Drew Wutka
dbatech at wolfwares.com
Thu Aug 21 14:52:28 CDT 2003
RE: [dba-Tech] Norton FirewallJust a little FYI on this virus. It DOES NOT use the email address of the infected machine to send out emails. It sends them out using random email addresses found on the users machine. What does that mean in English? If your anti-virus software sends a notice to the sender of a virus (like yours did here Arthur), you are notifying the wrong person. We have gotten tons of these notices, because our employee's email addresses are being spoofed by this virus! To actually determine what is sending out these emails, look at the header info of the email. That will give you the machine name and IP Address of the computer sending out the viruses. Get the WhoIS information for that IP Address, and notify the Abuse or Tech person for that IP Address. It may help them if you include a copy of the header information. Drew ----- Original Message ----- From: Arthur Fuller To: Discussion of Hardware and Software issues Sent: Thursday, August 21, 2003 2:31 PM Subject: [dba-Tech] Lots of Virii attempts today I just got about the 20th notice today from the company's email provider. A snip: Recipient: afuller at etsys.com Sender: ntbug at microsoft.com Subject: Re: Approved Virus name: W32.Sobig.F at mm Attachment: details.pif Status: Messaged deleted Notified: recipient, administrator Thank you for using our services --- The Electric Mail Company www.electricmail.com My question is, how can people spoof an email address? Look where it allegedly came from. ------------------------------------------------------------------------------ _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://databaseadvisors.com/pipermail/dba-tech/attachments/20030821/4f231035/attachment.html>