VIRUS WARNING!! dr1 webmaster source of virus email

Ken · Mar 24, 2004

Warning, if you get an email from the dr1 webmaster to the mailbox you use for dr1 emails, DO NOT OPEN THE ATTACHMENT!!!

I just found such a message in my inbox. The subject is "Hello" and the message is "Here is it!" I almost opened the attachment since the sender was known and the email address was right for mail from dr1, but I checked it with the virus scanner available from Yahoo. The report came back reporting that the attachment was infected with a virus that cannot be eliminated.

So, BEWARE, of any messages with attachments. Eliminate them all, even when you know the sender, unless you are informed in advance that an attachment is being sent.

Note: Making it even more dangerous was this note at bottom email: "Attachment: No virus found".

But when I ran the virus scan, it immediately reported that the attachment was infected with the W32.Netsky.P@mm virus.

Hillbilly · Mar 24, 2004

McAfee has issued a warning on this one

The W32 netsky.c@MM is a mass mailer worm...

Just like the MYDOOM virus it sends something that you might be tempted to open.
Here is your statement
This is your file
For your comments
Please answer

And so on and so forth. Just delete them and forget them.

Also making the rounds are what are called phishers, which are the identity theves de jour. they use legiitimate looking ISPs, like AOL Billing OFFICE
Microsoft Customer service Center

things like that. They want you to give them your ID..Your SSN, you Credit card info, address and so forth.

No reputable company asks you for that info.

Delete and tell them to go play with themselves. many of them are from Eastern Europe and want to settle in the DR....hehehe

HB

Ken · Mar 24, 2004

Legitimate? I should say so. Mine came from webmaster@dr1.com to the email address I use on dr1. If they can get my email address from dr1, they can get anybody's who is registered here. I'll be very surprised if I am the only poster that gets an infected attachment from webmaster@dr1.com

ricktoronto · Mar 24, 2004

Well, they didn't

Ken said:
Legitimate? I should say so. Mine came from webmaster@dr1.com to the email address I use on dr1. If they can get my email address from dr1, they can get anybody's who is registered here. I'll be very surprised if I am the only poster that gets an infected attachment from webmaster@dr1.com

The worms do this:

1. Infect a PC in the world

2. Go to that user's ( but NOT the DR1 Webmaster's) address book

3. Select one name as the "from" (in this case it chose "webmaster@DR1.com")

4. Select all the other names as the "to" ( in this case you)

5. Mails itself to all the "to's" with itself as the virus payload

6. You open it, get mad at DR1,because it appears that's the source.

7. DR1 did not send it, someone with DR1 in THEIR address book got infected and it just randomly chose webmaster@DR1 as the "from" since spoofing "from" addresses is easy.

8. Also, it didn't "get" the addresses from within DR1's databases, just someone else's address book who at one time mailed something to Robert.

9. The next group sends it the same way , one random from all the rest to's.

AnnaC · Mar 24, 2004

A few weeks ago I got an email from sprint canada saying that emails were being sent out that have an attachment but in fact are viruses. DO NOT open. Sure enough a few days later I got one and deleted it. My own rule now is if I can't read it or see it, I delete any attachment.

I usually know if the kids are sending pictures and again I don't need to OPEN an attachment to see the pictures.

Robert · Mar 24, 2004

It could NEVER come from us, three reasons.

1) We use Mac's (Apple) for all email.
2) Our Daily/Travel News does not come from a DR1 address, domain or name server and we use specialized software that does not send attachments.
3) Our server virus definitions are updated every 30 mins.

As has been explained, it's a worm virus.
ricktoronto gave a very good explanation.

The only way they could get your email address from us is hack our server. Or have access to our mailing software.
We spend a lot of time and money trying to make sure our severs are secure. We have a 3rd party company (Acunett) constantly monitor, patch and update our severs. It's a serious and specialized business, so we pay serious and specialized people to do it for us.

Once again, you will NEVER get a virus from DR1.

ricktoronto · Mar 24, 2004

All in a day's work

Robert said:
It could NEVER come from us, three reasons.

1) We use Mac's (Apple) for all email.

ricktoronto gave a very good explanation

I use Mac's also so it didn't come from me either

Hlywud · Mar 25, 2004

rick's explanation

Is correct, it came from someones computer who has the webmasters addie and your addie in it. It also didnot come from here.....

Jerry · Mar 25, 2004

Another one out there.

I have received a couple emails from the staff@traveltoniagara.com or admin@traveltoniagara.com or some other mailbox like postmaster. They have stated that the email servers were going to be replaced and attached was the instructions to forward the emails while the server was down. Of course if you look the name of the file is xxxx.doc.pif If you set your computer up so that it does not hide known extentions then it is easier to spot files with improper naming conventions.

Another said that many emails with viruses was detected from my mailbox and to run the attached virus scanner.

I did not open any of these since I am the staff of traveltoniagara and did not send out the emails, I figured they are bad. Also I have no mailbox defined for staff.

Now I also received the same email at one of my ISP addresses that I never use but have because they are the ISP. But it was from teh staff@isp.com

The best that I can figure is they look at your email address and then replace the from address with staff, admin, postmaster, webmaster or some other generic name.

Jerry

Chris · Mar 25, 2004

It is getting quite crazy out there. Apparently three virus writers are in a competition. Remember, it is not enough to depend on your virus protection only - and this obviously needs to be fully updated to the minute. You also have to update your operating system with the latest security patches as the latest variants propage from e-mail directly, and not from the attachments (if you are running a 'Win'doze' operating system.) For Netsky and its variants that are running amok now, check out microsoft's security bulletin MS01-020 on the microsoft site. Netsky and variants spoof e-mail addresses, so don't even trust an e-mail from your latest and best wife or friend.

(I've just spent the day cleaning up a large network from Netsky - update your operating systems guys! It is easy, Microsoft does it for free for you. The virus world is not going to get any better soon while the titanic battle between virus writers is raging)

antspants · Mar 25, 2004

or do nothing

so long as you dont open an attachement ain't nothin' bad gonna happen

XanaduRanch · Mar 25, 2004

I Wouldn't Say That ...

antspants said:
so long as you dont open an attachement ain't nothin' bad gonna happen

... I didn't have to open an attachment, but I still have to read your posts! LOL. What exactly do an ant's pants look like anyway? Don't they have like six legs? Must be some real creative sewing going on there! But, I digress.

We've virus checked everything once every couple of days and our computers are clean. But interestingly we have been getting some e-mails that indicate they are from our own addresses (they are not) saying things like "The team at virtualvoice.org has a fix for your e-mail, just click here, run the upgrade, and use this secrete code ..." blah blah blah.

We just delete them. But these guys are certainly getting tricky!

Tom aka XR I used to think I was indecisive. Now now I'm not so sure.

Chris · Mar 25, 2004

antspants said:
so long as you dont open an attachement ain't nothin' bad gonna happen

At the risk of sounding pedantic, this may have been true a little time ago. It is not true any longer. There is a vulnerability in Internet Explorer (on Windows) that allows IE to excecute code in an e-mail attachments, without the reader of the mail even being aware that something is happening.

This vulnerability has been there for two years or so. Just now lately, the new variants of the virusses that are being written as we speak, exploit this vulnerability and the attachments could execute automatically.

So, again, see that your virus software is up to date and the most important right now, is to patch up your operating system software. If you have a Windows computer and are online, this is kinda serious stuff right at the moment and I would suggest you press the button that goes to our friendly software suppliers Microsoft, and updates your operating system.

antspants · Mar 25, 2004

thanks chris - i didnt know that. nothing ive read indicated it could happen automatically. i dont even use a virus checker unless i think theres a problem - it slows the puter down too much. but i do the auto updates. i've only really crashed 3 times and once im sure it was the hard drive.

"asinine, bottom-dwelling, numb-skulled, low-life, slimy, sickening, gutless, spineless, ignorant, pot-licking, cowardly pathetic little weasel" That's plagarised, but such an accurate description of the dr1 weatherman i had to post it.

Jerry · Mar 25, 2004

Chris is right about not having to run the attachment. There was a bulletin that came down about 2 years ago that talked about windows and outlook / outlook express. If you kept the default layout with the preview pain, just by opening up your email program, and it signing in and downloading the emails, if it happen to "preview" the affected email you just got hit. You did not have to open or run anything.

That is why it is a good idea to change some of the defaults that windows has, like closing the preview pane. NOT to hide know extentions. are just a couple.

Jerry

XanaduRanch · Mar 25, 2004

As long as you stay current with the updates there shouldn't be a problem. Why are (yccch) Macs more resistant? I keep hearing this but my initial reaction is just that there aren't enough of them out there in the world for hackers to bother writing malacious code for them, and so they don't get the attention the IBM PC's do.

antspants said:
"asinine, bottom-dwelling, numb-skulled, low-life, slimy, sickening, gutless, spineless, ignorant, pot-licking, cowardly pathetic little weasel" That's plagarised, but such an accurate description of the dr1 weatherman i had to post it.

Red Girl Says: Antspants, it is ignorant, rude, insensitive, and mean people who embarass Canadians. Have you seen any?
Marlijanca Thinks: Antspants - your responses were uncalled for, maybe you should get to know someone or their situation before posting your nonsense.
RickToronto Said: This has nothing to do with embarassing an entire nationality. Go post your 23rd post on another board. have some frickin' sympathy.
And The Boss Warned: One more stupid comment out of you and you will find that you cannot post anymore, you have been warned.

'Nuf said. Lighten up.

Tom aka XR No husband has ever been shot while doing the dishes.

Chris · Mar 25, 2004

XanaduRanch said:
As long as you stay current with the updates there shouldn't be a problem. Why are (yccch) Macs more resistant? I keep hearing this but my initial reaction is just that there aren't enough of them out there in the world for hackers to bother writing malacious code for them, and so they don't get the attention the IBM PC's do.

Simple, most Virusses are written for Windows 'cause the world's virus writers detest Bill Gates and his practices and they don't detest Steve Wozniak or Steve Jobs or their practices. The terminology IBM PC's has gone out with the ark. Virusses are written for software, not for hardware. IBM PC referred to a hardware configuration early in the 1970's.

antspants · Mar 25, 2004

i meant to edit it to add namedropper.

i wonder if dubya has ever dropped your name except into the ..............

ricktoronto · Mar 25, 2004

Why are you being such a dick, anyway?

antspants said:
"asinine, bottom-dwelling, numb-skulled, low-life, slimy, sickening, gutless, spineless, ignorant, pot-licking, cowardly pathetic little weasel" That's plagarised, but such an accurate description of the dr1 weatherman i had to post it.

This tirade against the moderator of the weather forum and that silliness against Canadians, you have virtually no existence here, and yet you are compelled to post such nonsense? Are you quite young and this is a game or are you just not right in the head?

antspants · Mar 25, 2004

there was no silliness against canadians

i am canadian. that gives me the right to be embarassed by stories like that one. imagine having to travel vast distances to get la ........ fall in love. and she should still be in jail in the republica.

VIRUS WARNING!! dr1 webmaster source of virus email

Platinum

Moderator

Platinum

Grande Pollo en Boca Chica

Gold

Stay Frosty!

Grande Pollo en Boca Chica

Gold

New member

Gold

*** Sin Bin ***

*** Sin Bin ***

Gold

*** Sin Bin ***

New member

*** Sin Bin ***

Gold

*** Sin Bin ***

Grande Pollo en Boca Chica

*** Sin Bin ***

* Sin Bin *

* Sin Bin *

* Sin Bin *

* Sin Bin *

* Sin Bin *

* Sin Bin *