Ok, there an email going around i got it from "moderators [moderators@webhostingtalk.com]" it has an virus in it, I am sure it will not be from WHT team, but some lamers, who seems to think everyone is stupid enought to open them. ..

Just a warning for you guys/gals .. I am outa here, Im sleepy, so i will check the headers in the morning.

Have a nice evening.

Shazad...


EDIT :
Email Subject : Cellpadding
Virus Name : W32.Klez.H@mm
Filename : Unknown04c0.data
Characteristics : Memory Resident, Size Stealth, Full Stealth, Triggered Event, Encryption and Polymorphic

I've posted the characteristics of Klez a few times now (search), but to sum up: virus sends mail out from random address book entry. You can check the headers to see if it actually came from a WHT staff member which would be more useful...

Chicken,

I was not refering to the fact that it came from you, i was warning other users who may attempt to open it of such...

Ill check headers laters, Im off to bed.
G'Night and have a nice evening.

Shazad...

hehe Chicken is angry :rolleyes:

hehe, Chicken, Now why would WHT Want to send a virus out to people?

Oh for crying out loud!
Who ever doesn't know by now that:
1) some virri (klez) send themselves to addresses randomly found in the cache files, (could be an address on a webpage the infected person visited) with random text as the subject, and random address found in the cache files in the from feild, (This will not be the actual "recieved by"), and
2) who hasn't updated their AVs regularly, and
3) DLs files in emails,
deserves to get this virrus!
I mean really this peticular virri has been around since January! Hack, it started out as just Klez and last time I checked it was up to "KlezH" It might even have more versions out by now.

So seeing as how WHT has many visitors, it stands to reason that some of these addys are cached, and some people will be getting infected emails, from infected users.

One thing I started doing was encoding the email addys I use on webpages so that I get less of these random virri sent to me.
I also do it for any website I create to help protect the people I make the website for.

Just as an FYI, the plural of virus is viruses, not viri, virii, or virri.

Just in case anyone really wants to know :D

Maybe it's another case of regional spelling?

Or maybe I just spell it randomly different everytime.
:D (the ATST virus)

Originally posted by cabalstudios
Chicken,

I was not refering to the fact that it came from you, i was warning other users who may attempt to open it of such...

No, no, no... I know it didn't come from me, that wasn't what I was saying. If you look at the headers you can see who it did come from and inform them that their machine is infected. I suppose that is easier when you can do an IP lookup on the forum, and this makes it easier to figure out the person whose machine is klezed.

It could be from someone on staff, however the point isn't to be careful of mail addressed from modes@wht, the point is to check those attachments, as the 'from' field is just random. No one is actually putting the address there (no lamers), it is done by the annoying virus.

I just wanted to clear up confusion, as the title of the thread is, "Virus from WebhostingTalk" which isn't accurate.

Originally posted by ATST
Maybe it's another case of regional spelling?

Or maybe I just spell it randomly different everytime.
:D (the ATST virus)
Ack! He's been infected by the be.SpellinZ virus! :eek:

lol

Something I have seen happen at one of my websites I am project engineer on, and have my email listed as contact, until a few days ago.

My email address was getting a virus a day sent to it. First it would be the Klez, then it would be the Yaha. I have Zone Alarm Pro which effectively uses Mailsafe to change the extension as it comes in, then Norton grabs it and quarantines it for deletion. Upon close inspection of these emails, I notice that they did in fact NOT come from those email addys, because they did not exist when I emailed them back. So under closer inspection, I noticed when I clicked on options in Outlook, of the email, it said it really came from an AOL domain. All of them. So they were probably intentional emails, I suspect, since they were coming from spoofed addys.

Suddenly, I got a message delivery error, that had a virus in the attachment. Someone had used my email addy, to email a virus to a fake email account, which caused it to bounce back to me. If I did not have the security in place, I may have opened the attachment to see what I might have sent someone that came back. So yes, there are a lot of people spoofing addys out there trying to infect people. My webhost said there was nothing that can be done, except for deleting the email addy. Great option, huh? They also had me change all my passwords just in case someone had hacked my account, which wasn't likely, because then, they could infect the file or screw up the webpages on my domains.

So watchout if you see a message delivery error to an email you don't recognize. And make sure your AV is up to date.
BTW, I just got spam porn sent to me today from another one of my addys on a whole different domain. Spoofed as well. Why would I spam myself porn, or why would they let me see that they spoofed my email to spam porn?

I get that Cellpadding crap atleast 5 times a day :angry: