Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    18
    Rep Power
    0

    PC Virus and anonymous emails


    I keep getting emails that seem to have a file attached to it that contains a virus. My norton antivirus seems to be deleting the attachment without even notifying or asking me before it deletes the attachment. I was wondering are there any anonymous email systems that allow users to send an email, attach a virus, and have them enter any email address in the "From" field?

    I have recieved at least 10 of these emails and the header looks like this, here are two of these emails:


    Return-Path: <i_am_tha_devil@hotmail.com>
    Received: from cox.net ([66.75.74.69]) by lakemtai08.cox.net
    (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
    id <20040314045649.VXSO16550.lakemtai08.cox.net@cox.net>
    for <XYZ@cox.net>; Sat, 13 Mar 2004 23:56:49 -0500
    From: i_am_tha_devil@hotmail.com
    To: XYZ@cox.net
    Subject: information
    Date: Sat, 13 Mar 2004 20:56:50 -0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="17003074"
    Message-Id: <20040314045649.VXSO16550.lakemtai08.cox.net@cox.net>

    --17003074
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    your name is wrong

    --17003074
    Content-Type: plain/text;
    name="Norton AntiVirus Deleted1.txt"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"

    Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiByZWxlYXNlLnppcC4N
    ClRoZSBXMzIuTmV0c2t5LkJAbW0gdGhyZWF0IHdhcyBkZXRlY3RlZCBpbiB0aGUgYXR0YWNo
    bWVudC4=
    --17003074--









    Return-Path: <sales@parsfootball.com>
    Received: from cox.net ([66.75.74.69]) by fed1mtai05.cox.net
    (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
    id <20040313104038.MIKB15943.fed1mtai05.cox.net@cox.net>
    for <XYZ@cox.net>; Sat, 13 Mar 2004 05:40:38 -0500
    From: sales@parsfootball.com
    To: XYZ@cox.net
    Subject: fake
    Date: Sat, 13 Mar 2004 02:40:38 -0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="32714488"
    Message-Id: <20040313104038.MIKB15943.fed1mtai05.cox.net@cox.net>

    --32714488
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    you are a bad writer

    --32714488
    Content-Type: plain/text;
    name="Norton AntiVirus Deleted1.txt"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"

    Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBtaXNjLmV4ZS4NClRo
    ZSBXMzIuTmV0c2t5LkJAbW0gdGhyZWF0IHdhcyBkZXRlY3RlZCBpbiB0aGUgYXR0YWNobWVu
    dC4=
    --32714488--
    Last edited by DuckStabber; March 14th, 2004 at 12:45 AM.
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2003
    Location
    127.0.0.1
    Posts
    448
    Rep Power
    13
    dont register ur email address when signing up for stuff, dont post ur email address on the internet. then you should be fine.
    John5788
  4. #3
  5. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    These are all Win32.Netsky.B worms I think - I'm getting loads of them too. There must obviously be a way people can just enter in any email address they like - they can't possibly actually register all of these hotmail addresses. Besides, I've had lots from legitimate addresses (like sales@nero.com) who I know have definitely not sent me the virus.
  6. #4
  7. No Profile Picture
    Brony & F/OSS Advocate
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2003
    Location
    Anaheim, CA (USA)
    Posts
    6,653
    Rep Power
    2475
    well I just got an email with a "text.pif" in my Yahoo! inbox, and when I went to scan/download it, it said it found a "W32.Beagle.M@mm" virus, and that I was not allowed to download it. Ah....Imagine...trying to infect my linux box with a win32 virus...through two different firewalls and a packet-monitoring daemon .. I laugh at the insecurity of M$...ha ha....
    Originally Posted by edwinbrains
    Besides, I've had lots from legitimate addresses (like sales@nero.com) who I know have definitely not sent me the virus.
    Yea, mine came from brorie@adelphia.net, whom I don't know.
    ~~ Peter ~~ :: ( Who am I? ) :: ( Peter's Musings: Uploading myself, bit by bit... ) :: ( Electronic Frontier Foundation ) :: ( I'm a GNU/Linux addict and Free Software Advocate. ) :: ( How to Ask Questions the Smart Way ) :: ( The Fedora Project, sponsored by Red Hat ) :: ( GNOME: The Free Software Desktop Project ) :: ( GnuPG Public Key ) :: ( About me on the WIki )
  8. #5
  9. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    Yeah - those .pif files are driving me nuts. I never seem to see the end of them.
  10. #6
  11. No Profile Picture
    Brony & F/OSS Advocate
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2003
    Location
    Anaheim, CA (USA)
    Posts
    6,653
    Rep Power
    2475
    Originally Posted by DuckStabber
    Content-Type: plain/text;
    name="Norton AntiVirus Deleted1.txt"
    Does Norton know that it is supposed to be
    Code:
    Content-Type: text/plain; name="NortonAntiVirus Deleted1.txt"
    , not plain/text? lol...
    Last edited by php4geek; March 14th, 2004 at 01:51 PM.
    ~~ Peter ~~ :: ( Who am I? ) :: ( Peter's Musings: Uploading myself, bit by bit... ) :: ( Electronic Frontier Foundation ) :: ( I'm a GNU/Linux addict and Free Software Advocate. ) :: ( How to Ask Questions the Smart Way ) :: ( The Fedora Project, sponsored by Red Hat ) :: ( GNOME: The Free Software Desktop Project ) :: ( GnuPG Public Key ) :: ( About me on the WIki )
  12. #7
  13. Perl Monkey
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    May 2003
    Location
    the far end of town where the Grickle-grass grows
    Posts
    1,860
    Rep Power
    109
    I've gotten a slew of .pif attachments of late, all through the email adress I registered with cpan.org (I really should make something else for that since there's no way to hide it).

    As far as who's in the From: field, you first need to understand how SMTP works. In short, is one of the most absurdly insecure protocols I'm aware of. When you fill out that idetification field in your email client, you can put whatever address you want in there. Anyone who's sent mail from a script knows that the From: field is just something you fill out, it has nothing to do with who it actually came from. You have to read the mail headers and find the IP of the mail server, then contact the server's admin with a time and message and hope he's got logs of who connected then to send the message. Get that IP and keep tracking backwards until you theoredically get to a person or company, which ain't bloody likely. All these pif's running around are likely virus-generated, and not human-sent, so that makes things even worse. You can find the computer that sent it, but the owner/operator has no clue it was going on. What gets me is that people click on these things called "document.pif" from some random sender. *sigh* if only everyone in the world was just like me...

    What gets me about spam is that it sure is cheap to create, but it still costs something. They wouldn't do it if it didn't work. As much as everyone seems to bitch about unwanted mail, there's enough people out there that send money for cheap viagra, cable descramblers, and all that porn that they keep harvesting more addresses and sending more out.
    Andrew - Perl (and VB.NET) Monkey

    Never underestimate the bandwidth of a hatchback full of tapes.
  14. #8
  15. No Profile Picture
    aHVoPw==
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2001
    Posts
    1,058
    Rep Power
    15
    Even if you don't post your email around, it still can come from infected computers of people that added your email to their address books, such as in outlook. I try to keep those emails by not adding them or adding a little modification to the email address itself so it doesn't go to the person, just in case.
    Visit my new IIS Tutorial Series!
  16. #9
  17. Perl Monkey
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    May 2003
    Location
    the far end of town where the Grickle-grass grows
    Posts
    1,860
    Rep Power
    109
    I don't mean to be any kind of preachy/religious or instigate any kind of microsoft bashing (really, I'm serious), but the best way I've found to avoid viruses is to simply not use outlook (express). In windows, I run no virus protection, haven't for a long time, but I used Eudora. Viruses never ran (though the attachments were always downloaded automatically), and even if they did, they'd never get into my address book and populate themselves.
    Andrew - Perl (and VB.NET) Monkey

    Never underestimate the bandwidth of a hatchback full of tapes.
  18. #10
  19. Perl Monkey
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    May 2003
    Location
    the far end of town where the Grickle-grass grows
    Posts
    1,860
    Rep Power
    109
    On the subject of evil emails, I love the ones that perpetrate themselves as the admin at whatever the mail domain is...when I'm the admin at the mail domain and the account is always support@, staff@, administrator@ or some other address that doesn't even exist. Yep, problems with the mail system, I'll be sure to run that release.exe you attached.
    Andrew - Perl (and VB.NET) Monkey

    Never underestimate the bandwidth of a hatchback full of tapes.
  20. #11
  21. echo $usertitle['computer'];
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    UK
    Posts
    6,705
    Rep Power
    420
    heh I read that google keeps getting spam saying that they noticed they aren't in a lot of the major search engines and that they should signup to a sumbittal program... lmao
  22. #12
  23. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    One really annoying thing is when emails containing viruses are sent from my email address. These spammers have got hold of my personal address and are using it to send viruses around. I've had automated replies from companies thanking me for my email, but saying that their virus software automatically removed the attachment that I had attached.
  24. #13
  25. Doggie
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Location
    Seattle, WA
    Posts
    751
    Rep Power
    13
    I recently got several of those "NT needs this patch" virus emails to my yahoo account. Odd since the only thing I use that particular email account with is online billing. Even the spam I get there is limited to maybe 2 spams a day. This is the first time this has happened, and it just started about a week ago.

    I got an email virus to my main email once. I got about 10 email from my grandma in one day with subjects like "Check out this f***ing hot site!" I was a little suspicious.

    On a similar note. For some reason, someone keeps getting my main email account and sending a "send me your accnt # so I can give you millions" scam to it. Even after I changed my email address, I'm still getting it about once a week. It's the only spam I get to that account. I'm carefull with who I give my address to.

    I do have a "junk" account with yahoo. I use it all the time when places ask for my email. If I don't empty it every week, it'll actualy fill up my 6 Meg alotment with spam.
    "Science is constructed of facts as a house is of stones. But a collection of facts is no more a science than a heap of stones is a house." - Henri Poincare
  26. #14
  27. echo $usertitle['computer'];
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    UK
    Posts
    6,705
    Rep Power
    420
    i have a private domain I use... and just have catchall so devshed might be devshed@mysite.com, slashdot@mysite.com, somesitename@mysite.com so I can kill an address as soon as the spam starts arriving, and notify the site it came from... works v well
  28. #15
  29. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    I like that idea - very clever. Perhaps I should consider something like that for myself
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo