On Mon, Sep 30, 2002 at 09:36:25PM -0700, Steve Holtzman wrote: > Paddlewisers, > > I received an email today that "appeared" to come from me. Only the > sender's email address is not mine and the message contains an > attachment with a vir*s. > > The message must have originated from a Paddlewise member's computer > because it has part of an old message that I had sent to Paddlewise. An analysis of the headers of the rogue mail Steve references shows that the message almost certainly originated from list member Grant Glazer's <grantglazer_at_clear.net.nz> computer. While not an expert on the Windoze-based viruses that would cause this, the header trace in the email message is pretty clear about its origins. Grant's system is almost certainly infected with a virus that generates spam and distributes it to addresses present in his mail reader's address book. While I don't know how Outlook handles things, Netscape Mail will, by default, gobble up the address present in all the mail passing through its Inbox, keep up to 700 of these active at any one time. The user need do nothing explicit, other than receive email, to get these addresses into the readily accessible address book file. > If you are not expecting an attachment from me and receive one, DO > NOT OPEN IT. I didn't send anything. Additionally, my computer is > checked daily and all incoming and outgoing messages are also > checked. This message, of course, did not originate on your system. Nor did it go through the PaddleWise mail server (which, if it had, would have killed the virus, as I've been told the server runs Nick Simicich's "demime" script in front of Majordomo). It went from Grant's system, to his ISP's mail server, and from there directly to the mail servers of the various targeted addresses. Yours was one. Mine another. Beyond that, I can only guess. Probably most people that have posted to PaddleWise over the last few weeks. If someone is reading their mail on a Windows system and isn't running an anti-virus program that can protect against email attached viruses, then they're asking for an eventual system implosion. Get your system a condom. Sysmantec's Norton products provide this protection feature, so too do most other anti-virus programs. The various firewall packages usually provide some level of functionality in this area, and I'm sure there is even shareware floating about that will help if you don't wish to pony up your hard earned cash (maybe check on www.tucows.com). > Please check yours and make certain that you aren't infected and > possibly infecting others. If your definitions are more than a week > old, you should update them first. All good advice. Or you could try Linux and be spared the problem (largely) entirely :-) But then if you've read my User-Agent: header, then you might guess I would say as much. None of the above is said to dump blame on Grant Glazer. I'm just elaborating on Steve's message with a fairly exact description of what happened and how. If nothing more happens than Grant delouses his systems, and a few of the less technically inclined become a little better informed, then my mission was accomplished. Just to inform, nothing more. And as a fellow list administrator, let me say this in defense of PaddleWise. The admin could do nothing whatsoever to prevent this happening. The message never passed through this list's mail server. You increase your risk of such things happening by participating (not simply reading) email discussion lists, but not much more so than if you exchange a lot of email with family, friends, and coworkers. -- James W. Durkin jwd_at_phonogram.net *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************Received on Tue Oct 01 2002 - 08:16:25 PDT
This archive was generated by hypermail 2.4.0 : Thu Aug 21 2025 - 16:31:00 PDT