<<< Date Index >>>     <<< Thread Index >>>

Re: list subscriber infected with email virus



On Tue, Dec 23, 2003 at 01:29:44PM +0100, Andrei A. Voropaev wrote:
> On Tue, Dec 23, 2003 at 06:27:37AM -0500, David Yitzchak Cohen wrote:
> > On Mon, Dec 22, 2003 at 09:43:59PM -0500, Ronald J Kimball wrote:

> > > I believe a subscriber to this list is infected with an email virus.  I
> > > haven't been able to track down the subscriber, so I'm sending this to the
> > > list.
> > > 
> > > Earlier today I received two email virus messages to the address I use on
> > > this list.  (Subjects "Microsoft Security Patch" and "Bug Notice".)  They
> > > both originated from 195.121.163.114, which is an IP address owned by
> > > hetnet.nl.  If you're reading this and Het Net is your ISP, please check
> > > your computer for viruses, perhaps using Het Net's virus scanner at
> > > http://www.hetnet.nl/evs/
> > 
> > I just checked my incoming junk mail, and don't find anything with those
> > subjects sent directly to my mutt-users address.  What about others?
> 
> I believe you misunderstood the message. The virus was sent to the
> address FROM which Ronald writes to this list. So, the list didn't
> receive any of those messages :) 

What I meant was that I didn't find anything interesting sent to the
address I use for the mutt-users mailing list.  (I believe you may have
misunderstood me.)

> I don't receive viruses, but I receive lots of "message
> undeliverable" errors, which means that when virus sends out itself it puts
> my address into From: header. And I'm really tired of "friendly" mail
> servers that spam me with "One of your messages contained virus. Please
> check your system". I guess they want to do good for me. Though I
> wonder, how many dummy sysadmins believe that the virus would always put
> REAL address in From field :) Anyway, sometimes I get up to 30 such
> warnings per day :) And sure enough I use Linux :)

Yeah, my addy's been "hijacked" before, as well.  That's why I sign all my
outgoing mail.  Anybody who wants to block all junk mail claiming to come
from me can do so very easily, simply refusing any mail that's not signed
with my key.  (One of my many headers makes a note of that, incidentally.)

 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpwNKtVTdi3D.pgp
Description: PGP signature