[dba-Tech] I don't know what I don't know from whereissendingmessages usingmy e-mail address...

Tortise@Paradise tortise at paradise.net.nz
Sun Sep 14 06:43:02 CDT 2003 

The problem is that e-mail addresses are probably being blacklisted as spam sources, when in reality they are not.  The viral
payload is probably causing blacklisting of innocent addresses.  (I presume)
What to do though?
I expect I've been blacklisted from the number I received, undeservedly.  I haven't looked though.
Kind regards,
David Hingston
_________________________________________________________________________
Engines2Go - Now THAT's a Search Engine!
Automated major search engine manager
Makes searching quicker and easier - Have you tried it?
http://www.engines2go.com/
http://www.cheqsoft.com/  The home of Clipboard Express, MP3 Detective, TimesOwn and Break Reminder.
----- Original Message -----
From: "Erwin Craps" <Erwin.Craps at ithelps.be>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Tuesday, September 09, 2003 8:43 AM
Subject: RE: [dba-Tech] I don't know what I don't know from whereissendingmessages usingmy e-mail address...


Not only Sobig.
All recent/new virusses are using that technique.


-----Oorspronkelijk bericht-----
Van: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] Namens Shamil
Salakhetdinov
Verzonden: maandag 8 september 2003 20:10
Aan: Discussion of Hardware and Software issues
Onderwerp: Re: [dba-Tech] I don't know what I don't know from where
issendingmessages usingmy e-mail address...


Thanks Gary and all the others who anwered my message!
All is clear now - this SoBig virus writer is a real devil...

Shamil

----- Original Message -----
From: "Gary Kjos" <garykjos at hotmail.com>
To: <dba-tech at databaseadvisors.com>
Sent: Monday, September 08, 2003 9:55 PM
Subject: Re: [dba-Tech] I don't know what I don't know from where is
sendingmessages usingmy e-mail address...


> Hi Shamil.
>
> Sobig virus uses E-Mail Spoofing - info belos is from the Symantec AV
> site info on it....
> -----------
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.h
tml
> -----------
> Email spoofing
> W32.Sobig.F at mm uses a technique known as "spoofing," by which the worm

> randomly selects an address it finds on an infected computer. The worm
uses
> this address as the "From" address when it performs its mass-mailing
> routine. Numerous cases have been reported in which users of
> uninfected computers received complaints that they sent an infected
> message to
another
> individual.
>
> For example, Linda Anderson is using a computer infected with
> W32.Sobig.F at mm. Linda is neither using an antivirus program nor has
> the current virus definitions. When W32.Sobig.F at mm performs its email
> routine, it finds the email address of Harold Logan. The worm inserts
> Harold's
email
> address into the "From" portion of an infected message, which it then
sends
> to Janet Bishop. Then, Janet contacts Harold and complains that he
> sent
her
> an infected message; however, when Harold scans his computer, Norton
> AntiVirus does not find anything, because his computer is not
> infected.
>
> --------
>
> So Shamil, someone who has you on their contact list is infected and
> is sending the message pretending to be you.....
>
> Gary Kjos
> garykjos at hotmail.com
>
>
>
>
>
> >From: "Shamil Salakhetdinov" <shamil at SMSConsulting.spb.ru>
> >Reply-To: Discussion of Hardware and Software
> >issues<dba-tech at databaseadvisors.com>
> >To: "dba - Tech" <dba-tech at databaseadvisors.com>
> >Subject: [dba-Tech] I don't know what I don't know from where is
> >sending messages usingmy e-mail address...
> >Date: Mon, 8 Sep 2003 21:34:15 +0400
> >
> >Hi All,
> >
> >Have you ever seen a message returned to your mailbox, having your
> >e-mail address in From field, which you didn't send? (see example in
> >P.S.) This doesn't seem to be a virus running on my PC - my PC is
> >scanned periodically using NAV with latest updates. And the
> >recipients e-mail addresses of such messages aren't written in my
> >address book, and even MS Outlook Express version I use is different!
> >
> >What is this? A virus NAV missing while scanning my PC? Or...? Could
> >you please advice?
> >
> >This looks very much like SOBIG virus but I don't have it on my PC!
> >
> >So much confused,
> >TIA for any info,
> >Shamil
> >
> >P.S. Strange messages header:
> >
> >Return-path: <shamil at smsconsulting.spb.ru>
> >Received: from conversion-daemon.mailgw2.cityu.edu.hk by
> >mailgw2.cityu.edu.hk
> >  (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
> >  id <0HKW00601M6XOB at mailgw2.cityu.edu.hk>
> >  (original mail from shamil at smsconsulting.spb.ru); Tue,
> >  9 Sep 2003 01:11:56 +0800 (CST)
> >Received: from USER-VJCG7U5W26 (171-043.onebb.com [202.180.171.43])
> >  by mailgw2.cityu.edu.hk
> >  (iPlanet Messaging Server 5.2 HotFix 1.17 (built Jun 23 2003))
> >  with ESMTP id <0HKW007I6N4417 at mailgw2.cityu.edu.hk> for
> >  college.office at cityu.edu.hk; Tue, 09 Sep 2003 00:57:47 +0800 (CST)
> >Date: Tue, 09 Sep 2003 01:28:39 +0800
> >From: shamil at smsconsulting.spb.ru
> >Subject: Thank you!
> >To: college.office at cityu.edu.hk
> >Message-id: <0HKW007I7N4417 at mailgw2.cityu.edu.hk>
> >MIME-version: 1.0
> >X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> >Content-type: multipart/mixed;
> >boundary="Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)"
> >Importance: Normal
> >X-Priority: 3 (Normal)
> >X-MSMail-priority: Normal
> >X-MailScanner: Found to be clean
> >
> >This is a multipart message in MIME format
> >
> >--Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
> >Content-type: text/plain; charset=iso-8859-1
> >Content-transfer-encoding: 7BIT
> >
> >See the attached file for details
> >
> >--Boundary_(ID_5Tw3yk+UVcZTNnkh000UIg)
> >Content-type: text/plain; Name=UnsafeFile.txt
> >Content-transfer-encoding: 7BIT
> >Content-disposition: inline
> >Content-description: Unsafe file movie0045.pif is removed!
> >
> >********* UNSAFE FILE REMOVED! *********
> >
> >The system has removed the following unsafe file from this mail:
> >
> >* Name of the file being removed: movie0045.pif
> >
> >Postmaster (Mail Administrator),
> >City University of Hong Kong
> >Email: postmaster at cityu.edu.hk
> >
> >(Reference number: 20030909_011156_13779)
> >********************************************
> >
> >
> >--
> >e-mail: shamil at smsconsulting.spb.ru
> >http://smsconsulting.spb.ru/shamil_s
> >
> >_______________________________________________
> >dba-Tech mailing list
> >dba-Tech at databaseadvisors.com
> >http://databaseadvisors.com/mailman/listinfo/dba-tech
> >Website: http://www.databaseadvisors.com
>
> _________________________________________________________________
> Fast, faster, fastest: Upgrade to Cable or DSL today!
> https://broadband.msn.com
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list