoofing programme is nicking all of the email address from a forum and sending it out to most members of the forum with other forum members address as it is more likely for the user to open the mail, thus increasing the chance of the virus spreading.

Possibly going to happen more often on SN3 because they have an off the shelf package.

logiclee

I've also started to get three or four a day, only started happening a few days ago.

Lee

sarasquares

iTrader: (1)

i have had a massive problem...
i was getting some really high risk attempts.....

W32.Beagle.E@mm
W32.Netsky.C@mm
W32.Mydoom.F@mm
W32.Netsky.B@mm etc etc.........
i was able to find residential adresses and ip for some of mine

most of these were very high risk. i was getting about 40 a day

thank god for norton

Danny B

Why is this in computer related, surely this should be in Bugs etc...?

S.B.

Its not a scoobynet problem

sarasquares

iTrader: (1)

dont know diddly-**** about pcs but it could end up being a sn problem is comeone sends emails with viruses.

i got an weird email from sn and was going to send it to someone 'cos i couldnt understand it, good job i didnt!!

there are others out there like me (honestly) that need to be warned so they no what to expect?

ChrisB

These 'new' viruses will also pull e-mail addresses your Internet Explorer cache files, Word documents and the like (ie NOT just your e-mail address book).

The problem is stupid users opening infected e-mails

If you want warning, then check in here as people post the AV alerts. Alternatively, sign up to an e-mail alert list run by an AV company eg:

NAI / McAfee
Symantec / Norton

Chris.

Chris L

I think we should make this clear. This has nothing to do with Scoobynet. Also remember that not only the sender can be spoofed, but also the IP addressing information and possibly, the mail relays used.

There are some really clever gits out there. I've been receiving a steady stream of these as well - some with Scoobynet related email addresses, but most have nothing to do with this site. It is just some berk who has not bothered to protect themselves properly. More annoying is the fact that everything needed to protect yourself is available from the web, free of charge!!

Chris

scooby-si

danny b same as me m8 i never got them before i put my mail address on scoobynet iam getting 2/3 everytime i check my mail

norton sorts it out though

ScoobyDuck

iTrader: (1)

u should be so lucky !

been getting 1200-1400 a DAY , yes a DAY since MyDoom started!

been trying to track down who where etc, but it's hopeless.

Steve

Danny B

Sod that, I'd just ditch the e-mail account.

CHRIS_D

anyone found out how to stop these e-mails ?


ive started to get e-mails complaining about me sending virus's and i've blocked half of the scoobynet users

Idiot proof instructions if possible please

chris

Boro

iTrader: (1)

Si, its just a co-incidence, these viruses are particularly widespread, ive had over 1000 to another email address unconnected with SN and a lesser amount to a few other email addresses too, again unconnected to SN.

It doesnt take much to protect ur emails and if every1 did it would be a whole lot better