Results 1 to 13 of 13
Thread: Virus from WebhostingTalk
-
07-12-2002, 10:41 PM #1Web Hosting Master
- Join Date
- Apr 2001
- Location
- United Kingdom
- Posts
- 1,651
Virus from WebhostingTalk
Ok, there an email going around i got it from "moderators [moderators@webhostingtalk.com]" it has an virus in it, I am sure it will not be from WHT team, but some lamers, who seems to think everyone is stupid enought to open them. ..
Just a warning for you guys/gals .. I am outa here, Im sleepy, so i will check the headers in the morning.
Have a nice evening.
Shazad...
EDIT :
Email Subject : Cellpadding
Virus Name : W32.Klez.H@mm
Filename : Unknown04c0.data
Characteristics : Memory Resident, Size Stealth, Full Stealth, Triggered Event, Encryption and PolymorphicLast edited by cabalstudios; 07-12-2002 at 10:48 PM.
█ Coreix™ | your solution™ www.coreix.net - 08000226734 - ISO27001 Certified
█ Dedicated Servers - Colocation - Secure Cages - Enterprise & Managed Solutions - Clustering - LoadBalancing - High Availability - Hosted Exchange 2007
█ NEW Tier III London DC with power sourced from 100% renewable sources, N+N UPS, N+1 Chillers and CRAC units, Mist Fire Suppression, Biometric and Man Trap security to all data areas
-
07-12-2002, 10:55 PM #2Web Hosting Master
- Join Date
- Jun 2000
- Location
- Southern California
- Posts
- 12,136
I've posted the characteristics of Klez a few times now (search), but to sum up: virus sends mail out from random address book entry. You can check the headers to see if it actually came from a WHT staff member which would be more useful...
-
07-12-2002, 10:59 PM #3Web Hosting Master
- Join Date
- Apr 2001
- Location
- United Kingdom
- Posts
- 1,651
Chicken,
I was not refering to the fact that it came from you, i was warning other users who may attempt to open it of such...
Ill check headers laters, Im off to bed.
G'Night and have a nice evening.
Shazad...█ Coreix™ | your solution™ www.coreix.net - 08000226734 - ISO27001 Certified
█ Dedicated Servers - Colocation - Secure Cages - Enterprise & Managed Solutions - Clustering - LoadBalancing - High Availability - Hosted Exchange 2007
█ NEW Tier III London DC with power sourced from 100% renewable sources, N+N UPS, N+1 Chillers and CRAC units, Mist Fire Suppression, Biometric and Man Trap security to all data areas
-
07-12-2002, 11:03 PM #4Web Hosting Master
- Join Date
- Mar 2001
- Location
- Downunder..
- Posts
- 2,612
hehe Chicken is angry
-
07-13-2002, 02:22 AM #5Junior Guru
- Join Date
- May 2002
- Location
- Mars!
- Posts
- 186
hehe, Chicken, Now why would WHT Want to send a virus out to people?
Quality Hosting Template For Sale! -
http://www.webhostingtalk.com/showthread.php?s=&threadid=59932
-
07-13-2002, 04:49 PM #6Web Hosting Master
- Join Date
- May 2002
- Location
- Michigan
- Posts
- 1,799
Oh for crying out loud!
Who ever doesn't know by now that:
1) some virri (klez) send themselves to addresses randomly found in the cache files, (could be an address on a webpage the infected person visited) with random text as the subject, and random address found in the cache files in the from feild, (This will not be the actual "recieved by"), and
2) who hasn't updated their AVs regularly, and
3) DLs files in emails,
deserves to get this virrus!
I mean really this peticular virri has been around since January! Hack, it started out as just Klez and last time I checked it was up to "KlezH" It might even have more versions out by now.
So seeing as how WHT has many visitors, it stands to reason that some of these addys are cached, and some people will be getting infected emails, from infected users.
One thing I started doing was encoding the email addys I use on webpages so that I get less of these random virri sent to me.
I also do it for any website I create to help protect the people I make the website for.Last edited by ATST; 07-13-2002 at 04:59 PM.
DANG DANG! DANG!!™
I know ***** ripped off everybody else, but they wouldn't do it to me.
"When you use bottom feed for bait, you are only going to catch bottom feeders."
"You do what you are, and you are what you do."
-
07-13-2002, 05:22 PM #7Web Hosting Evangelist
- Join Date
- Dec 2001
- Location
- Ponchatoula, LA
- Posts
- 497
Just as an FYI, the plural of virus is viruses, not viri, virii, or virri.
Just in case anyone really wants to knowEnigma Hosting
"I wasn't speeding, I was qualifying!"
-
07-13-2002, 05:28 PM #8Web Hosting Master
- Join Date
- May 2002
- Location
- Michigan
- Posts
- 1,799
Maybe it's another case of regional spelling?
Or maybe I just spell it randomly different everytime.
(the ATST virus)
-
07-13-2002, 06:48 PM #9Web Hosting Master
- Join Date
- Jun 2000
- Location
- Southern California
- Posts
- 12,136
Originally posted by cabalstudios
Chicken,
I was not refering to the fact that it came from you, i was warning other users who may attempt to open it of such...
It could be from someone on staff, however the point isn't to be careful of mail addressed from modes@wht, the point is to check those attachments, as the 'from' field is just random. No one is actually putting the address there (no lamers), it is done by the annoying virus.
I just wanted to clear up confusion, as the title of the thread is, "Virus from WebhostingTalk" which isn't accurate.
-
07-13-2002, 07:59 PM #10Web Hosting Evangelist
- Join Date
- Dec 2001
- Location
- Ponchatoula, LA
- Posts
- 497
Originally posted by ATST
Maybe it's another case of regional spelling?
Or maybe I just spell it randomly different everytime.
(the ATST virus)Enigma Hosting
"I wasn't speeding, I was qualifying!"
-
07-13-2002, 08:00 PM #11Web Hosting Master
- Join Date
- Apr 2001
- Location
- United Kingdom
- Posts
- 1,651
lol
█ Coreix™ | your solution™ www.coreix.net - 08000226734 - ISO27001 Certified
█ Dedicated Servers - Colocation - Secure Cages - Enterprise & Managed Solutions - Clustering - LoadBalancing - High Availability - Hosted Exchange 2007
█ NEW Tier III London DC with power sourced from 100% renewable sources, N+N UPS, N+1 Chillers and CRAC units, Mist Fire Suppression, Biometric and Man Trap security to all data areas
-
07-14-2002, 12:37 AM #12New Member
- Join Date
- Jul 2002
- Posts
- 1
Something I have seen happen at one of my websites I am project engineer on, and have my email listed as contact, until a few days ago.
My email address was getting a virus a day sent to it. First it would be the Klez, then it would be the Yaha. I have Zone Alarm Pro which effectively uses Mailsafe to change the extension as it comes in, then Norton grabs it and quarantines it for deletion. Upon close inspection of these emails, I notice that they did in fact NOT come from those email addys, because they did not exist when I emailed them back. So under closer inspection, I noticed when I clicked on options in Outlook, of the email, it said it really came from an AOL domain. All of them. So they were probably intentional emails, I suspect, since they were coming from spoofed addys.
Suddenly, I got a message delivery error, that had a virus in the attachment. Someone had used my email addy, to email a virus to a fake email account, which caused it to bounce back to me. If I did not have the security in place, I may have opened the attachment to see what I might have sent someone that came back. So yes, there are a lot of people spoofing addys out there trying to infect people. My webhost said there was nothing that can be done, except for deleting the email addy. Great option, huh? They also had me change all my passwords just in case someone had hacked my account, which wasn't likely, because then, they could infect the file or screw up the webpages on my domains.
So watchout if you see a message delivery error to an email you don't recognize. And make sure your AV is up to date.
BTW, I just got spam porn sent to me today from another one of my addys on a whole different domain. Spoofed as well. Why would I spam myself porn, or why would they let me see that they spoofed my email to spam porn?
-
07-14-2002, 08:59 PM #13Web Hosting Master
- Join Date
- Mar 2002
- Posts
- 704
I get that Cellpadding crap atleast 5 times a day