View previous topic :: View next topic |
Author |
Message |
Ash Evil Henchman
Joined: 24 Oct 2002 Posts: 267 Location: England
|
Posted: Sat Nov 30, 2002 5:10 pm Post subject: |
|
|
The love letter, and the love bug are different. Which one are you referring to? |
|
Back to top |
|
|
RealDesertFox Registered User
Joined: 09 Oct 2002 Posts: 503
|
Posted: Sat Nov 30, 2002 5:16 pm Post subject: |
|
|
Wait a minute let me look in PC-cillin... It doesnt have Love Bug in it... And the 'I love you' it says it was a boot sector virus (even though it says that for most of them).
Anyway I dont know much about boot sectors only 'replicators' and 'laggerz' I know about. |
|
Back to top |
|
|
Elfen_Furry Moderator
Joined: 18 Jun 2002 Posts: 2601 Location: NYC NY
|
Posted: Sat Nov 30, 2002 7:25 pm Post subject: |
|
|
I'm glad I run a Mac without the MS VB-stuff...
Infected emails that do eventually end up my way end up DEAD, USELESS, UNWORTHY OF THE CODE THEY WERE WRITTEN IN!
Good luck with you guys, anything I hear will be posted for your information. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Sun Dec 01, 2002 2:05 pm Post subject: |
|
|
Elfen_Furry wrote: | I'm glad I run a Mac without the MS VB-stuff...
Infected emails that do eventually end up my way end up DEAD, USELESS, UNWORTHY OF THE CODE THEY WERE WRITTEN IN!
Good luck with you guys, anything I hear will be posted for your information. |
Same here, except I use a Linux box. Spam is still an issue though. I've been blacklisting what I can right on the Planetfurry mail server, but they just keep on coming. |
|
Back to top |
|
|
Tygon Site Owner
Joined: 03 Apr 2001 Posts: 2497 Location: Isernhagen, Lowersaxony, Germany
|
Posted: Sun Dec 01, 2002 2:38 pm Post subject: |
|
|
Elfen_Furry wrote: | I'm glad I run a Mac without the MS VB-stuff...
Infected emails that do eventually end up my way end up DEAD, USELESS, UNWORTHY OF THE CODE THEY WERE WRITTEN IN! |
Hey, don't rub it in, okay. That's not nice.
I'm just waiting for the day when somebody programs a really bad Mac virus. Just a matter of time. _________________ Tygon Panthera - name and species
www.planetfurry.com/~tygon/ |
|
Back to top |
|
|
Elfen_Furry Moderator
Joined: 18 Jun 2002 Posts: 2601 Location: NYC NY
|
Posted: Sun Dec 01, 2002 11:41 pm Post subject: |
|
|
Tygon wrote: | Elfen_Furry wrote: | I'm glad I run a Mac without the MS VB-stuff...
Infected emails that do eventually end up my way end up DEAD, USELESS, UNWORTHY OF THE CODE THEY WERE WRITTEN IN! |
Hey, don't rub it in, okay. That's not nice.
I'm just waiting for the day when somebody programs a really bad Mac virus. Just a matter of time. |
Mac OS (Not OSX) viruses come about 1 in every 5 years, since the debute of OSX- we're about 4 years over due!
But the worse were "Scores", "NVir", and "T2"- all of which scramble hard drive data, directories and file attributes. "T2" being the latest and worse, for it can spread on a network, as well as swapping disks.
Yes- we do get viruses too, in some cases worse that Windows counter parts, but a vigilant Mac User is usually virus free.
But OSX adds a new problem: Running a Unix operating system means that one open to all the unix viruses out there... Something I dont believe current Mac OSX Users are prepared for. |
|
Back to top |
|
|
Elfen_Furry Moderator
Joined: 18 Jun 2002 Posts: 2601 Location: NYC NY
|
Posted: Sun Dec 01, 2002 11:46 pm Post subject: |
|
|
Whip-lash wrote: |
Same here, except I use a Linux box. Spam is still an issue though. I've been blacklisting what I can right on the Planetfurry mail server, but they just keep on coming. |
Until the inside attack of my server and of its eventual shut down (hopefully to be restored soon- within 2 weeks or less), I understand what you mean since I would get some crazy things on email service and blacklisted the lot of them. |
|
Back to top |
|
|
Maxx@work Guest
|
Posted: Tue Dec 03, 2002 10:37 am Post subject: Virus |
|
|
Just something, i'm growing a bit confuzed over the matter....
Recently i've gotten several emails from PF users that have the KLEZ virus... and one or two emails telling me that the mail daemon of PF had denied an infected mail i sent because it had too many hops... Weird thing is that i got all my virus definitions up to date, i do the weekly scan thingy, and because of the mail i ran the klez removal tools, and find nothing!
So everytime the AV software tells me an infected mail arrives, i just proceed to delete it... i'm 99% (The 1% difference is because of the return mail confusion) sure my system is clean, and help a bit by checking your pc's. |
|
Back to top |
|
|
maxx@work Guest
|
Posted: Tue Dec 03, 2002 10:50 am Post subject: |
|
|
As an example, i just got another infected mail...
---------------------------------------------------------------------------------
Return-Path: <[email protected]>
Received: from pfweb.planetfurry.com (root@localhost)
by planetfurry.com (8.11.6/8.11.6) with ESMTP id gB3EQfd15830
for <[email protected]>; Tue, 3 Dec 2002 09:26:44 -0500
X-ClientAddr: 216.79.91.42
Received: from localhost (localhost)
by pfweb.planetfurry.com (8.11.6/8.11.6) id gB3EQZl15824;
Tue, 3 Dec 2002 09:26:41 -0500
Date: Tue, 3 Dec 2002 09:26:41 -0500
From: Mail Delivery Subsystem <[email protected]>
Message-Id: <[email protected]>
To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="gB3EQZl15824.1038925601/pfweb.planetfurry.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--gB3EQZl15824.1038925601/pfweb.planetfurry.com
The original message was received at Tue, 3 Dec 2002 09:26:41 -0500
from pfweb.planetfurry.com [216.79.91.42]
-------------------------------------------------------------------------------------
Question, how can i send a mail when i'm using the webmail client, it's an hour ahead, and the IP isn't even closer to the range i use from home or work? even the localhost name is wrong! Stupid script kidies.... |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Dec 05, 2002 1:14 am Post subject: |
|
|
maxx@work wrote: | Question, how can i send a mail when i'm using the webmail client, it's an hour ahead, and the IP isn't even closer to the range i use from home or work? even the localhost name is wrong! Stupid script kidies.... |
Actually, the server name is pfweb.planetfurry.com. And the IP address that is listed is that too of this server. This means it's coming from the server, but it couldn't come from the WebMail service.
The WebMail service is running on Squirrelmail, which has no way of interacting with a virus unless it is transmitted manually. Klez is sent through an actual email client, usually Outlook, Outlook Express, Eudora (using MAPI), etc.
This attack has reached an all time high, and is currently under investigation. I urge everyone who has an account with Planetfurry to run a virus scan on any system they have, specifically ones that are used to access email.
This message is being sent to anyone flagged as sending a virus, or is having their email address anywhere in the message. Please take this with a grain of salt. I plan to find out and assist removal of any virus from the infected account, but I have to protect the other users so the account may be disabled in the process.
Quote: | Please run a virus scan on your system as soon as possible. I have
received several emails containing one of the following viruses:
W32.Klez.H@mm
W32.Klez.E@mm
W32/Klez.h@MM [McAfee]
WORM_KLEZ.H [Trend]
I-Worm.Klez.h [AVP]
Klez.H
W32/Klez-H [Sophos]
Win32.Klez.H [CA]
WORM_KLEZ.I [Trend]
Here is a link for information on how to remove this virus from your
system. Please read thoroughly:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
I have received several complaints about this problem on Planetfurry's
server and am now forced to take action against it. If I receive one
more email containing a virus or a complaint concerning this address
transmitting viruses, I'll have to disable your account at Planetfurry
until further notice. Please contact me as soon as possible to prevent
this from happening.
Thank you. |
|
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Dec 05, 2002 1:21 am Post subject: |
|
|
Outgoing email will be down for 30 minutes for log parsing. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Dec 05, 2002 1:16 pm Post subject: |
|
|
I have installed an antivirus mail scanner on the system. If you receive anymore possible emails with a virus, let me know. As for now, any emails that -do- have a virus will end up like this in your inbox:
Quote: | This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "refinance_com"
was believed to be infected by a virus and has been replaced by this warning
message.
If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.
At Thu Dec 5 12:14:03 2002 the virus scanner said:
>>> Virus 'W32/Klez-H' found in file refinance_com
|
Please note that this is an example. |
|
Back to top |
|
|
elMaxx Administrator
Joined: 01 Dec 2000 Posts: 1127 Location: Land of Mud
|
Posted: Thu Dec 05, 2002 1:24 pm Post subject: Email service Password problem |
|
|
If anyone has a problem accesing their email accounts due to password problems, please private message me and i'll fix it up in a bit.
Please provide a new password in the private message. Thanks!!! _________________ [Citation Needed] |
|
Back to top |
|
|
|