Results 1 to 20 of 20
  1. #1
    Join Date
    Feb 2002
    Location
    Houston, TX
    Posts
    341

    * W32.Netsky Posing As DixieSys

    With most of the virii coming from email addresses on our own domains, I just got one from another domain... mydixiesys.com.

    All this is just getting so annoying... had no clue why Gary would be emailing me, and in fact, it was a trick. Sneaky.

    =========
    Header:
    =========

    Return-Path: <gary@mydixiesys.com>
    Delivered-To: 6-rhinojosa@glexicon.com
    Received: (qmail 21961 invoked from network); 28 Mar 2004 17:05:04 -0000
    Received: from wsip-68-99-158-46.ri.ri.cox.net (HELO glexicon.com)
    (68.99.158.46)
    by oberon.gxn.us with SMTP; 28 Mar 2004 17:05:04 -0000
    From: gary@mydixiesys.com
    To: rhinojosa@glexicon.com
    Subject: Re: Delivery Server
    Date: Sun, 28 Mar 2004 12:16:08 -0500
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
    X-Priority: 3
    X-MSMail-Priority: Normal


    =========
    Message:
    =========

    >
    > First part of the secure mail is available.
    >
    >
    > +++ Attachment: No Virus found
    > +++ MC-Afee AntiVirus - www.mcafee.com
    >
    >
    Has anyone else gotten this one? Beware... do *not* open the attachment: W32.Netsky.

  2. #2
    Join Date
    Mar 2002
    Location
    Orlando, FL
    Posts
    12,207
    Yeah similar issues here.

  3. #3
    Join Date
    Jul 2002
    Location
    Victoria, Australia
    Posts
    36,941
    We get dozens of them a day you would be surprised at some of the "senders" , and apparently the mods are "sending" a few too, judging by the returned ones

  4. #4
    People e-mail be back and yell at me for sending them viruii. It is just spoofing our address. This virus is getting on my nerves.

  5. #5
    Join Date
    Jul 2002
    Location
    Victoria, Australia
    Posts
    36,941
    There seems to be a new version every day now I think we get A, B, C, D, F, J and Q now When new mail comes in, say we get 15, 1 might be a legit email the rest are viruses or spam.

  6. #6
    is it just netsky causing this surge of viruses?

    i'm getting a good 50 a day, bloody pain in the arse!!

  7. #7
    Join Date
    Jul 2002
    Location
    Victoria, Australia
    Posts
    36,941
    No, we are also getting Klez, dumuru. parite, mydoom, (and a couple I forget) on a daily basis.

    Edit: Bagle is another one.
    Last edited by anon-e-mouse; 03-29-2004 at 08:14 AM.

  8. #8
    My ISP told me that e-mails were being randomly generated onto real domains. So I get angry e-mails from people telling me that I'm e-mailing domains from e-mail boxes I don't have. Not good.

  9. #9
    Join Date
    Jul 2002
    Posts
    308
    I have found a good way to quickly filter these is to check in the headers for HELO YOURDOMAIN - in your case (HELO glexicon.com)

    Basically that is the virus trying to be clever and make it look like it was sent from your domain, but even if it was sent from your domain it wouldn't use the format like that it would be from your computer's netbios name or from your SMTP server or similar. Why would you be sending yourself an attachment from your own domain?

    So, please someone correct me if I'm wrong, but it should be pretty safe to delete incoming email that uses (HELO YOURDOMAIN) in it's headers AND have an attachment? - that will at least filter away a good portion of the latest viruses that use this method, I've tried testing the theory and it's working so far with 100% accuracy.

  10. #10
    My Norton AV auto removes attachments and replaces with a text file on infected files. I am not getting as many as some of you, but still getting a few.
    ServeYourSite
    Web hosting done right
    ██ Shared, Reseller and Dedicated web hosting
    An Easy Web Presence Company

  11. #11

    If Norton AntiVirus detects a virus, worm, or Trojan, review the following list of the current top virus threats. If the security threat that you are looking for is not listed here, search the Symantec Security Response Virus Encyclopedia.

    Recent virus alerts including W32.Netsky.B@mm, W32.Netsky.B@mm and W32.Netsky.D@mm
    W32.Welchia.B.Worm
    W32.Netsky.D@mm
    W32.Beagle.J@mm
    W32.Beagle.E@mm
    W32.Blaster.Worm
    Downloader.MSCache
    That's from the Symantec website ...
    ServeYourSite
    Web hosting done right
    ██ Shared, Reseller and Dedicated web hosting
    An Easy Web Presence Company

  12. #12
    i can handle being hit by viruses, it's just my users i don't want getting spoofed emails looking like they're from me (i actually don't want anyone to get virus emails looking like they're from me, but what can we do about that? not much!)

  13. #13
    Join Date
    Jul 2002
    Location
    St. Louis, MO
    Posts
    1,653
    Its bad enough that we all get the, but worse when ignorant users calls up and complain that we sent them a virus. (I work for a small ISP). We even sent out an email explaining all about the virus. Yet every day for the past two weeks I get 3-5+ smart folks, who tell me how they figured out how to open that zipped up attachement we sent them.


    **sigh**
    Happily hosting @ Dathorn.com (Since 3/2003), Ispeeds.net (Since 2004), & Quadspeedi.net (Since 7/2005)!
    Hosted @ FDC for 9 Years

  14. #14
    Join Date
    Aug 2003
    Posts
    2,071
    NAV automatically deletes the virii for me; but the problem is it leaves this huge dialogue box telling me that: "Yay, praise me, I did my job" (ok, so it doesn't say that litterally...) and doesn't continue with retrieving the next mail... I am thinking maybe I should just get a spam filter working on my domain -.-"

    BTW, you may want to get a mod to edit out your email addy... or when the next spam harvester comes along, they can just snatch your email right off from this thread.

  15. #15
    Yea, this garbage seems to be getting more common every day. My inbox is literally flooded with over 50 klez files a day.

    As if I am going to be more persuaded to open 1 if I recieve another 40 identicle to the first. And yea, the senders are very convincing, since a lot of them you seem to have some relation with. Very wack.

  16. #16
    Well, I use NeoMail most the time when I'm on the go and all these e-mails usually have a size of 35KB. I just delete those.

  17. #17
    They grab email addresses that are or have been entered or used on your computer, that's why you will have relation to them.

    I wish these sad computer geeks would get a life, what the hell do these 13 year olds do? Haven't they heard of porn?
    ServeYourSite
    Web hosting done right
    ██ Shared, Reseller and Dedicated web hosting
    An Easy Web Presence Company

  18. #18
    if you run your own server what software can you install to filter them out?

  19. #19
    I am unsure, but there must be something to stop attachments with certain contents, virus checkers on your server wouldn't block the email, but would replace it with a text telling them it had been quarantined, still just as annoying.
    ServeYourSite
    Web hosting done right
    ██ Shared, Reseller and Dedicated web hosting
    An Easy Web Presence Company

  20. #20
    Join Date
    Jul 2002
    Location
    Victoria, Australia
    Posts
    36,941
    Originally posted by 4 Degrees
    I wish these sad computer geeks would get a life, what the hell do these 13 year olds do? Haven't they heard of porn?
    Watching porn is getting a life?

    They (and you, if that's your life) would be better off away from the computer, out in the fresh air doing normal kid things like skateboarding, rollerblading, socialising with real humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •