TECHNET Archives

February 2004

TechNet@IPC.ORG

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Mike Fenner <[log in to unmask]>
Reply To:
Date:
Mon, 9 Feb 2004 12:16:49 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (174 lines)
I so agree,
I was receiving a min 250 notifications of intercepts, stopped virus etc
A DAY end of Jan, now down to a dull roar.
I wish people would get AV software and keep their Systems up to date to
keep these worms out. It is very anti-social to fail to do this.

Regards

Mike



-----Original Message-----
From: TechNet [mailto:[log in to unmask]] On Behalf Of Brian Ellis
Sent: Monday, February 09, 2004 12:01 PM
To: [log in to unmask]
Subject: Re: [TN] Spoofed e-mail


Ed

This is not a spoof. What happened is that X allowed himself to be
infected by a worm (probably a MyDoom variant). X's Outlook or Outlook
Express Address Book contained [log in to unmask] amongst a host of other
addresses. The worm then sent to every address in the address book a
copy of itself in a seemingly innocuous message from johnperry. One of
these was [log in to unmask] Now the firewall or gateway server at
the ix.netcom.com domain detected that this message was infected and
bounced back a message to the original apparent sender (johnperry) to
tell him he sent a virused message (although, of course, he didn't).
Now, something interesting happens if the original server bounces this
back again.

For this reason, I detest bouncing software. In fact, over the past few
daya, I've received 3 times as many bounce messages as spam and domains
which bounce spam or viruses cause more harm than good by blocking
Internet bandwidth.

Of course, this would never happen if people didn't use Outlook or
Outlook Express (why do you think Microsoft offered $250,000 for the
arrest of the authors of MyDoom? It was not philanthropic; it was
because their software propagated it and thus their reputation
suffered.) or if they had a valid anti-virus protection.

I have written at length about all these security problems in Circuit
World, Soldering & SMT and Microelectronics International on a number of
occasions, as spammers, bouncers, hackers, crackers and virus writers
improve their black technology. To give you an idea, I have five apps on
my e-mail 'puter just for security purposes against these collective
bastards and I consider them all essential: and I don't use Outlook in
any form or flavour.

Brian

Ed Popielarski wrote:
> Hi all,
>
> I got the below (in text format) which contained hostile code.
>
> Be on the lookout!
>
> ****snip******
> X-Symantec-TimeoutProtection: 0
> X-Symantec-TimeoutProtection: 1
> Status:  U
> Return-Path: <[log in to unmask]>
> Received: from ipc.org ([205.158.190.226])
>  by kite (EarthLink SMTP Server) with ESMTP id 1aPVcg2U23NZFkD0  for
> <[log in to unmask]>; Sun, 8 Feb 2004 12:06:28 -0800 (PST)
> From: [log in to unmask]
> To: [log in to unmask]
> Subject: hello
> Date: Sun, 8 Feb 2004 12:07:05 -0800
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----=_NextPart_000_0004_82398EFA.9900FEAF"
> X-Priority: 3
> X-MSMail-Priority: Normal
> Message-Id: <200402081206.1aPVcg2U23NZFkD0@kite>
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0004_82398EFA.9900FEAF
> Content-Type: text/plain;
>  charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
>
> Mail transaction failed. Partial message is available.
>
>
> ------=_NextPart_000_0004_82398EFA.9900FEAF
> Content-Type: plain/text;
>  name="Norton AntiVirus Deleted1.txt"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
>  filename="Norton AntiVirus Deleted1.txt"
>
> Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBib2R5LnppcC4NCl
> Ro
>
ZSBhdHRhY2htZW50IHdhcyBpbmZlY3RlZCB3aXRoIHRoZSBXMzIuTXlkb29tLkFAbW0gdmly
> dXMu
> ------=_NextPart_000_0004_82398EFA.9900FEAF--
>
> *****snip******
>
>
> Regards,
>
> Ed Popielarski
> QTA Machine
> 27291 Jardines
> Mission Viejo, Ca. 92692
>
> Phone:949-581-6601
> Fax: 949-581-2448
>
> WWW.QTA.NET
>
> "All that is good is not embodied in the law;
> and all that is evil is not proscribed by the law.
> A well-disciplined society needs few laws;
> but it needs strong mores."
> William F. Buckley Jr.
>
> ---------------------------------------------------
> Technet Mail List provided as a service by IPC using LISTSERV 1.8e To
> unsubscribe, send a message to [log in to unmask] with following text in

> the BODY (NOT the subject field): SIGNOFF Technet To temporarily halt
> or (re-start) delivery of Technet send e-mail to [log in to unmask]: SET

> Technet NOMAIL or (MAIL) To receive ONE mailing per day of all the
> posts: send e-mail to [log in to unmask]: SET Technet Digest Search the
> archives of previous posts at: http://listserv.ipc.org/archives Please

> visit IPC web site http://www.ipc.org/contentpage.asp?Pageid=4.3.16
for additional information, or contact Keach Sasamori at [log in to unmask]
or 847-509-9700 ext.5315
> -----------------------------------------------------
>
>

---------------------------------------------------
Technet Mail List provided as a service by IPC using LISTSERV 1.8e To
unsubscribe, send a message to [log in to unmask] with following text in
the BODY (NOT the subject field): SIGNOFF Technet To temporarily halt or
(re-start) delivery of Technet send e-mail to [log in to unmask]: SET
Technet NOMAIL or (MAIL) To receive ONE mailing per day of all the
posts: send e-mail to [log in to unmask]: SET Technet Digest Search the
archives of previous posts at: http://listserv.ipc.org/archives Please
visit IPC web site http://www.ipc.org/contentpage.asp?Pageid=4.3.16 for
additional information, or contact Keach Sasamori at [log in to unmask] or
847-509-9700 ext.5315
-----------------------------------------------------

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

This email, its content and any files transmitted with it are intended solely for the addressee(s) and may be legally privileged and/or confidential. If you are not the intended recipient please delete and contact the sender by return and delete the material from any computer. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.

Messages sent via this medium may be subject to delays, non-delivery and unauthorized alteration. This email has been prepared using information believed by the author to be reliable and accurate, but Indium Corporation makes no warranty as to accuracy or completeness. In particular, Indium Corporation does not accept responsibility for changes made to this email after it was sent. Any opinions or recommendations expressed herein are solely those of the author. They may be subject to change without notice.

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

---------------------------------------------------
Technet Mail List provided as a service by IPC using LISTSERV 1.8e
To unsubscribe, send a message to [log in to unmask] with following text in
the BODY (NOT the subject field): SIGNOFF Technet
To temporarily halt or (re-start) delivery of Technet send e-mail to [log in to unmask]: SET Technet NOMAIL or (MAIL)
To receive ONE mailing per day of all the posts: send e-mail to [log in to unmask]: SET Technet Digest
Search the archives of previous posts at: http://listserv.ipc.org/archives
Please visit IPC web site http://www.ipc.org/contentpage.asp?Pageid=4.3.16 for additional information, or contact Keach Sasamori at [log in to unmask] or 847-509-9700 ext.5315
-----------------------------------------------------

ATOM RSS1 RSS2