[LINK] Fwd: Virus Alert - ScanMail for Lotus Notes --> what
lannet at lannet.com.au
Mon Mar 8 16:51:31 EST 2004
On Mon, 2004-03-08 at 15:37, Linda Rouse wrote:
> The included email below is a notification of detection of
> WORM_NETSKY.C in an email from me - except I didn't send it and I am
> on a Mac.
> Forgive my ignorance but at what point has my email address been
> hijacked?. I am on Big pond cable... I know telstra is routinely
> bagged for letting spam through their mail servers.. I am using
> smtp-au.server-access.com. We have no Windows machines connected to
> the Net - the servers are either Macs or Linux.
Someone, who has you in their address book, has been virused.
Most email viruses for the past 2 years have selected both the "From:"
and the "To:" headers from the victims address book. Hence you have
little if any idea who the victim might be.
The "From:" and the "To:" headers are really totally meaningless when it
comes to trying to identify an email source because they are so easily
forged. You have to go back to the "Received From:" headers (not
normally displayed unless you view the email in its raw form) to get any
chance of doing a trace, and given that many user connections are on
dynamic addresses that usually doesn't lead anywhere anyway.
> And today i received another supposedly sent from a maibox i monitor:
> From: "MailScanner" <postmaster at mailgate.mci.tel-pacific.com>
> To: info at databasics.com.au
> Subject: Warning: E-mail viruses detected
> Our virus detector has just been triggered by a message you sent:-
> To: fast at telpacific.com.au
> Subject: Re: My details
> Date: Sun Mar 7 10:37:08 2004
> Any infected parts of the message (my_details.pif)
> have not been delivered.
> This message is simply to warn you that your computer system may have a
> virus present and should be checked.
> The virus detector said this about the message:
> Report: my_details.pif Infection: W32/Netsky.D at mm
> Shortcuts to MS-Dos programs are very dangerous in email (my_details.pif)
> I have latest Viruss check on my machine - I can run it over our Mac
> connected to thecabel - anything else?
> This is the first time Ive ever received such notifications (obviously !)
> thanks and regards
> >To: linda at databasics.com.au
> >Date: Wed, 3 Mar 2004 12:33:10 +1100
> >X-Priority: 3 (Normal)
> >From: helpdesk at doi.vic.gov.au
> >Subject: Virus Alert - ScanMail for Lotus Notes --> what still?
> >DOI's virus scanning processes detected a virus whilst scanning this
> >e-mail. The virus was cleaned from the e-mail and the clean contents have
> >been delivered.
> >Date: 03/03/2004 12:33:10 PM
> >Subject: what still?
> >Virus: WORM_NETSKY.C
> >File: news_masturbation.zip
> >From: linda at databasics.com.au
> >To: ohnston at dvc.vic.gov.au
> >Action: Uncleanable, Deleted;
> >Scanned by ScanMail for Lotus Notes 2.6
> >with scanengine 6.510-1002
> >and patternfile lpt$vpn.795
LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com>
Flatter government, not fatter government - Get rid of the Australian states.
To mess up a Linux box, you need to work at it;
to mess up your Windows box, you just need to work on it.
- Scott Granneman, SecurityFocus
More information about the Link