LM_NET 06/27/02: Re: Strange messages from Listserve

Previous by Date	Next by Date	Date Index
Previous by Thread	Next by Thread	Thread Index
LM_NET Archive

To: LM_NET@LISTSERV.SYR.EDU
Subject: Re: Strange messages from Listserve
From: Robert Eiffert <beiffert@ATTBI.COM>
Date: Thu, 27 Jun 2002 07:53:02 -0700
In-Reply-To: <20020627140356.YJKZ7443.rwcrgwc52.attbi.com@mailer.syr.edu>
Reply-To: Robert Eiffert <beiffert@ATTBI.COM>
Sender: School Library Media & Network Communications <LM_NET@LISTSERV.SYR.EDU>

Most likely, your address has been grabbed from someone else's address
book (or list of unopened mail) and used as the spoofed address from an
infected machine.

However, if one is not sure their machine is clean, there are free virus
removal tools at the major AV sites. After cleaning, or hopefully
learning you are not infected, download the newest updates to whatever
AV software running on your machine. If at school, check with the tech
guys to make sure machines are protected .

Recently there has been an email worm that has been more disruptive than
most. The first two links below leads to Symantec and Mcafee tools for
it. The third is a MS patch for the vulnerability. Below those are two
Wired.com articles discussing the effects of that worm. It would be a
very good idea
to check either the Symantec or Mcafee sites to see if your machine may
be
vulnerable and apply necessary updates. While the worm exploits a
Microsoft vulnerability, any email system can receive the bogus
messages.
This worm 'spoofs' the 'from:' address. Meaning that that 'from address'
is not where the mail came from. In the Wired article they mention how
it has even been set to look as though it is coming from an anti-virus
company. Often it takes an address from the sender's machine.

It probably isn't a good idea to respond to any unusual mail until you
are sure your machine is clean and safe.

Resources:


"W32.Klez.gen@mm is a mass-mailing worm that searches the Windows
address book for email addresses and sends messages to all recipients
that it finds. The worm uses its own SMTP engine to send the messages."
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.
html

"This virus remains at a Medium Risk overall, however AVERT is still
seeing many infections reported from Home Users and is informing Home
Users that they are STILL at a HIGHER likelyhood of infection than
corporate users."
http://vil.mcafee.com/dispVirus.asp?virus_k=99455

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS01-020.asp


From Wired.com is a pretty good synopsis of the effects of the most
recent virus
Klez: Don't Believe 'From' Line
http://www.wired.com/news/technology/0,1282,52174,00.html

http://www.wired.com/news/technology/0,1282,52055,00.html
"Klez spoofs "From" information in the e-mails the virus sends."
 "Once active on a computer, Klez searches for files containing e-mail
addresses. It randomly selects one as the "sender," and then transmits
e-mails with attachments containing the virus to the rest of the
collected addresses."


Robert Eiffert,Media Specialist
Pacific Middle School
Evergreen SD, Vancouver Washington
beiffert@attbi.com



-----Original Message-----
From: School Library Media & Network Communications
[mailto:LM_NET@LISTSERV.SYR.EDU] On Behalf Of Darlene A Yasick
Sent: Thursday, June 27, 2002 7:00 AM
To: LM_NET@LISTSERV.SYR.EDU
Subject: Strange messages from Listserve

I have received two messages today that don't make any sense. The first
was from the list serve rejecting a posting that I supposedly made
because it had attachments. To my knowledge I have never sent anything
to
the list with attachements. The text that was listed as left when the
"attachment " was removed showed " a very powerful tool" and was written
in rather awkward English. The second was from the postmaster at juno
and
was entitled returned mail for "announcement from library media vendors"
This had no message and supposedly had an attachement which wasn't
there.
When I went to full header informations both of these messages had the
following address attached csturgeon@ohio.net.  Not sure if this is a
member of not. Does one of both of us have a virus?
Darlene Yasick
Media Specialist
Hopkins High School
lib027yas1@juno.com
Only the mediocre man is always at his best-- Somerset Maugham

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=
All postings to LM_NET are protected under copyright law.
To quit LM_NET (or set-reset NOMAIL or DIGEST, etc.) send email to:
listserv@listserv.syr.edu   In the message write EITHER:
1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL or 3) SET LM_NET DIGEST
4) SET LM_NET MAIL  * Please allow for confirmation from Listserv.
For LM_NET Help see: http://ericir.syr.edu/lm_net/
Archives: http://askeric.org/Virtual/Listserv_Archives/LM_NET.shtml
 See also EL-Announce for announcements from library media vendors:
    http://www.mindspring.com/~el-announce/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=
All postings to LM_NET are protected under copyright law.
To quit LM_NET (or set-reset NOMAIL or DIGEST, etc.) send email to:
listserv@listserv.syr.edu   In the message write EITHER:
1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL or 3) SET LM_NET DIGEST
4) SET LM_NET MAIL  * Please allow for confirmation from Listserv.
For LM_NET Help see: http://ericir.syr.edu/lm_net/
Archives: http://askeric.org/Virtual/Listserv_Archives/LM_NET.shtml
 See also EL-Announce for announcements from library media vendors:
    http://www.mindspring.com/~el-announce/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=

Prev by Date: HELP!! Opening a Read-Only File
Next by Date: Re: HELP!! Opening a Read-Only File
Prev by thread: Strange messages from Listserve
Next by thread: Re: Strange messages from Listserve
Index(es):
- Date
- Thread

LM_NET Mailing List Home