[dba-Tech] Lots of Virii attempts today

John Bartow john at winhaven.net
Thu Aug 21 16:36:50 CDT 2003 

RE: [dba-Tech] Norton FirewallI've been getting deluged by them too this
week. Probably 20 a day since I got back from vacation (Sunday).

I opened one of them (Outlook 2k) and choose View | Options and copied this
info:

Received: from DELLY [68.49.121.92] by mail.winhaven.net with ESMTP
  (SMTPD32-8.01) id A9CB30F0378; Thu, 21 Aug 2003 09:40:11 -0500
From: <stuartcannon at mindspring.com>
To: <techasst at winhaven.net>
Subject: Re: Wicked screensaver

Does this mean that Stuart Cannon really is the person that sent this or can
this be masquraded somehow?

John B.



  -----Original Message-----
  From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of Drew Wutka
  Sent: Thursday, August 21, 2003 2:52 PM
  To: Discussion of Hardware and Software issues
  Subject: Re: [dba-Tech] Lots of Virii attempts today


  Just a little FYI on this virus.  It DOES NOT use the email address of the
infected machine to send out emails.  It sends them out using random email
addresses found on the users machine.  What does that mean in English?  If
your anti-virus software sends a notice to the sender of a virus (like yours
did here Arthur), you are notifying the wrong person.  We have gotten tons
of these notices, because our employee's email addresses are being spoofed
by this virus!

  To actually determine what is sending out these emails, look at the header
info of the email.  That will give you the machine name and IP Address of
the computer sending out the viruses.  Get the WhoIS information for that IP
Address, and notify the Abuse or Tech person for that IP Address.  It may
help them if you include a copy of the header information.

  Drew
    ----- Original Message -----
    From: Arthur Fuller
    To: Discussion of Hardware and Software issues
    Sent: Thursday, August 21, 2003 2:31 PM
    Subject: [dba-Tech] Lots of Virii attempts today


    I just got about the 20th notice today from the company's email
provider. A snip:

    Recipient: afuller at etsys.com

    Sender: ntbug at microsoft.com

    Subject: Re: Approved

    Virus name: W32.Sobig.F at mm

    Attachment: details.pif

    Status: Messaged deleted

    Notified: recipient, administrator

    Thank you for using our services

    ---

    The Electric Mail Company

    www.electricmail.com

    My question is, how can people spoof an email address? Look where it
allegedly came from.




----------------------------------------------------------------------------


    _______________________________________________
    dba-Tech mailing list
    dba-Tech at databaseadvisors.com
    http://databaseadvisors.com/mailman/listinfo/dba-tech
    Website: http://www.databaseadvisors.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://databaseadvisors.com/pipermail/dba-tech/attachments/20030821/230b7563/attachment.html>

More information about the dba-Tech mailing list