[Laser] Viruses

Art ky1k at pivot.net
Fri Aug 27 12:29:57 EDT 2004 

This is OT for the list. But, I have been getting very similar notifications.

These are (almost) always false these days, although it might indicate a 
problem (not necessarily in your system though).

There are several email virii that operate as clients in your own computer 
and can be caught by executing hostile html code, I just got rid of one of 
these. I caught it between the time Norton antivirus discovered it and the 
time they actually updated the virus definitions to detect it. I had to 
manually edit the registry after deleting some bogus system files in DOS.

A tip off to having this type of virii is that your firewall keeps asking 
you for permission for so and so .exe, xx.com, xx.xml etc to access the 
internet. All users should run the free version of Sygates firewall as a 
minimum protection against these sorts of stealth email programs that 
operate within your own system.

The spoofed message I got was totally false and looked absolutely perfect, 
right down the forwarding path, the message ID from the so called 
originating server and it had proper timestamps. The reason the messages 
look absolutely perfect is because the code looks at messages in your 
various mailboxes and replicates them based on real (legitimate) messages 
you have saved. In my case, the message came from my email system 
administrator @ colby.edu! If I had not called the email administrator by 
phone to confirm the message, I would have been in deep do do.

Had I followed the instructions in the false message, I would have caught 
an even worse virii because the link contained in the false email message 
would have taken me to another site to download the companion virii that 
would have done serious damage!

Bottom line is that these types of virii spread and mutate very quickly and 
you cannot believe everything you see in your inbox, even if it looks 
legitimate.

There are other virii that cause infected systems to send false messages as 
well, but these are harmless and benign. If you get a message with a 
warning that your mail cannot be sent because it contains a virus, then you 
probably got it from a friends/family computer that is infected and is 
emitting these types of (harmless) messages.

If you can't afford antivirus software, you should at least run the free 
sygate firewall, set your browser to 'medium' security', avoid microsoft 
email software and run the free version of adaware (declaws spyware 
programs and allows you to delete or quarantine third party type cookies 
while leaving the harmless ones).

Hope this isn't too far off topic for this list.

Art

PS:I got 4 of the harmless 'notifications' yesterday, here is the text of 
one of them.








---------------






The original message was received at Thu, 26 Aug 2004 14:22:30 -0400 (EDT)
from syro530-a194.otenet.gr [212.205.213.194]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery.  The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered.  The next line contains a second error message which is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



    ----- The following addresses had permanent fatal errors -----
<dnamuxdnam at netscape.net>

    ----- Transcript of session follows -----
... while talking to air-nc01.mail.aol.com.:

 >>> RCPT To:<dnamuxdnam at netscape.net>

<<< 550 MAILBOX NOT FOUND
550 <dnamuxdnam at netscape.net>... User unknown
Reporting-MTA: dns; rly-nc03.mx.aol.com
Arrival-Date: Thu, 26 Aug 2004 14:22:30 -0400 (EDT)

Final-Recipient: RFC822; dnamuxdnam at netscape.net
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-nc01.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Thu, 26 Aug 2004 14:22:43 -0400 (EDT)
Received: from  colby.edu (syro530-a194.otenet.gr [212.205.213.194]) by 
rly-nc03.mx.aol.com (v101_r1.2) with ESMTP id 
MAILRELAYINNC35-677412e29f5337; Thu, 26 Aug 2004 14:20:57 -0400
From: aballen at colby.edu
To: dnamuxdnam at netscape.net
Subject:
Date: Thu, 26 Aug 2004 21:19:20 +0300
MIME-Version: 1.0
Content-Type: multipart/mixed;
         boundary="----=_NextPart_000_0002_05B2FBF6.2FE9B80F"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AOL-IP: 212.205.213.194
X-AOL-SCOLL-SCORE: 0:0:0:
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <200408261422.677412e29f5337 at rly-nc03.mx.aol.com>





---------------------






At 10:55 AM 8/27/04, you wrote:
>I have been getting e-mail viruses for several weeks from
>"owner-laser at qsl.net".  The actual source of the e-mails appears to be
>"mail.uniquesys.com" (HELO robertgn01.com) (DNS 216.191.35.156) which is
>listed as Allstream Corp., Toronto, ON.
>
>Does this look like someone who is on this list?  If so, please check your
>computer for viruses.
>
>73, Zack W9SZ
>
>_______________________________________________
>Laser mailing list
>Laser at mailman.qth.net
>http://mailman.qth.net/mailman/listinfo/laser

More information about the Laser mailing list