Ok, Who's got the virus?

On Fri, 19 Sep 2003 16:24:11 GMT, Will Dormann
wrote:

I guess one of the reasons that this one is so widely spread is that it
doesn't solely rely on user stupidity (opening attachment), but rather
it also incorporates an incorrect MIME header exploit so that it
automatically executes upon previewing the message in Microsoft Outlook
/ Outlook Express.

Wow. I've gotten nothing at work. Looks like I'll be picking up my
mail with Mandrake at home tonight...



----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! 100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

"Keith R. Williams" wrote in message
. ..
Once a minute... If I were only so lucky. I'm getting them at a rate
of about one per 5-10 seconds.

That's once per minute *after* adding fourteen filters on the
server. The ones getting through don't seem to have a decent
handle I can grab that wouldn't also cause others to be filtered.

Why aren't you just filtering out all messages that don't have your name in
the "To:" or "Cc:" line? I usually filter out all "Bcc:" messages because
they are usually spam.

Yousuf Khan

On Fri, 19 Sep 2003 17:09:46 GMT, Will Dormann
wrote:
Keith R. Williams wrote:

Somone on .chips has a virus and has been sending it out at a
prodigious rate. I just received a warning from someone (sans
virus) with an address list that looks like a who's who of
.chips.

I'm getting hit about once a minute. The virus is about 150K so
that's a lot of crap! ...and that's after setting up a picket of
filters on the server!


Anybody who has posted to a newsgroup with a non-munged address (such as
myself) is a prime target for this worm.

I guess " has got a heck of a full mailbox
now! :

According to SARC, the worm gets the target email addresses by:
Searches .html, .asp, .eml, .dbx, .wab, .mbx files on the hard disk for
email addresses.

If a victim of the worm uses Outlook Express (ugh!) to read newsgroups,
the newsgroup headers are stored in a .dbx file.

Hey Dean Kent! If this is coming from you and your OE for newsgroups,
you're getting a smack-down! :

-------------
Tony Hill
hilla underscore 20 at yahoo dot ca

On Fri, 19 Sep 2003 18:40:42 GMT,
(The little lost angel) wrote:
On Fri, 19 Sep 2003 09:48:23 -0400, Keith R. Williams
wrote:
Somone on .chips has a virus and has been sending it out at a
prodigious rate. I just received a warning from someone (sans
virus) with an address list that looks like a who's who of
.chips.

Hai, I'm confirmed in my position as the village idiot, the virus
didn't even show up. Ppp

Don't worry L'Angel, it didn't show up for me either. Maybe it only
affects the old folks here! :

-------------
Tony Hill
hilla underscore 20 at yahoo dot ca

Yousuf Khan wrote:

"Keith R. Williams" wrote in message
. ..

Once a minute... If I were only so lucky. I'm getting them at a rate
of about one per 5-10 seconds.

That's once per minute *after* adding fourteen filters on the
server. The ones getting through don't seem to have a decent
handle I can grab that wouldn't also cause others to be filtered.


Why aren't you just filtering out all messages that don't have your name in
the "To:" or "Cc:" line? I usually filter out all "Bcc:" messages because
they are usually spam.


Mailing lists rarely have your email address in the To: line.
I guess you could manually make exclusions for those you're signed up
for....


-WD

"Robert Myers" wrote in message
...
On Fri, 19 Sep 2003 16:24:11 GMT, Will Dormann
wrote:

snip

I guess one of the reasons that this one is so widely spread is that it
doesn't solely rely on user stupidity (opening attachment), but rather
it also incorporates an incorrect MIME header exploit so that it
automatically executes upon previewing the message in Microsoft Outlook
/ Outlook Express.

I am sure there are people with good business reasons for using
Microsoft Outlook / Outlook Express, like the company requires them
to. Other than that, I would include continuing use of that software
in the category of user stupidity, given what's out there right now.
I have what I regard as good business reasons for using Windows at
all, but I'm reevaluating.

RM

I use Express, but have disabled the preview.

Apparently I'm not important enough to receive that virus message, or maybe
it's because I never posted my email address on usenet.....thus, it is your
own stupidity.

In article 1DMab.525905$uu5.87407@sccrnsc04,
says...
"Robert Myers" wrote in message
...
On Fri, 19 Sep 2003 16:24:11 GMT, Will Dormann
wrote:

snip

I guess one of the reasons that this one is so widely spread is that it
doesn't solely rely on user stupidity (opening attachment), but rather
it also incorporates an incorrect MIME header exploit so that it
automatically executes upon previewing the message in Microsoft Outlook
/ Outlook Express.

I am sure there are people with good business reasons for using
Microsoft Outlook / Outlook Express, like the company requires them
to. Other than that, I would include continuing use of that software
in the category of user stupidity, given what's out there right now.
I have what I regard as good business reasons for using Windows at
all, but I'm reevaluating.

RM

I use Express, but have disabled the preview.

Apparently I'm not important enough to receive that virus message, or maybe
it's because I never posted my email address on usenet.....thus, it is your
own stupidity.
^^^^^^^^^

Perhaps, but I've met some good people on this group precisely
because I am available for a BS session. Sure, I've paid the
price this weekend for the stupidity of others, but overall I'm
still ahead.

--
Keith

In article ELKab.45873$Ch2.7632
@news02.bloor.is.net.cable.rogers.com,
am says...
"Keith R. Williams" wrote in message
. ..
Once a minute... If I were only so lucky. I'm getting them at a rate
of about one per 5-10 seconds.

That's once per minute *after* adding fourteen filters on the
server. The ones getting through don't seem to have a decent
handle I can grab that wouldn't also cause others to be filtered.

Why aren't you just filtering out all messages that don't have your name in
the "To:" or "Cc:" line? I usually filter out all "Bcc:" messages because
they are usually spam.

Well... Err... Umm... Because that's not what I do? blush

....as he heads to the server's filters, once again.

--
Keith

In article ELKab.45873$Ch2.7632
@news02.bloor.is.net.cable.rogers.com,
am says...
"Keith R. Williams" wrote in message
. ..
Once a minute... If I were only so lucky. I'm getting them at a rate
of about one per 5-10 seconds.

That's once per minute *after* adding fourteen filters on the
server. The ones getting through don't seem to have a decent
handle I can grab that wouldn't also cause others to be filtered.

Why aren't you just filtering out all messages that don't have your name in
the "To:" or "Cc:" line? I usually filter out all "Bcc:" messages because
they are usually spam.

My server thingy doesn't like compound statements. I'll have to
redirect the valid ones to another account. ...thus likely get
spammed/virused[*] there too, once it's out.
[*] Ajective: Spit in the face by a TB patient

--
Keith

In article , a?n?g?e?
says...
On Fri, 19 Sep 2003 09:48:23 -0400, Keith R. Williams
wrote:

Somone on .chips has a virus and has been sending it out at a
prodigious rate. I just received a warning from someone (sans
virus) with an address list that looks like a who's who of
.chips.

Hai, I'm confirmed in my position as the village idiot, the virus
didn't even show up. Ppp

Since you're on the other side of the International Date Line,
just you wait until yesterday!

Though thanks to this, I went to check this particular email account
and realized I missed an email from an actual life person (Robert)
about 2 months back *embarrassed grin*

I seem to have the opposite problem. Every once in a while I get
an email from a year (or more) ago and answer it. The person at
the other end gets totally confused! (hi Felg!).

--
Keith