Previous by Date | Next by Date | Date Index
Previous by Thread | Next by Thread
| Thread Index
| LM_NET
Archive
| |
Most likely, your address has been grabbed from someone else's address book (or list of unopened mail) and used as the spoofed address from an infected machine. However, if one is not sure their machine is clean, there are free virus removal tools at the major AV sites. After cleaning, or hopefully learning you are not infected, download the newest updates to whatever AV software running on your machine. If at school, check with the tech guys to make sure machines are protected . Recently there has been an email worm that has been more disruptive than most. The first two links below leads to Symantec and Mcafee tools for it. The third is a MS patch for the vulnerability. Below those are two Wired.com articles discussing the effects of that worm. It would be a very good idea to check either the Symantec or Mcafee sites to see if your machine may be vulnerable and apply necessary updates. While the worm exploits a Microsoft vulnerability, any email system can receive the bogus messages. This worm 'spoofs' the 'from:' address. Meaning that that 'from address' is not where the mail came from. In the Wired article they mention how it has even been set to look as though it is coming from an anti-virus company. Often it takes an address from the sender's machine. It probably isn't a good idea to respond to any unusual mail until you are sure your machine is clean and safe. Resources: "W32.Klez.gen@mm is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages." http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm. html "This virus remains at a Medium Risk overall, however AVERT is still seeing many infections reported from Home Users and is informing Home Users that they are STILL at a HIGHER likelyhood of infection than corporate users." http://vil.mcafee.com/dispVirus.asp?virus_k=99455 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS01-020.asp From Wired.com is a pretty good synopsis of the effects of the most recent virus Klez: Don't Believe 'From' Line http://www.wired.com/news/technology/0,1282,52174,00.html http://www.wired.com/news/technology/0,1282,52055,00.html "Klez spoofs "From" information in the e-mails the virus sends." "Once active on a computer, Klez searches for files containing e-mail addresses. It randomly selects one as the "sender," and then transmits e-mails with attachments containing the virus to the rest of the collected addresses." Robert Eiffert,Media Specialist Pacific Middle School Evergreen SD, Vancouver Washington beiffert@attbi.com -----Original Message----- From: School Library Media & Network Communications [mailto:LM_NET@LISTSERV.SYR.EDU] On Behalf Of Darlene A Yasick Sent: Thursday, June 27, 2002 7:00 AM To: LM_NET@LISTSERV.SYR.EDU Subject: Strange messages from Listserve I have received two messages today that don't make any sense. The first was from the list serve rejecting a posting that I supposedly made because it had attachments. To my knowledge I have never sent anything to the list with attachements. The text that was listed as left when the "attachment " was removed showed " a very powerful tool" and was written in rather awkward English. The second was from the postmaster at juno and was entitled returned mail for "announcement from library media vendors" This had no message and supposedly had an attachement which wasn't there. When I went to full header informations both of these messages had the following address attached csturgeon@ohio.net. Not sure if this is a member of not. Does one of both of us have a virus? Darlene Yasick Media Specialist Hopkins High School lib027yas1@juno.com Only the mediocre man is always at his best-- Somerset Maugham =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-= All postings to LM_NET are protected under copyright law. To quit LM_NET (or set-reset NOMAIL or DIGEST, etc.) send email to: listserv@listserv.syr.edu In the message write EITHER: 1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL or 3) SET LM_NET DIGEST 4) SET LM_NET MAIL * Please allow for confirmation from Listserv. For LM_NET Help see: http://ericir.syr.edu/lm_net/ Archives: http://askeric.org/Virtual/Listserv_Archives/LM_NET.shtml See also EL-Announce for announcements from library media vendors: http://www.mindspring.com/~el-announce/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-= All postings to LM_NET are protected under copyright law. To quit LM_NET (or set-reset NOMAIL or DIGEST, etc.) send email to: listserv@listserv.syr.edu In the message write EITHER: 1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL or 3) SET LM_NET DIGEST 4) SET LM_NET MAIL * Please allow for confirmation from Listserv. For LM_NET Help see: http://ericir.syr.edu/lm_net/ Archives: http://askeric.org/Virtual/Listserv_Archives/LM_NET.shtml See also EL-Announce for announcements from library media vendors: http://www.mindspring.com/~el-announce/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=