<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>RE: [dba-Tech] Norton Firewall</TITLE>
<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff size=2>I've
been getting deluged by them too this week. Probably 20 a day since I got back
from vacation (Sunday).</FONT></SPAN></DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff size=2>I
opened one of them (Outlook 2k) and choose View | Options and copied this
info:</FONT></SPAN></DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff
size=2>Received: from DELLY [68.49.121.92] by mail.winhaven.net with
ESMTP<BR> (SMTPD32-8.01) id A9CB30F0378; Thu, 21 Aug 2003 09:40:11
-0500<BR>From: <<A
href="mailto:stuartcannon@mindspring.com">stuartcannon@mindspring.com</A>><BR>To:
<<A
href="mailto:techasst@winhaven.net">techasst@winhaven.net</A>><BR>Subject:
Re: Wicked screensaver</FONT></SPAN></DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff size=2>Does
this mean that Stuart Cannon really is the person that sent this or can this be
masquraded somehow?</FONT></SPAN></DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff size=2>John
B.</FONT></SPAN></DIV>
<DIV><SPAN class=718413021-21082003><FONT face=Arial color=#0000ff
size=2> </DIV>
<DIV><BR></DIV></FONT></SPAN>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
dba-tech-bounces@databaseadvisors.com
[mailto:dba-tech-bounces@databaseadvisors.com]<B>On Behalf Of </B>Drew
Wutka<BR><B>Sent:</B> Thursday, August 21, 2003 2:52 PM<BR><B>To:</B>
Discussion of Hardware and Software issues<BR><B>Subject:</B> Re: [dba-Tech]
Lots of Virii attempts today<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Just a little FYI on this virus. It DOES
NOT use the email address of the infected machine to send out emails. It
sends them out using random email addresses found on the users machine.
What does that mean in English? If your anti-virus software sends a
notice to the sender of a virus (like yours did here Arthur), you are
notifying the wrong person. We have gotten tons of these notices,
because our employee's email addresses are being spoofed by this
virus!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>To actually determine what is sending out these
emails, look at the header info of the email. That will give you the
machine name and IP Address of the computer sending out the viruses. Get
the WhoIS information for that IP Address, and notify the Abuse or Tech person
for that IP Address. It may help them if you include a copy of the
header information.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Drew</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=artful@rogers.com href="mailto:artful@rogers.com">Arthur Fuller</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=dba-tech@databaseadvisors.com
href="mailto:dba-tech@databaseadvisors.com">Discussion of Hardware and
Software issues</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, August 21, 2003 2:31
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [dba-Tech] Lots of Virii
attempts today</DIV>
<DIV><BR></DIV>
<DIV><SPAN class=152100418-21082003><FONT face=Arial color=#0000ff size=2>I
just got about the 20th notice today from the company's email provider. A
snip:</FONT></SPAN></DIV>
<DIV><SPAN class=152100418-21082003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=152100418-21082003>
<P><FONT size=2>Recipient: <A
href="mailto:afuller@etsys.com">afuller@etsys.com</A></FONT></P>
<P><FONT size=2>Sender: <A
href="mailto:ntbug@microsoft.com">ntbug@microsoft.com</A></FONT></P>
<P><FONT size=2>Subject: Re: Approved</FONT></P>
<P><FONT size=2>Virus name: <A
href="mailto:W32.Sobig.F@mm">W32.Sobig.F@mm</A></FONT></P>
<P><FONT size=2>Attachment: details.pif</FONT></P>
<P><FONT size=2>Status: Messaged deleted</FONT></P>
<P><FONT size=2>Notified: recipient, administrator</FONT></P>
<P><FONT size=2>Thank you for using our services</FONT></P>
<P><FONT size=2>---</FONT></P>
<P><FONT size=2>The Electric Mail Company</FONT></P>
<P><A href="http://www.electricmail.com"><FONT
size=2>www.electricmail.com</FONT></A></P>
<P><SPAN class=152100418-21082003><FONT size=2>My question is, how can
people spoof an email address? Look where it allegedly came
from.</FONT></SPAN></P></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><B><FONT face=Arial
size=2></FONT></B> </DIV></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>dba-Tech mailing
list<BR>dba-Tech@databaseadvisors.com<BR>http://databaseadvisors.com/mailman/listinfo/dba-tech<BR>Website:
http://www.databaseadvisors.com<BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>