1  |   Order by index

Apr 8, 2004, 8:13pm

I'm getting bombarded with the Netsky and with the Beagle worm from this person's computer (so does Ananas and Bowen).
Please disinfect the machine!


--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 9, 2004, 1:21am

PittsburgH

It's the only burg to end with an h, Pittsburgh.

Pennsylvania love :)

--
Brock,
IceFlare Network
Founder/Administrator
http://www.iceflare.net

[View Quote]

Apr 9, 2004, 2:11am

[View Quote] Yeah it's coming to both of my e-mails it seems. The other one I don't
have listed anywhere is fine. Hurray for the pop server filter out 99%
of them though. (I've only gotten like 5 on my other one and 0 on yours
Andras).

Apr 9, 2004, 2:16am

[View Quote] > I'm getting bombarded with the Netsky and with the Beagle worm from this
> person's computer (so does Ananas and Bowen).
> Please disinfect the machine!

Whose machine is it, btw? (if you would mind informing me... I thought
you said you'd told them before? Just wondering)

Apr 9, 2004, 3:27am

[View Quote] [View Quote] I wish I know whos machine is! Then I could notify the person in email and I shouldn't have to put up this public note :(
The other one I managed to identify and he cleaned his machine.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 9, 2004, 4:47am

[View Quote] It has to be someone who knows all 3 of us. Judging from that
information, I'd assume it's someone who's delt with the SDK (or just
programming) a little? Or it's just some monkey who doesn't give two
craps and is doing it on purpose. Maybe M A T T or that Christopher
Stevens guy (if he even exists).

I'd assume the later. Sucks. :-\

Apr 9, 2004, 2:12pm

I already sent an email to abuse at verizon.net, maybe
they can identify the user from the time and IP in
their logs.

So far I only received an automatic teply mail though.


[View Quote]

Apr 9, 2004, 5:29pm

Has also been getting the W32.Netsky.c virus in my E-Mails and my ISP
has now installed some Anti virus and I no longer get the attacks, it is
filtered and sent to me as This e-mail was blocked, and had the
following file in it (somefile.scr) or something containing the
W32.Netsky.c at mm virus and has been deleted, you may receive the e-mail
but the file is no longer available. So maybe your ISP can do the same.
[View Quote]

Apr 9, 2004, 5:57pm

Hi,

the problem with those server side virus blockers is that they
are often very badly configured.

They send an information about the virus "back" to the address
that the virus faked as the sender - but the sender is just a
random entry from the address book of the infected PC too and
probably receives the same virus mails.

So those stupid ISP idiots just increase the traffic for those
people who already get enough traffic from the infected PCs.


Not using any antivirus program is the best protection. The AV
programs make people careless. If they do not feel too secure
they will probably not click on everything clickable anymore.
An AV program is never up to date anyway, there's always one
virus newer than the latest AV program.

AV companies even need to be a bit behind so the virus gets a
chance to spread. It would be very bad for their business if
viruses would get caught too soon.


I guess we can count Mauz as one receiver from the list too
btw., I got several mails with her email address as sender
already - faked of course, she doesn't live in Phittsbhourgh.

Volker


[View Quote]

Apr 9, 2004, 6:00pm

The "helo=" tag is faked too btw., I already got some with
"helo=oct31.de", "helo=ananas" and "helo=tnlc.com" so the
"helo=Dude" might not be the real network name either.


[View Quote]

Apr 10, 2004, 1:27am

Netsend him...

--

Signed,
TheMask

:: Owner of Delusional-Minds Hosting ::
Free world hosting.. Just a T-Gram will do it.

http://www.delusional-minds.com

[View Quote]

Apr 10, 2004, 2:51am

ROFLMBO at Phittsbhourgh!!!!!! hahahahhaha ;-"D





[View Quote]

Apr 10, 2004, 9:09am

[View Quote] > The "helo=" tag is faked too btw., I already got some with
> "helo=oct31.de", "helo=ananas" and "helo=tnlc.com" so the
> "helo=Dude" might not be the real network name either.
>
>
>

It can be faked, you are right, except the early versions did not fake it and the first couple of hundred came from the "Dude" machne. (.org, .net, .com)
tnlc.com means the person was subscribed to some of the newsgroups - most likely to my ones because I got emails to the "storage.co.hu" domain which appeared only in my ngs.

--
Andras
"It's MY computer" (tm Steve Gibson)

Apr 10, 2004, 5:15pm

lol

[View Quote] > Netsend him...
>
> --
>
> Signed,
> TheMask
>
> :: Owner of Delusional-Minds Hosting ::
> Free world hosting.. Just a T-Gram will do it.
>
> http://www.delusional-minds.com
>
[View Quote]

Apr 10, 2004, 8:50pm

Doesn't go through - but I guess it's even my own
firewall that blocks it, sometimes I will check the
settings


[View Quote]

Apr 11, 2004, 8:11pm

Maybe ping floods would help crash this idiots connection ...

Might only be OK for a few minutes after receiving the virus
mail though as it's dialup.


[View Quote]

Apr 11, 2004, 10:40pm

[View Quote] > Maybe ping floods would help crash this idiots connection ...
>
> Might only be OK for a few minutes after receiving the virus
> mail though as it's dialup.

Why stop there, why not write a virus to take him off the net. At least
you know he'll run it.

1  |   Order by index