| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 41941 | 2004-01-27 03:59:00 | What is "Worm.sco.a up to?? | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 210326 | 2004-01-28 00:43:00 | just received my first email without a subject line but, containing the worm. So, it might be timely to be suspicious of all emails (if you ain't already) not just the ones with the subject lines discussed by the AV people. Billy, a lot (not all) of those companies/peoples addresses will have been spoofed. I know some of my addy's are flying around the country at the mo because they and/or my url, are listed on a couple of organisations sites and in more than a couple of address books that I know to be infected. As you say, they are more likely to be prefixed with a bogus name when they arrive, but the company/addy name is real enough. Funny thing is, I have received no viruses in my trash accounts (used as per Chill's suggestion) or personal ones. Only the business accounts have been hit with a good proportion of the addy's being known to me or from reputable institutions. Cheers Murray P |
Murray P (44) | ||
| 210327 | 2004-01-28 03:47:00 | > Funny thing is, I have received no viruses in my > trash accounts (used as per Chill's suggestion) or > personal ones. Only the business accounts have been > hit with a good proportion of the addy's being known > to me or from reputable institutions. Interesting Murray, although the first wave came on my son's account, and for good reason given its history, I too have received no viruses in any of the five other trash accounts that I operate. Today I started receiving virus emails on my business account which receives almost no spam. I have jealously guarded that address for years as it includes my company name, however it must have been harvested from one of my clients. The actual address is billy@mycompany-name.co.nz but I have received emails with Billy replaced by over 25 different names@mycompany.co.nz. I am intrigued to find out how that aspect of the exploit is handled as anything sent with those names up-front would be automatically rejected by the server. Does anybody know how they hide the correct address and show only the fake without both appearing in the electronic audit trail? Cheers Billy 8-{) :| On the bright side, I downloaded Mailwasher and was able to dispose of over 200 messages in a couple of minutes. |
Billy T (70) | ||
| 210328 | 2004-01-28 03:58:00 | Why would they be rejected by the server? All of the url's i own automaticly have a catch-all email accout. You could send hkgedihbwei@computermedic.co.nz and i would recieve it. |
metla (154) | ||
| 210329 | 2004-01-28 04:59:00 | metla is correct. Anything put in front of your domain name is a valid address and will be delivered to you. You can check this by sending an email to yourself with any sort of name before your domain name You can get who ever is hosting your domain to setup mail rules so specific names are pointed to your normal email address for downloading and anyting else which will go to the default catch all can be set up to go to a non existant address and you won't receive them. |
Jim B (153) | ||
| 210330 | 2004-01-28 05:00:00 | Billy I was going to do a copy & paste of this Trend Micro page (www.trendmicro.com) but, as you will see it's better left over there and not here. Good info at Symantic as well. I'm on my second AV update for the day there is to be a new variant out (although an old virus type, all the same). Seems like the writer/propogator of this one wants to stay ahead of the chasers or some evil so & so has jumped on the bandwagon. I hope no PF1'ers get caught by it. BTW. My host's (not ISP) spam software has picked up the majority of the emails as spam and or highly likely to be a virus. Then my anti-virus jumped on it so, it never had a chance. Even then I viewed the first one via message source. Cheers Murray P |
Murray P (44) | ||
| 210331 | 2004-01-28 05:10:00 | At the risk of putting the knock on me I haven't yet received any of these :| Billy - as mentioned before you can delete, bounce, mark as spam or all three options to mail on the server with Mailwasher. I have an older version (before you had to pay for features) available at http://mailwash.vze.com/ J :D |
Jester (13) | ||
| 210332 | 2004-01-28 05:19:00 | > Anything put in front of your domain name is a valid > address and will be delivered to you. You can check > this by sending an email to yourself with any sort > of name before your domain name Well I'll be.........:O :O I just checked for myself and metla is right. :8} :_| I'll have to get onto my host (private company) and ask them to block all but the correct name. If I don't, I'm betting that after all this circulation of my email address I will be up to my eyeballs in spam. Cheers Billy 8-{) [pre][b]As I live and learn! |
Billy T (70) | ||
| 210333 | 2004-01-28 13:38:00 | Bump for an obviously important danger which got too far down the list too fast. People who haven't turned on their machines recently should read this thread. |
Laura (43) | ||
| 1 2 3 | |||||