It appears that someone has singled out everyone listed on this
newsgroup to be the recipient of a virus /worm.

The details are as follows:

A virus was found in an email from:

>

Subject: Taste this patch from the M$ Corporation
Date: Tue, 1 Jul 2003 15:11:06 -0700
Message-ID: <00a401c3401d$ab3851d0$6502a8c0@qun>
MIME-Version: 1.0
Content-Type: application/octet-stream;
name="update862.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="update862.zip"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.110

ALERT: [Worm/Gibe.B.3 virus]
/var/spool/vscan/amavis/amavis-milter-XXuwGjVC/parts/part-00001

<<< Contains signature of the worm Worm/Gibe.B.3

If you do not have virus scanning software and are running a windows os,
you can get FREE virus scanning software
here: http://www.amavis.org/

"Tracy" > wrote in message
news:FTpMa.1179$3h3.2309@rwcrnsc53...
> "dani" > wrote in message
> thlink.net...
> > It appears that someone has singled out everyone listed on this
> > newsgroup to be the recipient of a virus /worm.
> >
> > The details are as follows:
> >
> > A virus was found in an email from:
> >
> > >
>
>
> Dani,
>
> Was this sent via email or posted? Either way, I didn't see it - but good
> catch...

I've gotten about 20 of these supposed MS Security Patches by email over the
last 2-3 months. Sometimes they show as being from MS Tech Support and
sometimes they appear to come from people by name who are warning "friends"
about new viruses.

What is confusing is some of the earlier versions of the emails, when
opened, are hacked versions of the MS Tech support site, and when used,
actually give you email access to the real MS tech support people. The
emails have .exe file attachments that contain a virus. On the earlier
versions the download option on the hacked MS tech support site page led to
the virus infected file.

I was a little naive the first time, and luckily my virus detection software
notified me of the presence of the virus. I used the MS tech support link
on the hacked page to contact MS tech support and they responded the email
was a hoax and MS does not send out email patches for their software. Any
updates or releases have to be downloaded from their site.

Bob Whiteside wrote:
> "Tracy" > wrote in message
> news:FTpMa.1179$3h3.2309@rwcrnsc53...
>
>>"dani" > wrote in message
thlink.net...
>>
>>>It appears that someone has singled out everyone listed on this
>>>newsgroup to be the recipient of a virus /worm.
>>>
>>>The details are as follows:
>>>
>>>A virus was found in an email from:
>>>
>>> >
>>
>>
>>Dani,
>>
>>Was this sent via email or posted? Either way, I didn't see it - but good
>>catch...
>
>
> I've gotten about 20 of these supposed MS Security Patches by email over the
> last 2-3 months. Sometimes they show as being from MS Tech Support and
> sometimes they appear to come from people by name who are warning "friends"
> about new viruses.
>
> What is confusing is some of the earlier versions of the emails, when
> opened, are hacked versions of the MS Tech support site, and when used,
> actually give you email access to the real MS tech support people. The
> emails have .exe file attachments that contain a virus. On the earlier
> versions the download option on the hacked MS tech support site page led to
> the virus infected file.
>
> I was a little naive the first time, and luckily my virus detection software
> notified me of the presence of the virus. I used the MS tech support link
> on the hacked page to contact MS tech support and they responded the email
> was a hoax and MS does not send out email patches for their software. Any
> updates or releases have to be downloaded from their site.
>
>
Yes. You can read up on this virus/worm here:

http://www.pcmag.com/category/0,,s=25410,00.asp

This is basically a worm that e-mails itself and makes it look like an
MS tech update. I run Linux so no viruses here, but I use Amavis
virusscan on my e-mail anyway just to keep my mail clean when I forward.

~Dani

dani > wrote:

: I was sent via e-mail. There was quite a large list of people who were
: cc and I happened to notice that all the names were of those I have seen
: in this newsgroup. Ha. Someone doesn't like us. We must be making progress.


Quite common. I'm also using a Linux shell at my ISP running a "tin"
news reader. No problem here. The ISP uses Postini virus/spam preprocessing
(a buck a month to do so) and at my M$Word Pee Cee, I have McAfee on it for
another layer of protection.

I am amazed at the "spammed" virus messages I'm receiving. Someone is
actually harvesting thousands of email addresses and sending viruses to
them. For what reason, I will never know.

b.

"dani" > wrote in message
rthlink.net...
> Tracy wrote:
> > "dani" > wrote in message
> > thlink.net...
> >
> >>It appears that someone has singled out everyone listed on this
> >>newsgroup to be the recipient of a virus /worm.
> >>
> >>The details are as follows:
> >>
> >>A virus was found in an email from:
> >>
> >> >
> >
> >
> >
> > Dani,
> >
> > Was this sent via email or posted? Either way, I didn't see it - but
good
> > catch...
> >
> >
> > Tracy
>
> I was sent via e-mail. There was quite a large list of people who were
> cc and I happened to notice that all the names were of those I have seen
> in this newsgroup. Ha. Someone doesn't like us. We must be making
progress.


Seriously - why hasn't anyone reported this spammer to their ISP, your own
ISP, or better? All you need to do is find out who their ISP is... if you
can't, send the full headers to your own ISP. They'll deal with it. Your
own ISP could possibly setup a filter to not allow the spammer to send
emails to their customers, and your ISP may make it known to other ISPs.


Tracy
~~~~~~~
http://www.hornschuch.net/tracy/
"You can't solve problems with the same
type of thinking that created them."
Albert Einstein

*** spamguard in place! to email me: tracy at hornschuch dot net ***

wrote:
> dani > wrote:
>
> : I was sent via e-mail. There was quite a large list of people who were
> : cc and I happened to notice that all the names were of those I have seen
> : in this newsgroup. Ha. Someone doesn't like us. We must be making progress.
>
>
> Quite common. I'm also using a Linux shell at my ISP running a "tin"
> news reader. No problem here. The ISP uses Postini virus/spam preprocessing
> (a buck a month to do so) and at my M$Word Pee Cee, I have McAfee on it for
> another layer of protection.
>
> I am amazed at the "spammed" virus messages I'm receiving. Someone is
> actually harvesting thousands of email addresses and sending viruses to
> them. For what reason, I will never know.
>
> b.

Barry,

Actually the worm is kind of trick. It harvest the names as part of
it's scripting process and than e-mails itself.

Tracy wrote:
> "dani" > wrote in message
> rthlink.net...
>
>>Tracy wrote:
>>
>>>"dani" > wrote in message
thlink.net...
>>>
>>>
>>>>It appears that someone has singled out everyone listed on this
>>>>newsgroup to be the recipient of a virus /worm.
>>>>
>>>>The details are as follows:
>>>>
>>>>A virus was found in an email from:
>>>>
>>>> >
>>>
>>>
>>>
>>>Dani,
>>>
>>>Was this sent via email or posted? Either way, I didn't see it - but
>
> good
>
>>>catch...
>>>
>>>
>>>Tracy
>>
>>I was sent via e-mail. There was quite a large list of people who were
>>cc and I happened to notice that all the names were of those I have seen
>>in this newsgroup. Ha. Someone doesn't like us. We must be making
>
> progress.
>
>
> Seriously - why hasn't anyone reported this spammer to their ISP, your own
> ISP, or better? All you need to do is find out who their ISP is... if you
> can't, send the full headers to your own ISP. They'll deal with it. Your
> own ISP could possibly setup a filter to not allow the spammer to send
> emails to their customers, and your ISP may make it known to other ISPs.
>
>
> Tracy
> ~~~~~~~
> http://www.hornschuch.net/tracy/
> "You can't solve problems with the same
> type of thinking that created them."
> Albert Einstein
>
> *** spamguard in place! to email me: tracy at hornschuch dot net ***
>
Tracy -

I thought about that. But, it may not even be a spammer as this is a
worm. It may have harvested the e-mails all by itself from this persons
newsreader. Although I don't recognize the e-mail address myself.

Remember, last year when CANOW released their report blasting Father's
Right's Groups? I posted quite a few rebuttals here and to other groups
as well. In response I got hit by a massive denial of service attack.
There was no way to get online for several hours and I finally had to
call my isp and have them shut down that node of the system to block
whoever was doing it. I assume my isp also took other action as well. I
didn't follow up though. But, it just shows the viotility (?) of this issue.

~ Dani