Virus Alert ( I'm getting all your junk! )
Okay folks, please update your scanners and clean your PCs! http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html This guy is giving me lots of pain indirectly. It infects your computer, looks in your addressbook, forges a email from someone in said book. If said email bounces due to a virus scanner finding the virus, and it was forged to look like it came from me, I GET THE BOUNCED EMAIL from those damnable scanners! Please clean up your PCs, I've gotten 200+ copies today alone (direct infected emails, and mails bounced by the virus scanners ). Note that it IS a windows virus. I run Linux, I'm immune. If you see any virii supposedly coming from me, it DIDN'T. It forged the headers to make it look so. -Daniel -- The Meek shall inherit the Earth, for the Brave are among the Stars!
On Fri, 2003-09-19 at 12:30, Daniel Joyce wrote:
Okay folks, please update your scanners and clean your PCs!
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
This guy is giving me lots of pain indirectly. It infects your computer, looks in your addressbook, forges a email from someone in said book. If said email bounces due to a virus scanner finding the virus, and it was forged to look like it came from me, I GET THE BOUNCED EMAIL from those damnable scanners!
Please clean up your PCs, I've gotten 200+ copies today alone (direct infected emails, and mails bounced by the virus scanners ).
Note that it IS a windows virus. I run Linux, I'm immune. If you see any virii supposedly coming from me, it DIDN'T. It forged the headers to make it look so.
-Daniel Some good news for you.
I had that happen to me a couple of months ago. Fortunately the spammer moved on fairly quickly, so I only got a few hundred bounced messages total. I guess they randomly pick a new from name every several thousand e-mails. FYI: forging headers is illegal in the US, but I did not take time to try and track them down. Not really sure how I would try. And they would propably turn out to be out of the county anyway. Greg -- Greg Freemyer
Okay folks, please update your scanners and clean your PCs!
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
This guy is giving me lots of pain indirectly. It infects your computer, looks in your addressbook, forges a email from someone in said book. If said email bounces due to a virus scanner finding the virus, and it was forged to look like it came from me, I GET THE BOUNCED EMAIL from those damnable scanners!
Please clean up your PCs, I've gotten 200+ copies today alone (direct infected emails, and mails bounced by the virus scanners ).
Note that it IS a windows virus. I run Linux, I'm immune. If you see any virii supposedly coming from me, it DIDN'T. It forged the headers to make it look so.
-Daniel
Are you running Postfix? I've gotten a few of these I believe and the attachment is always named *.exe. I reject the mails with a simple pcre rule using one of Postfix capabilities. If you'd like me to send you information on how I am blocking these things, let me know. BTW: Is it better to REJECT these mails or just DISCARD them? -Jim-
I'll bite, how do you configure postfix to block exe's I have made a block file and added it to main.cf but it doesn't seem to 100% effective, it does block some exe's though. Rob -----Original Message----- From: Jim Norton [mailto:jrn@oregonhanggliding.com] Sent: Friday, September 19, 2003 11:39 AM To: suse-linux-e@suse.com Subject: Re: [SLE] Virus Alert ( I'm getting all your junk! )
Okay folks, please update your scanners and clean your PCs!
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
This guy is giving me lots of pain indirectly. It infects your computer,
looks
in your addressbook, forges a email from someone in said book. If said email bounces due to a virus scanner finding the virus, and it was forged to look like it came from me, I GET THE BOUNCED EMAIL from those damnable scanners!
Please clean up your PCs, I've gotten 200+ copies today alone (direct infected emails, and mails bounced by the virus scanners ).
Note that it IS a windows virus. I run Linux, I'm immune. If you see any virii supposedly coming from me, it DIDN'T. It forged the headers to make it look so.
-Daniel
Are you running Postfix? I've gotten a few of these I believe and the attachment is always named *.exe. I reject the mails with a simple pcre rule using one of Postfix capabilities. If you'd like me to send you information on how I am blocking these things, let me know. BTW: Is it better to REJECT these mails or just DISCARD them? -Jim- -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
I'll bite, how do you configure postfix to block exe's I have made a = block file and added it to main.cf but it doesn't seem to 100% effective, it = does block some exe's though.
Rob
I am going to send to you directly my response. The suse list appears to be doing some Message content blocking as well and my attempts to paste in my files triggers the filter. -Jim-
I'll bite, how do you configure postfix to block exe's I have made a = block file and added it to main.cf but it doesn't seem to 100% effective, it = does block some exe's though.
Rob
Ok so perhaps it was my own filter also filtering outgoing mail... Try this: In main.cf add the following line: body_checks = regexp:/etc/postfix/anti_virus,pcre:/etc/postfix/pcre_anti_virus You will need to create the two files.. I've appended them below: ANTI-VIRUS FILE ======================================================================== # Virus /(filename|name)="(Happy99|Navidad|prettypark)\.exe"/ REJECT /(filename|name)="(pretty park|zipped_files|flcss)\.exe"/ REJECT /(filename|name)="(Msinit|wininit|msi216|CFGWIZ31)\.exe"/ REJECT /(filename|name)="(Avp_updates|Qi_test|Anti_cih)\.exe"/ REJECT /(filename|name)="(Emanuel|kmbfejkm|NakedWife|Readme|readme)\.exe"/ REJECT /(filename|name)="(Seicho_no_ie|JAMGCJJA|Sulfnbk|QuickLnk)\.exe"/ REJECT /(filename|name)="(Readme|readme)\.eml"/ REJECT /(kak|day)\.(reg|hta)/ REJECT /Rem I am sorry/ REJECT /Te mando este archivo para que me des tu punto de vista/ REJECT /I send you this file in order to have your advice/ REJECT /Espero me puedas ayudar con el archivo que te mando/ REJECT /Espero te guste este archivo que te mando/ REJECT /Este es el archivo con la información que me pediste/ REJECT /I hope you can help me with this file that I send/ REJECT /I hope you like the file that I send you/ REJECT /This is the file with the information that you ask for/ REJECT # ficheros extraños /(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif|lnk)"/ REJECT /(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT ============================================================================ PCRE_ANTI_VIRUS FILE ============================================================================== /^begin\s+\d{3}\s+.+?\.(exe|lnk|bat|chm|cmd|com|hta|jse?|pif|scr|shb|vb[esx]|ws[fh])\b/ REJECT /^Content-(Disposition|Type):\s+.+?(file)?name="?.+?\.(exe|bat|chm|cmd|com|hta|jse?|pif|scr|shb|vb[esx]|ws[fh])\b/ REJECT /^\s+(file)?name="?.+?\.(exe|bat|chm|cmd|com|hta|jse?|pif|scr|shb|vb[esx]|ws[fh])\b/ REJECT ================================================================================
Why on God's green earth would you CC this list with this. You've sent email to an address that probably doesn't even get looked at. And now you've spammed 1000's of people on this list. *shakes head* * Daniel Joyce (daniel.a.joyce@worldnet.att.net) [030919 09:34]:
Okay folks, please update your scanners and clean your PCs!
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
This guy is giving me lots of pain indirectly. It infects your computer, looks in your addressbook, forges a email from someone in said book. If said email bounces due to a virus scanner finding the virus, and it was forged to look like it came from me, I GET THE BOUNCED EMAIL from those damnable scanners!
Please clean up your PCs, I've gotten 200+ copies today alone (direct infected emails, and mails bounced by the virus scanners ).
Note that it IS a windows virus. I run Linux, I'm immune. If you see any virii supposedly coming from me, it DIDN'T. It forged the headers to make it look so. -- Ben Rosenberg ---===---===---===--- mailto:ben@whack.org
If two men agree on everything, you can be sure that only one of them is doing the thinking.
Ben Rosenberg wrote:
Why on God's green earth would you CC this list with this. You've sent email to an address that probably doesn't even get looked at.
And now you've spammed 1000's of people on this list. *shakes head*
* Daniel Joyce (daniel.a.joyce@worldnet.att.net) [030919 09:34]:
Okay folks, please update your scanners and clean your PCs!
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
This guy is giving me lots of pain indirectly. It infects your computer, looks in your addressbook, forges a email from someone in said book. If said email bounces due to a virus scanner finding the virus, and it was forged to look like it came from me, I GET THE BOUNCED EMAIL from those damnable scanners!
Please clean up your PCs, I've gotten 200+ copies today alone (direct infected emails, and mails bounced by the virus scanners ).
Note that it IS a windows virus. I run Linux, I'm immune. If you see any virii supposedly coming from me, it DIDN'T. It forged the headers to make it look so.
I've been getting hundreds of emails from M$ the last 2 days, including system notices, exe's and bounced emails from msn. I did visit a M$ website a couple days ago. Any idea if I'm getting spammed by M$, or could this be the virus being discussed? If I am getting spammed, does anyone know how to get a hold of someone at M$ that can fix it? I've spent hours and hours going through their site and can't find a contact other than product support. Thanks, -- Jim Sabatke Hire Me!! - See my resume at http://my.execpc.com/~jsabatke Do not meddle in the affairs of Dragons, for you are crunchy and good with ketchup.
Please move this thread to suse-ot. Email suse-ot-subscribe@suse.com to subscribe. -- -ckm
participants (7)
-
Ben Rosenberg
-
Christopher Mahmood
-
Daniel Joyce
-
Greg Freemyer
-
Jim Sabatke
-
jrn@oregonhanggliding.com
-
Rob Sell