Thread

virus alert (cross-posted to all groups) (Bots)

virus alert (cross-posted to all groups) // Bots

1  |  

bowen

Feb 20, 2004, 1:09am
Just giving everyone a headsup on a virus being spread around again via
billing at activeworlds.com or similar. As always, don't run attachments
from people you don't know. As far as I could coerce, it was
W32.Netsky.B at mm in the file information.com.

Nice try though Matt.

--Bowen--

ciena

Feb 20, 2004, 5:11am
thanx for the heads up. I thought matt was gone
[View Quote]

wizard myrddin

Feb 20, 2004, 5:17am
W32.netsky.b at mm is a mass mailing worm and as discovered by the following
url:

http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b at mm.html


Share and enjoy


[View Quote]

johnf

Feb 20, 2004, 2:45pm
Share the worm or the info about it? LOL

~John

[View Quote]

wizard myrddin

Feb 20, 2004, 3:05pm
lol or even the worm in Cabo Wabo Tequila, I share a drink with the best of
them

Share and consume


[View Quote]

johnf

Feb 20, 2004, 3:21pm
Lol!

~John

[View Quote]

builderz

Feb 20, 2004, 3:23pm
Are you sure it is really coming from AWI and not someone else's
computer? The other recent e-mail worms spoofed the "from" address of
the e-mails they sent out.

For example, let's say that I did not have the worm and all of my
anti-virus signatures were up to date. However, one of my friends had
*my* address in *their* address book and *they* get infected with the worm.

Now, that worm looks through my friend's address book and sees that *my*
address is there. So the worm decides to use it and sends out mail using
*my* (not their) address as the sender. Even though my system is totally
nice and secure, uneducated people will think *I'm* the one sending the
worm, when in reality it is from another computer that is just forging
the sender's address.

Look at the e-mail you supposedly got from AW and post the headers here.
We can then tell if it really did some from them or not.

Builderz
http://www.3dhost.net

[View Quote]

binarybud

Feb 20, 2004, 3:46pm
hey there Builderz..... I think that Bowen was actually referring to a "spoofed" header with this last comment:
" Nice try though Matt."

Leo :)

ps; #1 rule NEVER open attachments unless it's someone you are EXPECTING an attachment from. AND you trust them to take care of their PC on their own....AND your prepared to lose everything on your hard drive and reformat it tomorrow....LOL





[View Quote]

builderz

Feb 20, 2004, 5:44pm
Just wanted to make sure we are all on the "same page." :)

Builderz
http://www.3dhost.net

[View Quote]

bowen

Feb 20, 2004, 6:20pm
[View Quote] Yes, Spoofed header carrying the "from" address billing at activeworlds.com.

bowen

Feb 20, 2004, 6:26pm
[View Quote]
He's still trying, Now he's trying to spoof a "delivery failed" so I'll
read the attachment through that. Still has the W32.Netsky.B at mm worm on it.

--Bowen--

andras

Feb 21, 2004, 5:58am
[View Quote] First - if you feel the urge to crosspost to all the groups, set the follow-up to community (where this topic belongs to)
Second - before you start to spread FUD, study the case :)
This (and several other) worm picks its "From" address from the infected computer's address book and sends its payload to all the addresses it found within the address book.
According to Symantec's discovery the worm uses not only the address book but:

"8. Retrieves email addresses from files on the computer that have the following extensions:

* .msg
* .oft
* .sht
* .dbx
* .tbb
* .adb
* .doc
* .wab
* .asp
* .uin
* .rtf
* .vbs
* .html
* .htm
* .pl
* .php
* .txt
* .eml

"
In other words: someone in AW has an infected machine (should be an AW user - why else would he/she have the billing address of AWI?) and your email address is on that machine too - this is how the mail ended up on your machine with the sender mentioned above.
I'm not an advocate of MATT but it is not his job :)

FU set to community.
--
Andras
"It's MY computer" (tm Steve Gibson)

1  |  
Awportals.com is a privately held community resource website dedicated to Active Worlds.
Copyright (c) Mark Randall 2006 - 2022. All Rights Reserved.
Awportals.com   ·   ProLibraries Live   ·   Twitter   ·   LinkedIn