Virus from Webmaster@scoobynet
#5
Scooby Regular
Join Date: Sep 2003
Location: No longer Japan !
Posts: 1,742
Likes: 0
Received 0 Likes
on
0 Posts
I had two emails yesterday with the W32/Netsky.c@MM virus attached, Subjects: "Re: unknown" and "stolen". Virus checker picked them up, but these are the first viruses I've ever received. I'm very protective of my email address, never post on BB's etc. Is it possible Scoobynet got infected and then emailed everyone?
Please investigate admin boys & girls.
Please investigate admin boys & girls.
#7
No, It's one of those spoof the mail header viruses. Just because an email says it's from so and so does'nt mean it actually is. A better(but not infalibile guide) is to look at the full mail header and note down the IP address xxx.yyy.zzz.nnn. If you then go to a whois web page and type in the address it'll tell you where (more or less) it came from.
Trending Topics
#8
Scooby Senior
I had it... also had >>>>@sidc.co.uk emails with virus too over the lsat week.
Just deleted them with out opening .
not that persons fault.. just scanned Emails address's from somes address book who had them in it... arn't they?
Just deleted them with out opening .
not that persons fault.. just scanned Emails address's from somes address book who had them in it... arn't they?
#9
Scooby Regular
Join Date: Oct 2001
Location: Here, there and everywhere
Posts: 2,765
Likes: 0
Received 0 Likes
on
0 Posts
im getting these 3-4 times daily
I'm not sayings its related, but its happened since the launch of SN3 and all the e-mail addresses seem to be SN users, ie Redkop, pele etc etc
the subject usually refers to 'stolen' or something similar. always contains an attachment which is picked up and deleted by norton.
annoying cos i have now blocked a lot of SN users
chris
I'm not sayings its related, but its happened since the launch of SN3 and all the e-mail addresses seem to be SN users, ie Redkop, pele etc etc
the subject usually refers to 'stolen' or something similar. always contains an attachment which is picked up and deleted by norton.
annoying cos i have now blocked a lot of SN users
chris
#10
Scooby Regular
Join Date: Oct 2001
Location: Western Canada
Posts: 3,344
Likes: 0
Received 0 Likes
on
0 Posts
I am getting about 4 of these bloody things a day, I never ever used to get them before my e-mail address went public on Scoobynet.
Here are the headers of one I recieved a few mins ago
From: =?iso-8859-1?q?"Yahoo!=20Mail=20Virus=20Protection=20<mail-antivirus@yaho?=
=?iso-8859-1?q?o-inc.com>"?=
To: d.blanchfield@btinternet.com
Date: Sun, 29 Feb 2004 12:15:28 +0000
Subject: =?iso-8859-1?q?"Alert:=20Virus=20Detected=20but=20not=20Clean ed=20-=20Att?=
=?iso-8859-1?q?achment=20Removed"?= [hello]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="0-71823840-1078056948-11963"
--0-71823840-1078056948-11963
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
"Yahoo! Mail Virus Protection detected the virus '"W32.Netsky.B@mm"' in the file '"part2.zip"', attached to the enclosed email message. We scanned the file using Norton AntiVirus but were unable to clean it. Therefore, we removed the content of the attachment from the message. Please contact the message sender if you want to receive the attachment. They must clean the file and resend it before we can deliver it to you safely.
"
"Yahoo! Mail successfully cleans most infected attachments, which protects you from viruses.
"
--0-71823840-1078056948-11963
Content-Type: message/rfc822
X-Apparently-To: d.blanchfield@btinternet.com via 217.12.12.68; Sun, 29 Feb 2004 12:15:32 +0000
X-YahooFilteredBulk: 213.105.108.200
X-Originating-IP: [213.105.108.200]
Return-Path: <kent@rushcorp.com>
Received: from 194.73.73.82 (EHLO praseodumium.btinternet.com) (194.73.73.82)
by mta803.mail.ukl.yahoo.com with SMTP; Sun, 29 Feb 2004 12:15:32 +0000
Received: from cpc1-heck1-3-0-cust200.hudd.cable.ntl.com ([213.105.108.200] helo=btinternet.com)
by praseodumium.btinternet.com with smtp (Exim 3.22 #25)
id 1AxPqy-0003TJ-00
for d.blanchfield@btinternet.com; Sun, 29 Feb 2004 12:15:28 +0000
From: kent@rushcorp.com
To: d.blanchfield@btinternet.com
Subject: hello
Date: Sun, 29 Feb 2004 12:15:28 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="78860140"
Message-Id: <E1AxPqy-0003TJ-00@praseodumium.btinternet.com>
X-Originating-IP: [213.105.108.200]
--78860140
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
something is fool
--78860140
Content-Type: application/x-zip-compressed; name="part2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="part2.zip"
--78860140--
--0-71823840-1078056948-11963
Make any sense to anyone??
Here are the headers of one I recieved a few mins ago
From: =?iso-8859-1?q?"Yahoo!=20Mail=20Virus=20Protection=20<mail-antivirus@yaho?=
=?iso-8859-1?q?o-inc.com>"?=
To: d.blanchfield@btinternet.com
Date: Sun, 29 Feb 2004 12:15:28 +0000
Subject: =?iso-8859-1?q?"Alert:=20Virus=20Detected=20but=20not=20Clean ed=20-=20Att?=
=?iso-8859-1?q?achment=20Removed"?= [hello]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="0-71823840-1078056948-11963"
--0-71823840-1078056948-11963
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
"Yahoo! Mail Virus Protection detected the virus '"W32.Netsky.B@mm"' in the file '"part2.zip"', attached to the enclosed email message. We scanned the file using Norton AntiVirus but were unable to clean it. Therefore, we removed the content of the attachment from the message. Please contact the message sender if you want to receive the attachment. They must clean the file and resend it before we can deliver it to you safely.
"
"Yahoo! Mail successfully cleans most infected attachments, which protects you from viruses.
"
--0-71823840-1078056948-11963
Content-Type: message/rfc822
X-Apparently-To: d.blanchfield@btinternet.com via 217.12.12.68; Sun, 29 Feb 2004 12:15:32 +0000
X-YahooFilteredBulk: 213.105.108.200
X-Originating-IP: [213.105.108.200]
Return-Path: <kent@rushcorp.com>
Received: from 194.73.73.82 (EHLO praseodumium.btinternet.com) (194.73.73.82)
by mta803.mail.ukl.yahoo.com with SMTP; Sun, 29 Feb 2004 12:15:32 +0000
Received: from cpc1-heck1-3-0-cust200.hudd.cable.ntl.com ([213.105.108.200] helo=btinternet.com)
by praseodumium.btinternet.com with smtp (Exim 3.22 #25)
id 1AxPqy-0003TJ-00
for d.blanchfield@btinternet.com; Sun, 29 Feb 2004 12:15:28 +0000
From: kent@rushcorp.com
To: d.blanchfield@btinternet.com
Subject: hello
Date: Sun, 29 Feb 2004 12:15:28 +0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="78860140"
Message-Id: <E1AxPqy-0003TJ-00@praseodumium.btinternet.com>
X-Originating-IP: [213.105.108.200]
--78860140
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
something is fool
--78860140
Content-Type: application/x-zip-compressed; name="part2.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="part2.zip"
--78860140--
--0-71823840-1078056948-11963
Make any sense to anyone??
#11
The email address of the sender will be spoofed, when someone has this virus, it sends it to everyone in their address book using random addresses.
When the Mydoom virus did the rounds about a month ago, I received well over a 1000 emails containing viruses all with addresses replicated from address books being spoofed and nearly all from SN members
When the Mydoom virus did the rounds about a month ago, I received well over a 1000 emails containing viruses all with addresses replicated from address books being spoofed and nearly all from SN members
#12
Perhaps the spoofing programme is nicking all of the email address from a forum and sending it out to most members of the forum with other forum members address as it is more likely for the user to open the mail, thus increasing the chance of the virus spreading.
Possibly going to happen more often on SN3 because they have an off the shelf package.
Possibly going to happen more often on SN3 because they have an off the shelf package.
#14
Scooby Regular
iTrader: (1)
i have had a massive problem...
i was getting some really high risk attempts.....
W32.Beagle.E@mm
W32.Netsky.C@mm
W32.Mydoom.F@mm
W32.Netsky.B@mm etc etc.........
i was able to find residential adresses and ip for some of mine
most of these were very high risk. i was getting about 40 a day
thank god for norton
i was getting some really high risk attempts.....
W32.Beagle.E@mm
W32.Netsky.C@mm
W32.Mydoom.F@mm
W32.Netsky.B@mm etc etc.........
i was able to find residential adresses and ip for some of mine
most of these were very high risk. i was getting about 40 a day
thank god for norton
#16
Scooby Regular
Join Date: Oct 2002
Location: At Tescos Filling Up With 99 Octane!!!
Posts: 4,313
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Danny B
Why is this in computer related, surely this should be in Bugs etc...?
#17
Scooby Regular
iTrader: (1)
dont know diddly-**** about pcs but it could end up being a sn problem is comeone sends emails with viruses.
i got an weird email from sn and was going to send it to someone 'cos i couldnt understand it, good job i didnt!!
there are others out there like me (honestly) that need to be warned so they no what to expect?
i got an weird email from sn and was going to send it to someone 'cos i couldnt understand it, good job i didnt!!
there are others out there like me (honestly) that need to be warned so they no what to expect?
#18
These 'new' viruses will also pull e-mail addresses your Internet Explorer cache files, Word documents and the like (ie NOT just your e-mail address book).
The problem is stupid users opening infected e-mails
If you want warning, then check in here as people post the AV alerts. Alternatively, sign up to an e-mail alert list run by an AV company eg:
NAI / McAfee
Symantec / Norton
Chris.
The problem is stupid users opening infected e-mails
If you want warning, then check in here as people post the AV alerts. Alternatively, sign up to an e-mail alert list run by an AV company eg:
NAI / McAfee
Symantec / Norton
Chris.
#19
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
I think we should make this clear. This has nothing to do with Scoobynet. Also remember that not only the sender can be spoofed, but also the IP addressing information and possibly, the mail relays used.
There are some really clever gits out there. I've been receiving a steady stream of these as well - some with Scoobynet related email addresses, but most have nothing to do with this site. It is just some berk who has not bothered to protect themselves properly. More annoying is the fact that everything needed to protect yourself is available from the web, free of charge!!
Chris
There are some really clever gits out there. I've been receiving a steady stream of these as well - some with Scoobynet related email addresses, but most have nothing to do with this site. It is just some berk who has not bothered to protect themselves properly. More annoying is the fact that everything needed to protect yourself is available from the web, free of charge!!
Chris
#20
Scooby Regular
Join Date: May 2002
Location: 2005 sso, 1/4 finals,3rd in 60ft; 2004 sso,semi finals,2nd in 60ft time; 2003 standard car 2nd 60ft
Posts: 4,909
Likes: 0
Received 0 Likes
on
0 Posts
danny b same as me m8 i never got them before i put my mail address on scoobynet iam getting 2/3 everytime i check my mail
norton sorts it out though
norton sorts it out though
Last edited by scooby-si; 29 February 2004 at 07:24 PM.
#23
Scooby Regular
Join Date: Oct 2001
Location: Here, there and everywhere
Posts: 2,765
Likes: 0
Received 0 Likes
on
0 Posts
anyone found out how to stop these e-mails ?
ive started to get e-mails complaining about me sending virus's and i've blocked half of the scoobynet users
Idiot proof instructions if possible please
chris
ive started to get e-mails complaining about me sending virus's and i've blocked half of the scoobynet users
Idiot proof instructions if possible please
chris
#24
Scooby Regular
iTrader: (1)
Si, its just a co-incidence, these viruses are particularly widespread, ive had over 1000 to another email address unconnected with SN and a lesser amount to a few other email addresses too, again unconnected to SN.
It doesnt take much to protect ur emails and if every1 did it would be a whole lot better
It doesnt take much to protect ur emails and if every1 did it would be a whole lot better