The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> System Administration
> Antivirus Protection
|
PC Virus and anonymous emails
Discuss PC Virus and anonymous emails in the Antivirus Protection forum on Dev Shed. PC Virus and anonymous emails Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.
|
|
 |
|
|
|
|
|

Dev Shed Forums Sponsor:
|
|
|

March 13th, 2004, 11:28 PM
|
|
Registered User
|
|
Join Date: Aug 2003
Posts: 18
Time spent in forums: 58 m 42 sec
Reputation Power: 0
|
|
|
PC Virus and anonymous emails
I keep getting emails that seem to have a file attached to it that contains a virus. My norton antivirus seems to be deleting the attachment without even notifying or asking me before it deletes the attachment. I was wondering are there any anonymous email systems that allow users to send an email, attach a virus, and have them enter any email address in the "From" field?
I have recieved at least 10 of these emails and the header looks like this, here are two of these emails:
Return-Path: <i_am_tha_devil@hotmail.com>
Received: from cox.net ([66.75.74.69]) by lakemtai08.cox.net
(InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
id <20040314045649.VXSO16550.lakemtai08.cox.net@cox.net>
for <XYZ@cox.net>; Sat, 13 Mar 2004 23:56:49 -0500
From: i_am_tha_devil@hotmail.com
To: XYZ@cox.net
Subject: information
Date: Sat, 13 Mar 2004 20:56:50 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="17003074"
Message-Id: <20040314045649.VXSO16550.lakemtai08.cox.net@cox.net>
--17003074
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
your name is wrong
--17003074
Content-Type: plain/text;
name="Norton AntiVirus Deleted1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"
Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiByZWxlYXNlLnppcC4N
ClRoZSBXMzIuTmV0c2t5LkJAbW0gdGhyZWF0IHdhcyBkZXRlY3RlZCBpbiB0aGUgYXR0YWNo
bWVudC4=
--17003074--
Return-Path: <sales@parsfootball.com>
Received: from cox.net ([66.75.74.69]) by fed1mtai05.cox.net
(InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
id <20040313104038.MIKB15943.fed1mtai05.cox.net@cox.net>
for <XYZ@cox.net>; Sat, 13 Mar 2004 05:40:38 -0500
From: sales@parsfootball.com
To: XYZ@cox.net
Subject: fake
Date: Sat, 13 Mar 2004 02:40:38 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="32714488"
Message-Id: <20040313104038.MIKB15943.fed1mtai05.cox.net@cox.net>
--32714488
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
you are a bad writer
--32714488
Content-Type: plain/text;
name="Norton AntiVirus Deleted1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"
Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBtaXNjLmV4ZS4NClRo
ZSBXMzIuTmV0c2t5LkJAbW0gdGhyZWF0IHdhcyBkZXRlY3RlZCBpbiB0aGUgYXR0YWNobWVu
dC4=
--32714488--
Last edited by DuckStabber : March 14th, 2004 at 12:45 AM.
|

March 14th, 2004, 12:08 AM
|
 |
Contributing User
|
|
Join Date: Apr 2003
Location: 127.0.0.1
Posts: 448
  
Time spent in forums: 3 h 9 m 25 sec
Reputation Power: 12
|
|
|
dont register ur email address when signing up for stuff, dont post ur email address on the internet. then you should be fine.
__________________
John5788
|

March 14th, 2004, 01:32 AM
|
 |
Retired Moderator
|
|
Join Date: Jan 2004
Location: London, UK
|
|
These are all Win32.Netsky.B worms I think - I'm getting loads of them too. There must obviously be a way people can just enter in any email address they like - they can't possibly actually register all of these hotmail addresses. Besides, I've had lots from legitimate addresses (like sales@nero.com) who I know have definitely not sent me the virus.
|

March 14th, 2004, 12:22 PM
|
|
Brony & F/OSS Advocate
|
|
Join Date: Jul 2003
Location: Anaheim, CA (USA)
|
|
well I just got an email with a "text.pif" in my Yahoo! inbox, and when I went to scan/download it, it said it found a "W32.Beagle.M@mm" virus, and that I was not allowed to download it. Ah....Imagine...trying to infect my linux box with a win32 virus...through two different firewalls and a packet-monitoring daemon .. I laugh at the insecurity of M$...ha ha....
Quote: | Originally Posted by edwinbrains Besides, I've had lots from legitimate addresses (like sales@nero.com) who I know have definitely not sent me the virus. | Yea, mine came from brorie@adelphia.net, whom I don't know.
|

March 14th, 2004, 12:57 PM
|
 |
Retired Moderator
|
|
Join Date: Jan 2004
Location: London, UK
|
|
|
Yeah - those .pif files are driving me nuts. I never seem to see the end of them.
|

March 14th, 2004, 01:48 PM
|
|
Brony & F/OSS Advocate
|
|
Join Date: Jul 2003
Location: Anaheim, CA (USA)
|
|
Quote: | Originally Posted by DuckStabber Content-Type: plain/text;
name="Norton AntiVirus Deleted1.txt" | Does Norton know that it is supposed to be
Code:
Content-Type: text/plain; name="NortonAntiVirus Deleted1.txt"
, not plain/text? lol...
Last edited by php4geek : March 14th, 2004 at 01:51 PM.
|

March 14th, 2004, 01:49 PM
|
 |
Perl Monkey
|
|
Join Date: May 2003
Location: the far end of town where the Grickle-grass grows
|
|
I've gotten a slew of .pif attachments of late, all through the email adress I registered with cpan.org (I really should make something else for that since there's no way to hide it).
As far as who's in the From: field, you first need to understand how SMTP works. In short, is one of the most absurdly insecure protocols I'm aware of. When you fill out that idetification field in your email client, you can put whatever address you want in there. Anyone who's sent mail from a script knows that the From: field is just something you fill out, it has nothing to do with who it actually came from. You have to read the mail headers and find the IP of the mail server, then contact the server's admin with a time and message and hope he's got logs of who connected then to send the message. Get that IP and keep tracking backwards until you theoredically get to a person or company, which ain't bloody likely. All these pif's running around are likely virus-generated, and not human-sent, so that makes things even worse. You can find the computer that sent it, but the owner/operator has no clue it was going on. What gets me is that people click on these things called "document.pif" from some random sender. *sigh* if only everyone in the world was just like me...
What gets me about spam is that it sure is cheap to create, but it still costs something. They wouldn't do it if it didn't work. As much as everyone seems to bitch about unwanted mail, there's enough people out there that send money for cheap viagra, cable descramblers, and all that porn that they keep harvesting more addresses and sending more out.
__________________
Andrew - Perl (and VB.NET) Monkey
Never underestimate the bandwidth of a hatchback full of tapes.
|

March 14th, 2004, 02:58 PM
|
|
aHVoPw==
|
|
Join Date: Jan 2001
Posts: 1,058
 
Time spent in forums: 15 h 42 m 24 sec
Reputation Power: 14
|
|
|
Even if you don't post your email around, it still can come from infected computers of people that added your email to their address books, such as in outlook. I try to keep those emails by not adding them or adding a little modification to the email address itself so it doesn't go to the person, just in case.
|

March 14th, 2004, 03:52 PM
|
 |
Perl Monkey
|
|
Join Date: May 2003
Location: the far end of town where the Grickle-grass grows
|
|
|
I don't mean to be any kind of preachy/religious or instigate any kind of microsoft bashing (really, I'm serious), but the best way I've found to avoid viruses is to simply not use outlook (express). In windows, I run no virus protection, haven't for a long time, but I used Eudora. Viruses never ran (though the attachments were always downloaded automatically), and even if they did, they'd never get into my address book and populate themselves.
|

March 14th, 2004, 05:42 PM
|
 |
Perl Monkey
|
|
Join Date: May 2003
Location: the far end of town where the Grickle-grass grows
|
|
On the subject of evil emails, I love the ones that perpetrate themselves as the admin at whatever the mail domain is...when I'm the admin at the mail domain and the account is always support@, staff@, administrator@ or some other address that doesn't even exist. Yep, problems with the mail system, I'll be sure to run that release.exe you attached. 
|

March 15th, 2004, 11:22 AM
|
 |
echo $usertitle['computer'];
|
|
Join Date: Jan 2003
Location: UK
|
|
heh I read that google keeps getting spam saying that they noticed they aren't in a lot of the major search engines and that they should signup to a sumbittal program... lmao 
|

March 15th, 2004, 12:31 PM
|
 |
Retired Moderator
|
|
Join Date: Jan 2004
Location: London, UK
|
|
One really annoying thing is when emails containing viruses are sent from my email address. These spammers have got hold of my personal address and are using it to send viruses around. I've had automated replies from companies thanking me for my email, but saying that their virus software automatically removed the attachment that I had attached. 
|

March 15th, 2004, 12:57 PM
|
 |
Doggie
|
|
Join Date: Jul 2003
Location: Seattle, WA
Posts: 751
  
Time spent in forums: 10 h 38 m 25 sec
Reputation Power: 11
|
|
|
I recently got several of those "NT needs this patch" virus emails to my yahoo account. Odd since the only thing I use that particular email account with is online billing. Even the spam I get there is limited to maybe 2 spams a day. This is the first time this has happened, and it just started about a week ago.
I got an email virus to my main email once. I got about 10 email from my grandma in one day with subjects like "Check out this f***ing hot site!" I was a little suspicious.
On a similar note. For some reason, someone keeps getting my main email account and sending a "send me your accnt # so I can give you millions" scam to it. Even after I changed my email address, I'm still getting it about once a week. It's the only spam I get to that account. I'm carefull with who I give my address to.
I do have a "junk" account with yahoo. I use it all the time when places ask for my email. If I don't empty it every week, it'll actualy fill up my 6 Meg alotment with spam.
__________________
"Science is constructed of facts as a house is of stones. But a collection of facts is no more a science than a heap of stones is a house." - Henri Poincare
|

March 15th, 2004, 02:12 PM
|
 |
echo $usertitle['computer'];
|
|
Join Date: Jan 2003
Location: UK
|
|
|

March 15th, 2004, 02:57 PM
|
 |
Retired Moderator
|
|
Join Date: Jan 2004
Location: London, UK
|
|
I like that idea - very clever. Perhaps I should consider something like that for myself 
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|