Virus emails blasting my inbox
Tuesday, August 19, 2003 by Alexandrie | Discussion: WinCustomize Talk
I have tons of emails with virus I am getting, just today I've got around 500 of them, and the end of the day is not near, it's only 5PM, Norton warns me the virus has been deleted and I have to click finished button everytime, this is a pain in the ....
If someone know how to get rid of them without clicking on "finished" everytime please help me.
 |
|
Page 4 of 6 | |
|
|---|
IPlural
Reply #62 Friday, August 22, 2003 3:59 AM
Reply #62 Friday, August 22, 2003 3:59 AM
ah, sorry, won't do it again.. just thought some might like to read this
grayhaze
Reply #63 Friday, August 22, 2003 4:04 AM
Reply #63 Friday, August 22, 2003 4:04 AM
Yes, we all know we should have anti-virus protection on our machines IPlural. I personally also already use a spam filtering application, but without manually configuring it to recognise the messages I spoke about above it's pretty much useless for the average user in this situation. There's also the added problem that by filtering out the 'undeliverable mail' and assorted other mails, you lose the ability to tell if your legitimate mail has reached its destination. Many spam filters also only work once mail has been downloaded to a user's machine, which is something of a problem when you have around 30Mb of mail per day generated by the Sobig virus to download on a 56k connection.
Also, what is the point of copying and pasting the marketing blurb for these products here? A simple 'try McAfee SpamKiller' or 'try Norton Internet Security' would suffice.
Also, what is the point of copying and pasting the marketing blurb for these products here? A simple 'try McAfee SpamKiller' or 'try Norton Internet Security' would suffice.
MadIce
Reply #64 Friday, August 22, 2003 4:08 AM
Reply #64 Friday, August 22, 2003 4:08 AM
grayhaze: Yeah. Having a public e-mail address can cause that. But some people do not want to give in on the virii/worms/spams. But I agree that once you have your inbox filled with it then it is hard to get rid of it. But there is nothing wrong to try to prevent it in the future. And as IPlural pointed out there are several products that can assist you in that. Too bad we need to pay for that. The ISP subscription which I have includes anti-virus and firewall software. They also offer a spam protection. That helps.
MadIce
Reply #65 Friday, August 22, 2003 4:09 AM
Reply #65 Friday, August 22, 2003 4:09 AM
grayhaze: I was responding to post #54. Hehe. You people even write faster than I can read. 
IPlural
Reply #66 Friday, August 22, 2003 4:14 AM
Reply #66 Friday, August 22, 2003 4:14 AM
actually I did mention those a number of times and yet was lambasted for being less than able to conceptualize or comprehend the situation.
evidently just pointing out those programs with a short comment exscaped some peoples eye.
as far as it goes, in the end if all you can do is filter your email for the next couple of days untli people get things cleaned up, then that is what has to happen sad to say but at the same time there are key constants about each one that is running around which you can very well filter out with a filter you create or an update that the respective programs company has created.
also you can filter out the unable to send errors and turn off return confirmations upon read in your email program.
amoung other things...
evidently just pointing out those programs with a short comment exscaped some peoples eye.
as far as it goes, in the end if all you can do is filter your email for the next couple of days untli people get things cleaned up, then that is what has to happen sad to say but at the same time there are key constants about each one that is running around which you can very well filter out with a filter you create or an update that the respective programs company has created.
also you can filter out the unable to send errors and turn off return confirmations upon read in your email program.
amoung other things...
IPlural
Reply #67 Friday, August 22, 2003 4:18 AM
Reply #67 Friday, August 22, 2003 4:18 AM
MadIce, exactly so on the ISP filtering.. that is on the IT end of things though and if they fell down on this it is a personal choice to continue service with them though because of the dynamic nature of the net, it is extreamly hard to play catch up on the IT end of things right in the middle of a situation such as this.
I remember when the worst thing you had to face was people sharing floppies
Your Computer is Stoned
Ambalance
Chars falling off the screen to pile up on the ottom of the screen
Displayed screen melting on you
Or the simple removal of the "C" from the ascii table on programmable keyboards...
I remember when the worst thing you had to face was people sharing floppies
Your Computer is Stoned
Ambalance
Chars falling off the screen to pile up on the ottom of the screen
Displayed screen melting on you
Or the simple removal of the "C" from the ascii table on programmable keyboards...
IPlural
Reply #68 Friday, August 22, 2003 4:20 AM
Reply #68 Friday, August 22, 2003 4:20 AM
anyway...
hope everyone gets this under control, good luck
hope everyone gets this under control, good luck
MadIce
Reply #69 Friday, August 22, 2003 5:09 AM
Reply #69 Friday, August 22, 2003 5:09 AM
Until now I have escaped e-mail virii/worms/spam, but to be secure I have just activated a spam filter and subscribed to a virus filter. Both are ISP filters. There are several options for the spam filter, but I have chosen to send it to another e-mail address (which was activated by my ISP for this purpose). They advised me to use their web-mail client or use a regular e-mail client with a virus filter. It turns out that the new virus filter can handle two POP accounts, so I added the second one to the spam account. Sounds good. Let's see what happens.
Jafo
Reply #70 Friday, August 22, 2003 6:32 AM
Reply #70 Friday, August 22, 2003 6:32 AM
It appears this latest email problem times out in a week or two and will ultimately cease to propagate....
Koasati
Reply #71 Friday, August 22, 2003 6:53 AM
Reply #71 Friday, August 22, 2003 6:53 AM
| It appears this latest email problem times out in a week or two and will ultimately cease to propagate |
Until the next version is released................ 
retiredmaster
Reply #72 Friday, August 22, 2003 8:25 AM
Reply #72 Friday, August 22, 2003 8:25 AM
This isn't a solution to the problem, but it might help. Get hold of a 'lite' email checker (I use 'Poptray') which just lists the message headers on the mail server. You can then set rules to automatically delete the appropriate ones (which all seem to have one of about ten different headers) or delete them by hand. You can then launch your email client afterwards. That way the spam messages never get to your PC.
KarmaGirl
Reply #73 Friday, August 22, 2003 10:26 AM
Reply #73 Friday, August 22, 2003 10:26 AM
MailWasher does the same thing (But you can also look at the whole message still
on the server before deleting it). You can set it to bring up your mail
client as soon as it is done processing mail. Quite handy until you set
4,000 email a day to sort through
on the server before deleting it). You can set it to bring up your mail
client as soon as it is done processing mail. Quite handy until you set
4,000 email a day to sort through
goodmorphing
Reply #74 Friday, August 22, 2003 11:19 AM
I meant to say that we are all screwed even if we never ever get a virus. Internet traffic is slowed, businesses are blocked all over the place. Huge numbers of man hours are expended in purging the viri, cleaning their spam loads, repairing systems. I am sure that eventually some cost from this is going to filter down to everyone. I read last night that some college campus has blocked all e-mail access through its servers while it tried to delete them. That means all the students and all the family and friends who communicate with them are affected.
Reply #74 Friday, August 22, 2003 11:19 AM
| goodmorphing, no we are not all screwed... |
I meant to say that we are all screwed even if we never ever get a virus. Internet traffic is slowed, businesses are blocked all over the place. Huge numbers of man hours are expended in purging the viri, cleaning their spam loads, repairing systems. I am sure that eventually some cost from this is going to filter down to everyone. I read last night that some college campus has blocked all e-mail access through its servers while it tried to delete them. That means all the students and all the family and friends who communicate with them are affected.
goodmorphing
Reply #75 Friday, August 22, 2003 11:22 AM
I read this on MSNBC this morning...
Computer security experts were racing Friday to beat a 3 p.m. ET deadline to find and disconnect 20 computers from the Internet, a defensive move aimed at preventing the Sobig.F virus from unleashing a second — and perhaps more sinister — round of havoc.
THE VIRUS, which already has tormented companies and personal computer users by becoming the fastest e-mail outbreak ever seen, contains code that instructs infected computers to download an unknown program on Friday between the hours of 3-6 p.m. ET, said Chris Belthoff, senior security analyst with the antivirus firm Sophos. He said it is unclear what that program is, or what it might do to machines infected with Sobig.F.
*****
Another Sophos official, Carole Theriault, said the program also could be as innocuous as “a smiley face dances (that) across your screen.” But even if that’s the case, the sheer volume of Internet data converging on the 20 computer targets could significantly affect Internet performance.
The virus’ secret programming for a second phase was discovered late Thursday, when analysts found code within Sobig.F instructing infected machines to make contact with the 20 computers during the three-hour window on Friday and again from 3-6 p.m. ET on Sunday.
[Message Edited]
Reply #75 Friday, August 22, 2003 11:22 AM
| It appears this latest email problem times out in a week or two and will ultimately cease to propagate.... |
I read this on MSNBC this morning...
Computer security experts were racing Friday to beat a 3 p.m. ET deadline to find and disconnect 20 computers from the Internet, a defensive move aimed at preventing the Sobig.F virus from unleashing a second — and perhaps more sinister — round of havoc.
THE VIRUS, which already has tormented companies and personal computer users by becoming the fastest e-mail outbreak ever seen, contains code that instructs infected computers to download an unknown program on Friday between the hours of 3-6 p.m. ET, said Chris Belthoff, senior security analyst with the antivirus firm Sophos. He said it is unclear what that program is, or what it might do to machines infected with Sobig.F.
*****
Another Sophos official, Carole Theriault, said the program also could be as innocuous as “a smiley face dances (that) across your screen.” But even if that’s the case, the sheer volume of Internet data converging on the 20 computer targets could significantly affect Internet performance.
The virus’ secret programming for a second phase was discovered late Thursday, when analysts found code within Sobig.F instructing infected machines to make contact with the 20 computers during the three-hour window on Friday and again from 3-6 p.m. ET on Sunday.
[Message Edited]
goodmorphing
Reply #76 Friday, August 22, 2003 9:12 PM
Reply #76 Friday, August 22, 2003 9:12 PM
A Finnish computer security expert said Friday that investigators had won a race against the clock and averted a second round of mayhem programmed into the Sobig.F virus, but others tracking the online malady said they weren’t so sure. As investigators raced the clock, the FBI subpoenaed an Arizona Internet service provider to trace the culprit behind the fastest-spreading computer virus ever, which security experts said may have first been posted to a pornographic Usenet group.
***
THE FRANTIC CHASE began late Thursday, when virus experts analyzing the programming of Sobig.F discovered coding instructing infected machines to attempt to connect with one of 20 computers between 3 p.m. and 6 p.m. ET Friday and again during the same time period on Sunday and download a software program.
The 20 computers apparently were picked at random for use in distributing a second phase of the attack.
Security experts said they had no idea what the program might do, but they feared that it could “corrupt data, damage machines or launch a widely distributed attack against a Web site,” according to Chris Belthoff, a senior security analyst with the antivirus firm Sophos.
Mikko Hyppönen, head of antivirus research at the Finland-based firm F-Secure, who said he worked with the FBI and Microsoft Corp. to locate the 20 computers and ensure that they were disconnected before the deadline, told MSNBC.com that the task had been completed with just over an hour to spare.
***
From the same MSNBC source... Sorry, I usually won't cut and paste that much but linking to news stories sometimes doesn't work, an this is such a fascinating read.
[Message Edited]
***
THE FRANTIC CHASE began late Thursday, when virus experts analyzing the programming of Sobig.F discovered coding instructing infected machines to attempt to connect with one of 20 computers between 3 p.m. and 6 p.m. ET Friday and again during the same time period on Sunday and download a software program.
The 20 computers apparently were picked at random for use in distributing a second phase of the attack.
Security experts said they had no idea what the program might do, but they feared that it could “corrupt data, damage machines or launch a widely distributed attack against a Web site,” according to Chris Belthoff, a senior security analyst with the antivirus firm Sophos.
Mikko Hyppönen, head of antivirus research at the Finland-based firm F-Secure, who said he worked with the FBI and Microsoft Corp. to locate the 20 computers and ensure that they were disconnected before the deadline, told MSNBC.com that the task had been completed with just over an hour to spare.
***
From the same MSNBC source... Sorry, I usually won't cut and paste that much but linking to news stories sometimes doesn't work, an this is such a fascinating read.
[Message Edited]
Jafo
Reply #77 Friday, August 22, 2003 9:18 PM
Reply #77 Friday, August 22, 2003 9:18 PM
I vote the culprit gets as many man-hours of jail as he has cost the world community in lost productivity dealing with it....my guess is he'll be a few hundred years beyond his use-by date...
IPlural
Reply #78 Saturday, August 23, 2003 1:42 AM
Reply #78 Saturday, August 23, 2003 1:42 AM
Well, with re-mailers, spoofing, secure tunnels, off shore servers and all the extra not mentioned. Finding the person who did the actually deed might just about be impossible excluding the fact that they are idiots so they probably didn't cover their tracks as well as they think they have.
They did make a point without giving them any credit of course it is an obvious point so I guess they reconfirmed it in the largest manner " Microsoft needs to hammer it's software and patch's hard a furious before releasing them, we are NOT part of a paying for the privilege to be on their un-witting Beta Team "...
But it isn't just MS that needs to do this it is also software companies in general if they deal with directly accessing networks.
IPv6 has a good chance at helping control some of the nefarious junk cracking. But hacking the OS that everything is built to interface with is one of the key places to demand better controls be put into place which is why I mention MS.
anyway...
They did make a point without giving them any credit of course it is an obvious point so I guess they reconfirmed it in the largest manner " Microsoft needs to hammer it's software and patch's hard a furious before releasing them, we are NOT part of a paying for the privilege to be on their un-witting Beta Team "...
But it isn't just MS that needs to do this it is also software companies in general if they deal with directly accessing networks.
IPv6 has a good chance at helping control some of the nefarious junk cracking. But hacking the OS that everything is built to interface with is one of the key places to demand better controls be put into place which is why I mention MS.
anyway...
goodmorphing
Reply #79 Saturday, August 23, 2003 2:26 AM
Reply #79 Saturday, August 23, 2003 2:26 AM
more from that article:
The virus apparently was disguised so that anyone who clicked on a link purporting to show a sexually graphic picture became infected with the self-replicating worm, which then spread itself to other e-mail addresses.
Internet service provider Easynews.com of Phoenix said in a statement that the FBI contacted it Thursday, alleging that someone had used its Usenet server to upload the picture on Aug. 18. Easynews said it refused to provide any information until a faxed subpoena arrived from the FBI on Friday.
The header of the original message presents the sender’s address as Misiko @ dot.com. It was posted to six newsgroups, the names of some of which suggested they featured pornographic images. Easynews’ technology director, Michael Minor, said it appeared that the culprit used a stolen credit card to create the account from which the virus was posted.
^^^
Header information from the original Usenet message suspected of carrying the Sobig.F virus:
Path: news.easynews.com!core-easynews!newsfeed1.easynews.com!easynews.com!easynews!easynews-local!news.easynews.com.POSTED!not-for-mail From: Misiko Newsgroups: alt.binaries.amp, alt.binaries.boneless, alt.binaries.nl, alt.binaries.pictures.chimera, alt.binaries.pictures.erotica, alt.binaries.pictures.erotica.amateur.female Subject: Nice, who has more of it? DSC-00465.jpeg Message-ID: Organization: Misiko X-Newsreader: MicroPlanet Gravity v2.50 Lines: 2815 X-Complaints-To: abuse @ easynews.com X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly. Date: Mon, 18 Aug 2003 19:46:19 GMT Xref: core-easynews alt.binaries.amp:2476089 alt.binaries.boneless:29017892 alt.binaries.nl:32597838 alt.binaries.pictures.chimera:2199579 alt.binaries.pictures.erotica:10555867 alt.binaries.pictures.erotica.amateur.female:3953364 X-Received-Date: Mon, 18 Aug 2003 12:45:13 MST (news.easynews.com)
goodmorphing thinks this must not be much information at all since they haven't caught the guy.
[Message Edited]
The virus apparently was disguised so that anyone who clicked on a link purporting to show a sexually graphic picture became infected with the self-replicating worm, which then spread itself to other e-mail addresses.
Internet service provider Easynews.com of Phoenix said in a statement that the FBI contacted it Thursday, alleging that someone had used its Usenet server to upload the picture on Aug. 18. Easynews said it refused to provide any information until a faxed subpoena arrived from the FBI on Friday.
The header of the original message presents the sender’s address as Misiko @ dot.com. It was posted to six newsgroups, the names of some of which suggested they featured pornographic images. Easynews’ technology director, Michael Minor, said it appeared that the culprit used a stolen credit card to create the account from which the virus was posted.
^^^
Header information from the original Usenet message suspected of carrying the Sobig.F virus:
Path: news.easynews.com!core-easynews!newsfeed1.easynews.com!easynews.com!easynews!easynews-local!news.easynews.com.POSTED!not-for-mail From: Misiko Newsgroups: alt.binaries.amp, alt.binaries.boneless, alt.binaries.nl, alt.binaries.pictures.chimera, alt.binaries.pictures.erotica, alt.binaries.pictures.erotica.amateur.female Subject: Nice, who has more of it? DSC-00465.jpeg Message-ID: Organization: Misiko X-Newsreader: MicroPlanet Gravity v2.50 Lines: 2815 X-Complaints-To: abuse @ easynews.com X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly. Date: Mon, 18 Aug 2003 19:46:19 GMT Xref: core-easynews alt.binaries.amp:2476089 alt.binaries.boneless:29017892 alt.binaries.nl:32597838 alt.binaries.pictures.chimera:2199579 alt.binaries.pictures.erotica:10555867 alt.binaries.pictures.erotica.amateur.female:3953364 X-Received-Date: Mon, 18 Aug 2003 12:45:13 MST (news.easynews.com)
goodmorphing thinks this must not be much information at all since they haven't caught the guy.
[Message Edited]
IPlural
Reply #80 Saturday, August 23, 2003 2:35 AM
Reply #80 Saturday, August 23, 2003 2:35 AM
no, it is some information but nothing really if the person has half a clue how to avoid them finding them.
Fake ID, Internet Café, re-routing, re-mailers, spoofing, stolen NTTP account(NewsGroup ISP account) and a floppy disk is all it takes, from anywhere in the world...
It is nothing more than a point of reference for them to start at as far as the point of exposure to the net for the most part...
Oh by the way, things got all screwy over time but historically...
you Crack a servers, computer, network
you Phreak a phone system
you Hack a program
odd how things get all changed around and no one notices....
Fake ID, Internet Café, re-routing, re-mailers, spoofing, stolen NTTP account(NewsGroup ISP account) and a floppy disk is all it takes, from anywhere in the world...
It is nothing more than a point of reference for them to start at as far as the point of exposure to the net for the most part...
Oh by the way, things got all screwy over time but historically...
you Crack a servers, computer, network
you Phreak a phone system
you Hack a program
odd how things get all changed around and no one notices....Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
|
|
Page 4 of 6 | |
|
|---|
Reply #61 Friday, August 22, 2003 3:59 AM
http://techrepublic.com.com/5100-6264_11-5065898.html?tag=ft
Blaster, Welchia, and SobigF pose triple threat to networks
August 20, 2003 | John McCormick | E-Mail
Rating: 5 / 5 | Rate this article
Discussions: 1 Post(s) | 1 NEW | View posts
Malicious intruders plus vulnerable networks and buggy software equals a security nightmare. Sleep better by subscribing to Builder.com's Development Security Spotlight e-newsletter. Each Tuesday, security expert John McCormick will provide you with the latest methods for keeping your development environment safe. Sign up instantly!
After several months of relative calm on the virus front with only low-level threats, last week the Blaster worm assaulted many networks and wreaked havoc on a lot of PCs. This week, the Welchia worm—which is actually supposed to remove Blaster—arrived and began causing additional problems. Not only that, but a hot new version of the old Sobig mass-mailing worm has turned lethal and begun infecting many systems with its own brand of mischief.