[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Virus -) Worm - emails

To: omega-list@xxxxxxxxxx
Subject: Re: (Virus -) Worm - emails
From: Frank Fleisher <r5_6fpen8@xxxxxxxxxxxxx>
Date: Wed, 8 Oct 2003 07:39:37 -0700

PureBytes Links

Trading Reference Links

Hello Gooly,

The last two months have been the worst ever, and all you can do is
have defensive plans in place.  Tracing IP addresses are only good
insofar as notifying Abuse@xxxx of the ISP that owns the block, in
order to assist them in notifying customers running compromised
machines.

The problem now is that your email address has been compromised.  Of
course, if you are using aliases, then the issue is minor.


Wednesday, October 8, 2003, 2:25:00 AM, you wrote:

G> Hi List,

G> as of 2/3 weeks ago I constatly get emails with a worm (or a virus). Those 
G> emails pretend to be from Microsoft containing a security patch. (No danger 
G> for me or for others by me, they were all 'eaten up').

G> All of them came with a wrong email address (of course) and from only one 
G> provider: charter.net. They all went through its mail-cluster of charter.net 
G> with the IP-groupe 209.225.8.XXX. Concrete addresses of the mail-cluster were 
G> 209.225.8.30, 209.225.8.36, 209.225.8.29.

G> Is anybody on this list, who access the internet through charter.net? He/She 
G> may has subscribed under a different email address. Has anybody else got 
G> those emails?

G> From the time stamp that are printed in those emails the infected pc should 
G> stand in Eastern USA because they all ahve Eastern Standard Time (11:45:57 
G> -0400). The last two worms that I received were created and/or sent at Tue, 
G> 07 Oct 2003 11:41:35 EST and Tue, 07 Oct 2003 11:45:57.
G> The id-s of the emails are:
G>         SMTP id 17753045; Tue, 07 Oct 2003 11:45:57 -0400
G> &       SMTP id 17704618; Tue, 07 Oct 2003 11:41:35 -0400

G> Now I saw that I got a simular email from:
G> Received: from ilse (nat3.srtnet.com [216.221.96.233])
G>         by BASS2.srtnet.com (8.12.5/8.12.5) with SMTP id h97Gxq7P025179;
G>         Tue, 7 Oct 2003 11:59:53 -0500 (CDT)
G> Date: Tue, 7 Oct 2003 11:59:52 -0500 (CDT)
G> Message-Id: <200310071659.h97Gxq7P025179@xxxxxxxxxxxxxxxx>

G> Acc. to nic.com 216.221.96.233 can be a Telephone Backbone-Router. So maybe 
G> s.o. is sending his worm by telephone spending extra money??

G> (may be you can scan your pc for the Message-Id??)


G> Thanks in advance,
G> carl



-- 
Best regards,
 Frank                            mailto:r5_6fpen8@xxxxxxxxxxxxx

References:
- (Virus -) Worm - emails
  - From: Gooly

Prev by Date: Re[2]: TS Slowdowns
Next by Date: Re: TS Slowdowns
Previous by thread: Re: (Virus -) Worm - emails
Next by thread: Blank Strategy Performance Report??
Index(es):
- Date
- Thread