Bugger ... Re: [LINK] Hi

Jim Birch jbirch at multinode.com.au
Mon Jan 19 19:45:30 EST 2004 

Stephen

Not sure how much of this stuff you know (don't be offended) but anyway...

1.  I wouldn't be totally sure it didn't come from your machine.  The 
first mail server to handle the message was bat.melbpc.org.au    Who is 
allowed to relay to the net via that server?   First guess is this is 
you or someone else who talks to Link at your domain (melbpc.org.au) as 
the infected machine knows Link's email address.

2.  I scanned the attachment that arrived from link with my daily 
updated macafee.  It didn't detect a virus.  Maybe it's too recent to be 
in the signature database, or it's a new variant, or maybe it does some 
successful detection avoidance tricks.   Go to one of one of the 
antivirus vendors sites for info, and also look for a removal tool and 
or instructions.

3.  Many recent viruses don't use the local mail system to propagate.  
They infect the tcpip stack and send email from there.  They may scan 
the local address book, the hard disk, and/or passing tcpip traffic for 
addresses.   This virus, W32/Beagle-A, is a worm that sends itself to 
addresses harvested from files on the hard disk.

Best to assume the worst and try to remove it from your machine.

If you you connect directly to the internet - not via a firewall - you 
need to get get a personal firewall.  Current internet viruses can 
infect Windows boxes that are merely connected to the net using the 
wonderful accidental features of Windows.  There's several free personal 
firewalls available, I use zone alarm at home (as recommended by some 
linkers).  Go www.zonelabs.com and get the basic, free version.

HTH

JimB
 
Stephen Loosley wrote:

>Regretably, an email attachment appears to have been sent to Link
>and seems to have come from my computer. It did not. I use Eudora
>and up-to-the-minute Nortons exclusively .. and it is a clean machine.
>
>Here is the email header info. Can link advise regards this situation?
>
>--
>X-Persona: <MelbPC> 
>Received: from bat.melbpc.org.au (bat.melbpc.org.au [203.12.152.53]) 
>by newemu.melbpc.org.au (8.11.6+Sun/8.11.6) with ESMTP id i0J0Jbn07664; 
>Mon, 19 Jan 2004 11:19:37 +1100 (EST) 
>Received: from 127.0.0.1 (localhost.melbpc.org.au [127.0.0.1]) 
>by av.domain.name (Postfix) with SMTP 
>id EC4F42B4D8; Mon, 19 Jan 2004 11:19:41 +1100 (EST) 
>Received: by bat.melbpc.org.au (Postfix, from userid 1004) 
>id B1D422B4F1; Mon, 19 Jan 2004 11:19:41 +1100 (EST) 
>Received: from anumail1.anu.edu.au (anumail1.anu.edu.au [150.203.2.41]) 
>by bat.melbpc.org.au (Postfix) with ESMTP 
>id B6BB82B4D8; Mon, 19 Jan 2004 11:19:36 +1100 (EST) 
>Received: from anumail1 (localhost [127.0.0.1]) 
>by anumail1.anu.edu.au (8.12.3/8.12.3) with ESMTP id i0INEbiw027641; 
>Mon, 19 Jan 2004 10:14:49 +1100 (EST) 
>Received: from anu.edu.au (anumail5.anu.edu.au [150.203.2.45]) 
>by anumail1.anu.edu.au (8.12.3/8.12.3) with ESMTP id i0INEZiu027637 
>for <link at anumail1.anu.edu.au>; Mon, 19 Jan 2004 10:14:35 +1100 (EST) 
>Received: from web.anu.edu.au (web.anu.edu.au [150.203.2.100]) 
>by anu.edu.au (8.12.10/8.12.10) with ESMTP id i0J0EuB2001549 
>for <link at anumail1.anu.edu.au>; Mon, 19 Jan 2004 11:14:56 +1100 (EST) 
>Received: from anu.edu.au (anumail3.anu.edu.au [150.203.2.43]) 
>by web.anu.edu.au (8.11.7p1+Sun/8.11.7) with ESMTP id i0J0Et522681 
>for <link at web.anu.edu.au>; Mon, 19 Jan 2004 11:14:55 +1100 (EST) 
>Received: from IBM-HP786NMYGBG ([202.81.18.30]) 
>by anu.edu.au (8.12.10/8.12.10) with SMTP id i0J0EsXo013914 
>for <link at www.anu.edu.au>; Mon, 19 Jan 2004 11:14:54 +1100 (EST) 
>Date: Mon, 19 Jan 2004 11:06:11 +1000 
>To: link at www.anu.edu.au 
>From: stephen at melbpc.org.au 
>Message-ID: <vjrlbpitpxpjwgjwhga at melbpc.org.au> 
>MIME-Version: 1.0 
>Content-Type: multipart/mixed; 
>boundary="--------103337366451415" 
>X-Sender: stephen at melbpc.org.au 
>X-Sender-Domain: melbpc.org.au 
>X-Spam-Score: (1.1) 
>X-Spam-Tests: MICROSOFT_EXECUTABLE,NO_REAL_NAME 
>X-Scanned-By: MIMEDefang 2.36 
>Subject: [LINK] Hi 
>X-BeenThere: link at mailman.anu.edu.au 
>X-Mailman-Version: 2.1.1 
>Precedence: list 
>List-Id: Link list on Australian network policy and communications 
><link.mailman.anu.edu.au> 
>List-Unsubscribe: <http://mailman.anu.edu.au/mailman/listinfo/link>, 
><mailto:link-request at mailman.anu.edu.au?subject=unsubscribe> 
>List-Archive: <http://mailman.anu.edu.au/pipermail/link> 
>List-Post: <mailto:link at mailman.anu.edu.au> 
>List-Help: <mailto:link-request at mailman.anu.edu.au?subject=help> 
>List-Subscribe: <http://mailman.anu.edu.au/mailman/listinfo/link>, 
><mailto:link-request at mailman.anu.edu.au?subject=subscribe> 
>Sender: link-bounces at anu.edu.au 
>Errors-To: link-bounces at anu.edu.au 
>X-Spam-Level: 
>X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
>bat.melbpc.org.au 
>X-Spam-Status: No, hits=-2.8 required=8.0
>tests=BAYES_00,MICROSOFT_EXECUTABLE, 
>NO_REAL_NAME autolearn=no version=2.60 
>
>X-UIDL: g09!!"J/!!@]'!!4?l!! 
>
>Test =) 
>qhchpijetwmixp 
>  
>

-- 
Jim Birch

jbirch at multinode.com.au
t: 04 1243 1243
--
 Nothing is as simple as we hope it will be.
 Jim Horning

More information about the Link mailing list