Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Worm.SomeFool.P

0 views
Skip to first unread message

Capn Jack Sparrow

unread,
Apr 12, 2004, 6:38:27 PM4/12/04
to
Cannot seem to find this in my Panda Virus catalog. Was I spammed with the
e-mail saying my computor generated this virus. Anyone help. Anyone heard
of this.


MJD

unread,
Apr 12, 2004, 7:15:09 PM4/12/04
to

Why not post the text of the offending email?
It might give us more to go on.
What does your own AV say?
"Capn Jack Sparrow" <steve...@comcast.net> wrote in message
news:O_CdnePhS6Y...@comcast.com...

FromTheRafters

unread,
Apr 12, 2004, 8:34:54 PM4/12/04
to

"Capn Jack Sparrow" <steve...@comcast.net> wrote in message news:O_CdnePhS6Y...@comcast.com...
> Cannot seem to find this in my Panda Virus catalog. Was I spammed with the
> e-mail saying my computor generated this virus. Anyone help. Anyone heard
> of this.

Another name for NetSky I believe.


Capn Jack Sparrow

unread,
Apr 12, 2004, 8:42:12 PM4/12/04
to
here is the e-mail i recieved Panda says all clean doesn't recognize variant
"MJD" <M...@Privacy.net> wrote in message
news:c5f7qu$12trf$1...@ID-7508.news.uni-berlin.de...

Capn Jack Sparrow

unread,
Apr 12, 2004, 8:57:21 PM4/12/04
to
Another newsgroup suggests that i am the victim of spoofing. Someone elses
infected computor with my e-mail address in their address book
From: "System Anti-Virus Administrator" <virus...@eldoks.com>
To: <steve...@comcast.net>
Subject: virus found in sent message "Mail Delivery (failure
gcol...@eldoks.com)"
Date: Monday, April 12, 2004 8:56 AM


Attention: steve...@comcast.net


A virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.

The virus was reported to be:

Worm.SomeFool.P


Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.


Your message was sent with the following envelope:

MAIL FROM: steve...@comcast.net
RCPT TO: gcol...@eldoks.com

... and with the following headers:

---
MAILFROM: steve...@comcast.net
Received: from unknown (HELO eldoks.com) (68.185.208.133)
by eldiserv01.eldoks.com with SMTP; 12 Apr 2004 10:59:31 -0500
From: steve...@comcast.net
To: gcol...@eldoks.com
Subject: Mail Delivery (failure gcol...@eldoks.com)
Date: Mon, 12 Apr 2004 10:56:07 -0500
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal


---

FromTheRafters

unread,
Apr 12, 2004, 9:42:51 PM4/12/04
to

"Capn Jack Sparrow" <steve...@comcast.net> wrote in message news:u7GdnWtjq68...@comcast.com...

> Another newsgroup suggests that i am the victim of spoofing. Someone elses
> infected computor with my e-mail address in their address book

Yes, that is typical of this (and many other) worms - including
"Swen" which you may soon become familiar with as well due
to your posting your e-mail address in usenet.


David W. Hodgins

unread,
Apr 12, 2004, 10:03:35 PM4/12/04
to
On Mon, 12 Apr 2004 17:57:21 -0700, Capn Jack Sparrow <steve...@comcast.net> wrote:

> Another newsgroup suggests that i am the victim of spoofing. Someone elses
> infected computor with my e-mail address in their address book

The headers show that this is correct. Note that it is the virus that does the
spoofing. It's not (likely) a person intentionally doing it.

> From: "System Anti-Virus Administrator" <virus...@eldoks.com>

Send a complaint to williamr @ POWWWER.NET (The technical contact
for the City of El Dorado, according to their whois data), asking them
to fix their broken email virus scanner, so it doesn't send virus reports
to (almost always) forged from addresses. Include a link to
http://www.f-prot.com/news/gen_news/open_letter_10sept2003.html

> Received: from unknown (HELO eldoks.com) (68.185.208.133)

That's an ip on Charter Communications. Forward the complaint
to abuse @ charter.net, so they can notify the real infected computer's
owner.

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specfically for
use in usenet. Feel free to use it yourself.)

Norman L. DeForest

unread,
Apr 13, 2004, 12:23:56 AM4/13/04
to

On Mon, 12 Apr 2004, Capn Jack Sparrow wrote:

> Another newsgroup suggests that i am the victim of spoofing. Someone elses
> infected computor with my e-mail address in their address book
> From: "System Anti-Virus Administrator" <virus...@eldoks.com>
> To: <steve...@comcast.net>
> Subject: virus found in sent message "Mail Delivery (failure
> gcol...@eldoks.com)"
> Date: Monday, April 12, 2004 8:56 AM
>
>
> Attention: steve...@comcast.net
>
>
> A virus was found in an Email message you sent.
> This Email scanner intercepted it and stopped the entire message
> reaching its destination.
>
> The virus was reported to be:
>
> Worm.SomeFool.P
>
>
> Please update your virus scanner or contact your IT support
> personnel as soon as possible as you have a virus on your system.
>
>
> Your message was sent with the following envelope:
>
> MAIL FROM: steve...@comcast.net
> RCPT TO: gcol...@eldoks.com
>
> ... and with the following headers:
>
> ---
> MAILFROM: steve...@comcast.net
> Received: from unknown (HELO eldoks.com) (68.185.208.133)

^^^^^^^^^^^^^^
The IP address 68.185.208.133 is a Charter.com address,
Host name: 68-185-208-133-rcp2.ubr1.osgb.mo.charter.com

If you never connect through charter.com, then your address was certainly
forged by the worm. Send a copy of the virus report you got to:
ab...@charter.net (for charter.com)

> by eldiserv01.eldoks.com with SMTP; 12 Apr 2004 10:59:31 -0500
> From: steve...@comcast.net
> To: gcol...@eldoks.com
> Subject: Mail Delivery (failure gcol...@eldoks.com)
> Date: Mon, 12 Apr 2004 10:56:07 -0500

And the "the city of El Dorado, Kansas!",
http://www.eldoks.com/
needs to fix their spam machine ("you sent us a virus" notices to forgery
victims are bulk unsolicited email). There is no abuse address listed for
them at abuse.net. Pick a suitable address from their contact page,
http://www.eldoks.com/contact2.html
and send them a copy of the bounce you got from them and these
two URLs:

"F-Prot: Why (some) anti-virus companies are to blame for the recent
e-mail flood.":
http://www.f-prot.com/news/gen_news/open_letter_10sept2003.html
"F-Prot: Yes, (some) antivirus companies are spammers."
http://www.f-prot.com/news/gen_news/open_letter_30jan2004.html

and point out that there are some systems that block all email from
systems that send bogus "You sent us a virus" notices to forgery victims.

--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af...@chebucto.ns.ca [=||=] (A Speech Friendly Site)
"One suspects that by now even *Nigerians* have Nigeria blacklisted ;)."
-- Jim Seymour on 419 scams, news.admin.net-abuse.email, Tue, Nov 19, 2002

dan2003

unread,
May 18, 2004, 9:20:49 AM5/18/04
to

Capn Jack Sparrow wrote:
> *Cannot seem to find this in my Panda Virus catalog. Was I spammed

> with the
> e-mail saying my computor generated this virus. Anyone help. Anyone
> heard
> of this. * This virus is a new version of the netsky virus and is often server
resident. You may not actually be sending it, but it is being sent
with your name on it. A nasty piece of work that just make you look
bad and if responded to, makes your server look worse. The best fix
(well one fix anyway) is at http://tinyurl.com/28ceo

Hope that helps....Completely Computers

--
dan2003
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message561830.html

0 new messages