Virus email from admin@rennlist.com
08-28-2002, 07:29 PM
#1
Addict & Guru
Rennlist Member
Rennlist Member
Thread Starter
Virus email from admin@rennlist.com
Upon my return from a short vacation, I had an email from "admin@rennlist.com" with an attached file: "name.zip" which contained a Klez virus. Thinking the email had something to do w/my just renewed membership, I downloaded & unzipped the attachment. Thankfully, Norton AV caught the virus & I've deleted all traces.
However, Robin rec'd an infected email "from" me w/a subject line of "darling." Now, buying me pizza & beer in ATL isn't enough for me to call him darling and I didn't send the email anyway.
So, if you get an email from me (ibinmo@aol.com), w/darling, it isn't me. If you get an email from admin@rennlist.com w/a zipped attachment watch out. I sure hope some malcontent a$$hole isn't farming Rennlist emails for fun & games.
Anyone else having a problem?
However, Robin rec'd an infected email "from" me w/a subject line of "darling." Now, buying me pizza & beer in ATL isn't enough for me to call him darling and I didn't send the email anyway.
So, if you get an email from me (ibinmo@aol.com), w/darling, it isn't me. If you get an email from admin@rennlist.com w/a zipped attachment watch out. I sure hope some malcontent a$$hole isn't farming Rennlist emails for fun & games.
Anyone else having a problem?
08-28-2002, 07:36 PM
#2
I received a virus email from Steve Weiner ( porsche@rennsportsystems.com ) this morning. I already notified Steve about this.
I've also received a suspicious email from Robin a few months ago. It looked very close to a virus, but didn't have time to investigate at the time.
Jeff
I've also received a suspicious email from Robin a few months ago. It looked very close to a virus, but didn't have time to investigate at the time.
Jeff
08-28-2002, 07:41 PM
#3
Rennlist
Lifetime Member
Lifetime Member
And I know I didn't send you any virus.
So someone with all of our e-mail addresses is infected with a virus.
Also someone else said that I sent them an e-mail with a virus attached to it but I didn't even know the person.
I think the new worm virus that's currently going around will use an e-mail address from random in the address book of the person's infected computer and paste that as the sender, but if you check the e-mail header you will see that it came form somewhere else.
So someone with all of our e-mail addresses is infected with a virus.
Also someone else said that I sent them an e-mail with a virus attached to it but I didn't even know the person.
I think the new worm virus that's currently going around will use an e-mail address from random in the address book of the person's infected computer and paste that as the sender, but if you check the e-mail header you will see that it came form somewhere else.
08-28-2002, 08:27 PM
#4
Racer
Join Date: Jun 2001
Location: Louisville, KY
Posts: 318
Likes: 0
Received 0 Likes
on
0 Posts
[quote]Originally posted by Robin 993 DX In Atlanta:
<strong>
Also someone else said that I sent them an e-mail with a virus attached to it but I didn't even know the person.
</strong><hr></blockquote>
It was me!
I wound up finding that same virus on my computer at home, though I wasn't sure how I got it (the e-mail system at work found the virus in an attachment that originated from Robin's account). The symptoms were my local network at home quit working. Then certain programs started acting funny. Once programs on a different computer at home started locking up, I suspected foul play. I downloaded a good shareware anti-virus program (e-mail me if you would like to know where to get it) and it did a nice job. Couldn't fix everything, so I had to do a lot of manual fixes. Basically, what that virus does is infect .exe files. If you can find uninfected files elsewhere (a benefit to having multiple computers at home), all you need to do is replace the file. No need for re-installation. But if Windows files are corrupt, and Windows is unstable, it becomes difficult to remedy.
Before getting the virus, I was using different anti-virus software which isn't supported anymore. I guess that's how this virus got me. The new software monitors real time, and told me I was still under attack - there were lingering viruses trying to spread across my network and it stopped it. Later, my wife opened a malicious spam e-mail from an unknown source without thinking, and it tried to infect the computer with a virus. This software stopped it.
No affiliation with any software/virus protection people - don't so much as know anyone who does programming. I'm just glad to find shareware that works - I have a problem with paying for virus protection software.
<strong>
Also someone else said that I sent them an e-mail with a virus attached to it but I didn't even know the person.
</strong><hr></blockquote>
It was me!
I wound up finding that same virus on my computer at home, though I wasn't sure how I got it (the e-mail system at work found the virus in an attachment that originated from Robin's account). The symptoms were my local network at home quit working. Then certain programs started acting funny. Once programs on a different computer at home started locking up, I suspected foul play. I downloaded a good shareware anti-virus program (e-mail me if you would like to know where to get it) and it did a nice job. Couldn't fix everything, so I had to do a lot of manual fixes. Basically, what that virus does is infect .exe files. If you can find uninfected files elsewhere (a benefit to having multiple computers at home), all you need to do is replace the file. No need for re-installation. But if Windows files are corrupt, and Windows is unstable, it becomes difficult to remedy.
Before getting the virus, I was using different anti-virus software which isn't supported anymore. I guess that's how this virus got me. The new software monitors real time, and told me I was still under attack - there were lingering viruses trying to spread across my network and it stopped it. Later, my wife opened a malicious spam e-mail from an unknown source without thinking, and it tried to infect the computer with a virus. This software stopped it.
No affiliation with any software/virus protection people - don't so much as know anyone who does programming. I'm just glad to find shareware that works - I have a problem with paying for virus protection software.
08-28-2002, 08:33 PM
#5
Passed On
Rennlist Member
Rennlist Member
Been getting a bunch at home; Norton has intercepted them apparently.
I DEFINITELY do not open a E-mail from an unknown sender, and I don't do it from a known sender if the title look suspicious.
I DEFINITELY do not open a E-mail from an unknown sender, and I don't do it from a known sender if the title look suspicious.
08-28-2002, 08:42 PM
#7
What's an email virus? Oh right, you all use windows. <a href="http://www.redhat.com" target="_blank">http://www.redhat.com</a> should help solve that problem.
Seriously, there is a virus out there that changes the From: header to be some other random entry from your address book trying to be harder to track down.
Also, lots of people seem to get DSL or cable modems and don't buy a router or set up a firewall. When I get bored at work I look through the logs of my website (quite often), and I find lots of machines out there unprotected that have been infected and are being used to attack other machines (a worm). I usually pay a visit to thier harddrive to fix the virus(worm), but without the proper protection, they'll be infected again in no time.
And don't even get me started on people using unprotected wireless networks. I found more than 10 while driving from my house to the gas station. Imagine if I tried!
Seriously, there is a virus out there that changes the From: header to be some other random entry from your address book trying to be harder to track down.
Also, lots of people seem to get DSL or cable modems and don't buy a router or set up a firewall. When I get bored at work I look through the logs of my website (quite often), and I find lots of machines out there unprotected that have been infected and are being used to attack other machines (a worm). I usually pay a visit to thier harddrive to fix the virus(worm), but without the proper protection, they'll be infected again in no time.
And don't even get me started on people using unprotected wireless networks. I found more than 10 while driving from my house to the gas station. Imagine if I tried!
Trending Topics
08-28-2002, 11:23 PM
#8
Instructor
Join Date: Feb 2002
Location: San Diego, CA
Posts: 150
Likes: 0
Received 0 Likes
on
0 Posts
You can also go to <a href="http://www.antivirus.com" target="_blank">www.antivirus.com</a> (TrendMicro)for a free scan and removal. I was also told that if you file "!0000" with "wormalert" in the email field as an entry into your address list it will block a virus from sending email out of your system. I've been the recipient of lots of virus emails but never been the sender.
Jeff
Jeff
08-28-2002, 11:24 PM
#9
Banned
[quote]Originally posted by Dan 96C2 St.Louis:
<strong>Upon my return from a short vacation, I had an email from "admin@rennlist.com" with an attached file: "name.zip"....</strong><hr></blockquote>
Hi Dan,
As you may have noticed by some of the replies - there are some pretty strange viruses out there. Yes, I get about 50 - 60 virus laden e-mails per day that Norton catches - and rarely, are they actually "from" the person listed. If you want to see who actually has the Virus, open the e-mail headers and look for the line:
Return-Path: (with the e-mail address)
The "FROM" line typically isn't the person who sent the e-mail - that's generated from the address book of the infected computer...
Best to you!
John
<strong>Upon my return from a short vacation, I had an email from "admin@rennlist.com" with an attached file: "name.zip"....</strong><hr></blockquote>
Hi Dan,
As you may have noticed by some of the replies - there are some pretty strange viruses out there. Yes, I get about 50 - 60 virus laden e-mails per day that Norton catches - and rarely, are they actually "from" the person listed. If you want to see who actually has the Virus, open the e-mail headers and look for the line:
Return-Path: (with the e-mail address)
The "FROM" line typically isn't the person who sent the e-mail - that's generated from the address book of the infected computer...
Best to you!
John
08-29-2002, 12:10 AM
#10
Addict
Rennlist Member
Rennlist Member
You guys should all get Macs ... and not have to worry about viruses ;-)
Vic
95 C4
PS -- Hey, John, how come my posts still just say User, when I am in fact, a member?
Vic
95 C4
PS -- Hey, John, how come my posts still just say User, when I am in fact, a member?
08-29-2002, 12:10 AM
#11
Rennlist
Lifetime Member
Lifetime Member
John,
What do you make of this?
I just received another one from Dan
Return-Path: <IBINMO@verizon.net>
Received: from out019.verizon.net (206.46.170.98) by mail.san.yahoo.com (6.5.026.2)
id 3D6C83690004F214 for webmaster@p-car.com; Wed, 28 Aug 2002 18:46:41 -0700
Received: from Lexbz ([63.230.172.197]) by out019.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
id <20020829014728.MWT9549.out019.verizon.net@Lexbz>
for <webmaster@p-car.com>; Wed, 28 Aug 2002 20:47:28 -0500
From: IBINMO <IBINMO@aol.com>
To: webmaster@p-car.com
Subject: A nice game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=N0zw3P9BH47585k
Message-Id: <20020829014728.MWT9549.out019.verizon.net@Lexbz>
Date: Wed, 28 Aug 2002 20:47:33 -0500
What do you make of this?
I just received another one from Dan
Return-Path: <IBINMO@verizon.net>
Received: from out019.verizon.net (206.46.170.98) by mail.san.yahoo.com (6.5.026.2)
id 3D6C83690004F214 for webmaster@p-car.com; Wed, 28 Aug 2002 18:46:41 -0700
Received: from Lexbz ([63.230.172.197]) by out019.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
id <20020829014728.MWT9549.out019.verizon.net@Lexbz>
for <webmaster@p-car.com>; Wed, 28 Aug 2002 20:47:28 -0500
From: IBINMO <IBINMO@aol.com>
To: webmaster@p-car.com
Subject: A nice game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=N0zw3P9BH47585k
Message-Id: <20020829014728.MWT9549.out019.verizon.net@Lexbz>
Date: Wed, 28 Aug 2002 20:47:33 -0500
08-29-2002, 12:32 AM
#13
Banned
[quote]Originally posted by Robin 993 DX In Atlanta:
<strong>John,
Return-Path: <IBINMO@verizon.net>
From: IBINMO <IBINMO@aol.com>
</strong><hr></blockquote>
OK - a VERIZON.net mail server is the first e-mail server to get the mail (trace the message headers about as it bounced through SMTP servers. Also - a little secret from AOL accounts - in the message header, look for:
X-Mailer: AOL (version) for (OS type - Windows or Mac).. So, if that was the entire header you copied in - the X-Mailer designated as AOL wasn't present...
However, the person that sent it and has the virus is a USWest/Verizon customer, based on their network IP..
Best to you!
John
<strong>John,
Return-Path: <IBINMO@verizon.net>
From: IBINMO <IBINMO@aol.com>
</strong><hr></blockquote>
OK - a VERIZON.net mail server is the first e-mail server to get the mail (trace the message headers about as it bounced through SMTP servers. Also - a little secret from AOL accounts - in the message header, look for:
X-Mailer: AOL (version) for (OS type - Windows or Mac).. So, if that was the entire header you copied in - the X-Mailer designated as AOL wasn't present...
However, the person that sent it and has the virus is a USWest/Verizon customer, based on their network IP..
Best to you!
John
08-29-2002, 12:52 AM
#14
Banned
[quote]Originally posted by Robin 993 DX In Atlanta:
<strong>I just received another one </strong><hr></blockquote>
Also - another thing I've done is write a script on the incoming mail which "parses the headers" to REPLY TO the "Return-To" address if there is a virus present. When that happens - that computer user is sent this notice:
Hi..!
It appears that your computer has a virus - if you want to try an on-line virus check, you can do it here (the link below is to the Trend Micro site, who makes Trend PC-cillin Anti-virus software)
<a href="http://housecall.antivirus.com/housecall/start_corp.asp" target="_blank">http://housecall.antivirus.com/housecall/start_corp.asp</a>
Thanks!
John Dunkle
Admin - Rennlist.com
However - be careful in writing an automated reply without parsing the headers to the "Return-To" address - or you'll send your notice to folks who don't have the virus
<strong>I just received another one </strong><hr></blockquote>
Also - another thing I've done is write a script on the incoming mail which "parses the headers" to REPLY TO the "Return-To" address if there is a virus present. When that happens - that computer user is sent this notice:
Hi..!
It appears that your computer has a virus - if you want to try an on-line virus check, you can do it here (the link below is to the Trend Micro site, who makes Trend PC-cillin Anti-virus software)
<a href="http://housecall.antivirus.com/housecall/start_corp.asp" target="_blank">http://housecall.antivirus.com/housecall/start_corp.asp</a>
Thanks!
John Dunkle
Admin - Rennlist.com
However - be careful in writing an automated reply without parsing the headers to the "Return-To" address - or you'll send your notice to folks who don't have the virus
08-29-2002, 02:17 AM
#15
Phlat Black Guru
Rennlist
Lifetime Member
- Times 2
Rennlist
Lifetime Member
- Times 2
Join Date: May 2001
Location: Back In RI...............
Posts: 4,484
Likes: 0
Received 1 Like
on
1 Post
being of the very, and extremly Paranoid mind set.....I ran all kinds of scans.....and then settled on paying for norton anti stuff!.*looking all around*..