Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can I track this bastard?

0 views
Skip to first unread message

BobbyCallzone

unread,
Jun 20, 2002, 7:03:35 PM6/20/02
to
This is the the email that I recieved as "helpLine" in the subect line and
no body of text ...somehow I STUPIDLY click on the email
itself and Microsoft was kind enought to FIRE-OFF THE EXE bound into the
mime ! Thanx MickyShit! I upgraded to 6.0
to alleviate that particular STUPID CRAP from microsoft (How could they be
so STUPID! - whats next?).

Anyways - Is there anyway to track this back? I'd just LOVE to spend a week
and a
couple of grand to HUNT THIS DUDE DOWN AND BEAT THE LIVING SHIT OUT OF
HIM!!!

< I replace my email name with "thevictim" >


Return-Path: <dturner...@earthlink.net>
Delivered-To: thevictim._....@gilat2home.prontomail.com
X-CustomSvr: 1.0
Received: by c9mail01.amadis.com (NPlex 6.5.012) id 3D0E91F3000A3608 for
thev...@starband.net; Wed, 19 Jun 2002 04:50:23 -0700
Received: from c9diamond02 (10.9.0.1) by C9MDS03.amadis.com (NPlex 6.5.012)
id 3CF42108004BF337 for thev...@starband.net; Wed, 19 Jun 2002
04:50:07 -0700
Received: FROM [207.217.120.74] By c9diamond02.diamond.amadis.com ; Wed, 19
Jun 2002 04:50:04 -0800
Received: from cpe-66-87-21-27.ut.sprintbbd.net ([66.87.21.27] helo=Zsfp)
by falcon.mail.pas.earthlink.net with smtp (Exim 3.33 #2)
id 17Ke06-0004fL-00
for thev...@starband.net; Wed, 19 Jun 2002 04:51:51 -0700
From: kdavis <kda...@teamamerica.com>
To: thev...@starband.net
Subject: HelpLine
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=H239j41t4482u649
Message-Id: <E17Ke06-...@falcon.mail.pas.earthlink.net>
Date: Wed, 19 Jun 2002 04:51:51 -0700
X-Commtouch-Loop: 3


--H239j41t4482u649
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:K1Z17t87H9C height=3D0 width=3D0>
</iframe>
<FONT></FONT></BODY></HTML>

--H239j41t4482u649
Content-Type: audio/x-midi;
name=class.bat
Content-Transfer-Encoding: base64
Content-ID: <K1Z17t87H9C>

POISON WAS INSERTED HERE AS A MIME ATTACHMENT


--H239j41t4482u649--

Robert Anderegg

unread,
Jun 20, 2002, 7:28:04 PM6/20/02
to

"BobbyCallzone" <JBland...@yugo.car> wrote:

> This is the the email that I recieved as "helpLine" in the subect line and
> no body of text ...somehow I STUPIDLY click on the email
> itself and Microsoft was kind enought to FIRE-OFF THE EXE bound into the
> mime ! Thanx MickyShit! I upgraded to 6.0
> to alleviate that particular STUPID CRAP from microsoft (How could they be
> so STUPID! - whats next?).
>
> Anyways - Is there anyway to track this back? I'd just LOVE to spend a
week
> and a
> couple of grand to HUNT THIS DUDE DOWN AND BEAT THE LIVING SHIT OUT OF
> HIM!!!

<cut>

Why? The owner of this PC did not send you this worm manually. His PC is
infected with
this worm. The worm searches the harddisk for emailaddresses and send
*automatically*
a copy of himself to others. So the owner of the PC may not even now that he
is infected!

By the way, yes it was VERY STUPID that you open the mail and get
infected.........

Greets
Robi


Boyd Williston

unread,
Jun 20, 2002, 9:17:07 PM6/20/02
to
"BobbyCallzone" <JBland...@yugo.car> wrote in
news:xbtQ8.1768$172.55...@twister2.starband.net:

Before you become so hostile to the source of the mail, remember that not
only did you get infected...

==>> ...the worm probably mailed itself out from your computer to everyone
in your address book also. <<==

Are you ready to welcome a visit from all of those who got mail from you?

FromTheRafters

unread,
Jun 20, 2002, 9:47:23 PM6/20/02
to

"BobbyCallzone" <JBland...@yugo.car> wrote in message
news:xbtQ8.1768$172.55...@twister2.starband.net...

> I'd just LOVE to spend a week and a couple of grand to
> HUNT THIS DUDE DOWN AND BEAT THE LIVING
> SHIT OUT OF HIM!!!

Better yet, spend the time and money to protect yourself from
all the people *you* have now infected. They're coming to
get you, and THEY'RE REALLY PISSED OFF!!!

They are blaming you for sending it to them instead of realizing
that they have made bad choices, and are ultimately responsible
for their own actions.

Get your daily (hourly?) patches from Micro$ofts update site,
especially if you have just installed a new M$ product. Be sure
to recheck your security settings after visiting the site (I have
noticed some irregularities after using that site).


Frederic Bonroy

unread,
Jun 21, 2002, 4:42:44 AM6/21/02
to
BobbyCallzone wrote:

> This is the the email that I recieved as "helpLine" in the subect line and
> no body of text ...somehow I STUPIDLY click on the email
> itself and Microsoft was kind enought to FIRE-OFF THE EXE bound into the
> mime ! Thanx MickyShit! I upgraded to 6.0
> to alleviate that particular STUPID CRAP from microsoft (How could they be
> so STUPID! - whats next?).
>
> Anyways - Is there anyway to track this back? I'd just LOVE to spend a week
> and a
> couple of grand to HUNT THIS DUDE DOWN AND BEAT THE LIVING SHIT OUT OF
> HIM!!!

Note that the person in the "From:" field may not be the actual
sender of the email. The Return-Path field may give an indication
who the actual sender is, but then again remember that this is a worm
and that the person did not send it intentionally.
It looks like Klez, which is known to fake sender addresses.

As far as Outlook Express is concerned, do yourself a favor and toss
it into the nearest trash can. You can of course play Russian roulette
and try to apply the infinite and ever-increasing number of patches,
but you will be much better of simply switching to another program.

DeeDee

unread,
Jun 21, 2002, 5:18:15 AM6/21/02
to
Frederic Bonroy <yor...@yahoo.fr> wrote in
news:aeuotu$a0g9j$1...@ID-75150.news.dfncis.de:

There is an easier way,
Right click the mail to highlight it,if its over 2k delete it:)
Fires require oxygen,provide an oxygen free environment and you have no
more problems(ŽSimon Widlake).

rgrds Dalton

Andy(ArT)Trigg

unread,
Jun 21, 2002, 12:50:02 PM6/21/02
to
There is circumstantial evidence that on Fri, 21 Jun 2002 09:18:15
+0000 (UTC), DeeDee <dee...@slam-virus-team.com> wrote
_______________________________________________________


>› There is an easier way,


>› Right click the mail to highlight it,if its over 2k delete it:)
>› Fires require oxygen,provide an oxygen free environment and you have no

>› more problems(®Simon Widlake).
>›
>› rgrds Dalton


Why would you want to delete e-mails over 2k? The last 4 e-mails sent
to me by my friends were 4K 2K 3K & 4K They weren't particularly
long. Using that method I'd hardly hear from my friends
_______________________________________________________

If I had more time I could be a lot more concise.
(To reply by email - Remove MYMASK)
_______________________________________________________

Andy(ArT)Trigg ™ Aka &y ©

Walt

unread,
Jun 21, 2002, 11:27:38 PM6/21/02
to
Ok ok ..I get the point - I didn't think about the virus mailing itself out
from the victims machine - sheesh ... not like I've ever gotten one b4.
Anywho - i raised myself to XP and the "auto-mime-fireoff" thing shouldn't
occur anymore.


SomeBlokeCalledRapunzelSyndrome

unread,
Jun 24, 2002, 6:26:43 AM6/24/02
to

> Return-Path: <dturner...@earthlink.net>

I long ago created a filter that deletes anything from earthlink as
soon as it hits my mailqueue.

--
If Billy Connolly did not exist, it would be necessary to invent him

Abbevillehacker

unread,
Jun 25, 2002, 9:19:45 PM6/25/02
to
thats a virus
0 new messages