Results 1 to 20 of 20
Thread: W32.Netsky Posing [as anyone]
-
03-28-2004, 11:36 PM #1Web Hosting Guru
- Join Date
- Feb 2002
- Location
- Houston, TX
- Posts
- 341
W32.Netsky Posing As DixieSys
With most of the virii coming from email addresses on our own domains, I just got one from another domain... mydixiesys.com.
All this is just getting so annoying... had no clue why Gary would be emailing me, and in fact, it was a trick. Sneaky.
=========
Header:
=========
Return-Path: <gary@mydixiesys.com>
Delivered-To: 6-rhinojosa@glexicon.com
Received: (qmail 21961 invoked from network); 28 Mar 2004 17:05:04 -0000
Received: from wsip-68-99-158-46.ri.ri.cox.net (HELO glexicon.com)
(68.99.158.46)
by oberon.gxn.us with SMTP; 28 Mar 2004 17:05:04 -0000
From: gary@mydixiesys.com
To: rhinojosa@glexicon.com
Subject: Re: Delivery Server
Date: Sun, 28 Mar 2004 12:16:08 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
=========
Message:
=========
>
> First part of the secure mail is available.
>
>
> +++ Attachment: No Virus found
> +++ MC-Afee AntiVirus - www.mcafee.com
>
>
-
03-28-2004, 11:44 PM #2Web Hosting Master
- Join Date
- Mar 2002
- Location
- Orlando, FL
- Posts
- 12,207
Yeah similar issues here.
-
03-29-2004, 01:21 AM #3
We get dozens of them a day you would be surprised at some of the "senders" , and apparently the mods are "sending" a few too, judging by the returned ones
-
03-29-2004, 03:29 AM #4Cloud Surfer
- Join Date
- Jul 2003
- Posts
- 1,054
People e-mail be back and yell at me for sending them viruii. It is just spoofing our address. This virus is getting on my nerves.
-
03-29-2004, 03:45 AM #5
There seems to be a new version every day now I think we get A, B, C, D, F, J and Q now When new mail comes in, say we get 15, 1 might be a legit email the rest are viruses or spam.
-
03-29-2004, 06:10 AM #6Web Hosting Master
- Join Date
- May 2003
- Posts
- 1,069
is it just netsky causing this surge of viruses?
i'm getting a good 50 a day, bloody pain in the arse!!
-
03-29-2004, 06:20 AM #7
No, we are also getting Klez, dumuru. parite, mydoom, (and a couple I forget) on a daily basis.
Edit: Bagle is another one.Last edited by anon-e-mouse; 03-29-2004 at 08:14 AM.
-
03-29-2004, 07:59 AM #8Newbie
- Join Date
- Mar 2004
- Posts
- 8
My ISP told me that e-mails were being randomly generated onto real domains. So I get angry e-mails from people telling me that I'm e-mailing domains from e-mail boxes I don't have. Not good.
-
03-29-2004, 08:13 AM #9Web Hosting Guru
- Join Date
- Jul 2002
- Posts
- 308
I have found a good way to quickly filter these is to check in the headers for HELO YOURDOMAIN - in your case (HELO glexicon.com)
Basically that is the virus trying to be clever and make it look like it was sent from your domain, but even if it was sent from your domain it wouldn't use the format like that it would be from your computer's netbios name or from your SMTP server or similar. Why would you be sending yourself an attachment from your own domain?
So, please someone correct me if I'm wrong, but it should be pretty safe to delete incoming email that uses (HELO YOURDOMAIN) in it's headers AND have an attachment? - that will at least filter away a good portion of the latest viruses that use this method, I've tried testing the theory and it's working so far with 100% accuracy.
-
03-29-2004, 08:25 AM #10Hmmm....
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,341
My Norton AV auto removes attachments and replaces with a text file on infected files. I am not getting as many as some of you, but still getting a few.
███ ServeYourSite
███ Web hosting done right
███ Shared, Reseller and Dedicated web hosting
███ An Easy Web Presence Company
-
03-29-2004, 08:28 AM #11Hmmm....
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,341
If Norton AntiVirus detects a virus, worm, or Trojan, review the following list of the current top virus threats. If the security threat that you are looking for is not listed here, search the Symantec Security Response Virus Encyclopedia.
Recent virus alerts including W32.Netsky.B@mm, W32.Netsky.B@mm and W32.Netsky.D@mm
W32.Welchia.B.Worm
W32.Netsky.D@mm
W32.Beagle.J@mm
W32.Beagle.E@mm
W32.Blaster.Worm
Downloader.MSCache
███ ServeYourSite
███ Web hosting done right
███ Shared, Reseller and Dedicated web hosting
███ An Easy Web Presence Company
-
03-29-2004, 02:24 PM #12Web Hosting Master
- Join Date
- May 2003
- Posts
- 1,069
i can handle being hit by viruses, it's just my users i don't want getting spoofed emails looking like they're from me (i actually don't want anyone to get virus emails looking like they're from me, but what can we do about that? not much!)
-
03-30-2004, 02:50 AM #13Web Hosting Master
- Join Date
- Jul 2002
- Location
- St. Louis, MO
- Posts
- 1,653
Its bad enough that we all get the, but worse when ignorant users calls up and complain that we sent them a virus. (I work for a small ISP). We even sent out an email explaining all about the virus. Yet every day for the past two weeks I get 3-5+ smart folks, who tell me how they figured out how to open that zipped up attachement we sent them.
**sigh**Happily hosting @ Dathorn.com (Since 3/2003), Ispeeds.net (Since 2004), & Quadspeedi.net (Since 7/2005)!
Hosted @ FDC for 9 Years
-
03-30-2004, 03:01 AM #14MAOMPSMITCUT (rmbr this? lol)
- Join Date
- Aug 2003
- Posts
- 2,071
NAV automatically deletes the virii for me; but the problem is it leaves this huge dialogue box telling me that: "Yay, praise me, I did my job" (ok, so it doesn't say that litterally...) and doesn't continue with retrieving the next mail... I am thinking maybe I should just get a spam filter working on my domain -.-"
BTW, you may want to get a mod to edit out your email addy... or when the next spam harvester comes along, they can just snatch your email right off from this thread.
-
03-30-2004, 03:03 AM #15Newbie
- Join Date
- Mar 2004
- Posts
- 24
Yea, this garbage seems to be getting more common every day. My inbox is literally flooded with over 50 klez files a day.
As if I am going to be more persuaded to open 1 if I recieve another 40 identicle to the first. And yea, the senders are very convincing, since a lot of them you seem to have some relation with. Very wack.
-
03-30-2004, 09:39 AM #16Cloud Surfer
- Join Date
- Jul 2003
- Posts
- 1,054
Well, I use NeoMail most the time when I'm on the go and all these e-mails usually have a size of 35KB. I just delete those.
-
03-30-2004, 09:50 AM #17Hmmm....
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,341
They grab email addresses that are or have been entered or used on your computer, that's why you will have relation to them.
I wish these sad computer geeks would get a life, what the hell do these 13 year olds do? Haven't they heard of porn?███ ServeYourSite
███ Web hosting done right
███ Shared, Reseller and Dedicated web hosting
███ An Easy Web Presence Company
-
03-30-2004, 10:07 AM #18Web Hosting Master
- Join Date
- May 2003
- Posts
- 1,069
if you run your own server what software can you install to filter them out?
-
03-30-2004, 10:09 AM #19Hmmm....
- Join Date
- Apr 2003
- Location
- UK
- Posts
- 2,341
I am unsure, but there must be something to stop attachments with certain contents, virus checkers on your server wouldn't block the email, but would replace it with a text telling them it had been quarantined, still just as annoying.
███ ServeYourSite
███ Web hosting done right
███ Shared, Reseller and Dedicated web hosting
███ An Easy Web Presence Company
-
03-30-2004, 10:20 AM #20Originally posted by 4 Degrees
I wish these sad computer geeks would get a life, what the hell do these 13 year olds do? Haven't they heard of porn?
They (and you, if that's your life) would be better off away from the computer, out in the fresh air doing normal kid things like skateboarding, rollerblading, socialising with real humans.