by LDH 10 Replies latest jw friends
I received an email from '[email protected]' entitled "movie" with an attachment, which I opened immediately.
NOT!!!
New people on the board, please use caution when opening attachements or viewing emails from people who frequent this board. There are some very malicious characters out there.
I haven't even been able to visit the board all that much lately, and my name was still selected as the lucky recipient of the "movie."
Lisa
Wasn't born yesterday Class
Wise move LDH. Everyone really should have antivirus software on their computer and keep it current. You can't afford to not use protection in this promiscuous computing age!
Lisa,
Your email isn't visible in your profile, so it must have come from someone's email address box that contains your email addy. It may not have necessarily have come from Sheila Bowen, as some viruses attach themselves to an address in the victim's address book, and sends itself out as if it was actually coming from that address. ie, LDH's email addy, and Sheila's email addy are in someone's email address book. The virus attaches itself to Sheila's address, and sends out emails to LDH and everyone else in that book, under Sheila's name. Although Sheila may know nothing about this email.
Thanks for the heads up Lisa. I hope your computer is okay.
I got one like that last month from my supervisor, and the subject line was "My New House". I knew he had moved to a new house, but it wasn't like him to send an email like that, so I emailed him to see if he had sent it. He had not, and had no idea what it was. It had an attachment and I deleted it immediately.
Those things take email addresses from people, and send mass emails to everyone in the book. Poor Sheila. This wasn't her fault!!!!!!!
Yes, I hope no one has the idea that I think Sheila sent this.
I know she did not.
I'm just giving fair warning to the newbies.
That's funny. I got the same thing yesterday sent to my [email protected] address. Only mine came from a [email protected]. The subject was "Re:Movie" and the attachment was a .PIF file. The address is fake as hotmail didn't have a real mailbox for that name, but the dork didn't cover his tracks all that well. The IP address originating the email came from 24.57.165.152 which is some cable internet user of CGO Cable in Canada. A quick scan of his ip showed that there was no open remailer being used as telnet sessions to a few open ports didn't establish a response. If there was a remailer, then I could have just dismissed it as someone using his computer(s) as an anonymous type proxy source.
BUT, the interesting thing was that he is a Kazaa user. Scanning port 80, which is normally reserved for web servers, showed his Kazaa username, at least part of it, and his ip address/supernode address. His Kazaa username was Kevin...something.
I'm not sure why he sent a PIF file for as it wouldn't do anything to most computers if opened. But he must have used one of those "anonymous email" sites out there or got a hold of an email program that spoofs the address. Too bad he hasn't learned how to use proxies yet...
I also got a "re:movie" e-mail. I didn't know the sender, and I still cannot remember its name.
Since I didn't know the sender, of course I didn't open the attachment. I wasn't expecting it, and opening it wouldn't have added anything to my life (except trouble, possibly).
That's the Sobig.E virus. It is going around like crazy:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
Don't put too much importance on the "from" address; it's forged anyway.
And Jourles, that user's IP address doesn't need to have a mail server running. I believe this virus has its own SMTP engine to mail itself out directly to the destination MX (eg, it doesn't need to go through the user's ISP's mail server).
Hey Dr, I guess it pays to stay up to date on some of these virii. Most of my email checking/web surfing during the day goes through either a Sun or Linux WS. That is when I usually check my yahoo emails. Usually never a need to worry about Win-virii. It would make sense for the worm to change the "from" address and open periodically a smtp port in a higher range than just 25. I didn't notice anything in the 99x range being open though at the time.
