[Comphelp] Scary!!!

Brad Robertson brad.robertson@att.net
Fri, 16 Apr 2004 14:43:13 -0400 

This is a multi-part message in MIME format.
--------------080504060206080905010605
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Sounds like the netsky worm in action.  Symantic has a good write up on 
it.  It takes addresses from files on the pc (including cached web 
pages.)  See:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.c@mm.html?Open

On one account, we get about 20-30 email per day because of the worm.

Brad Robertson


Jim Williams wrote:

> Over time you will probably see a lot of these.  A message was sent to 
> this location in which your name was "spoofed" as the "From" address.  
> Whoever has the virus that sent this location the message has your 
> name in their address book.  Since the message was sent (by another 
> computer) with your name spoofed as the from address, the failure 
> message was sent back to you.
>
> At 01:05 PM 4/16/04, you wrote:
>
>> Talking of purloined "From" addresses, I got this message the other 
>> day, supposedly from the address " 
>> PageUp_Virus_Gateway2@pageup.com.au" with the following message:
>> Content violation found in email message.
>>
>> "From: tonyb@writeme.com
>> To: deborahm@pageup.com.au
>>
>> File(s): game_xxo.pif
>>
>> Matching filename: *.pif "
>>
>>  I don't have " deborahm@pageup.com.au " in my address book, never 
>> heard of her and I don't own that ".pif" file.  What's going on 
>> here??  Anyone have a clue?
>> PS: my Email client is Eudora 6.01 and I use a local ISP.  My 
>> computer is a Gateway EV700 running Windows XP
>>
>>
>> =;-}) Tony Biegen {:-})   
>> Voice/FAX: (516) 797-0464
>> EMail: tonyb@writeme.com
>> <||:-)) "You can't shake hands with a clenched fist!"  Golda Meir
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> _______________________________________________ Need to subscribe, 
> unsubscribe or change your email address? See 
> www.usps.org/mailman/listinfo/comphelp for details. 


--------------080504060206080905010605
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Sounds like the netsky worm in action.&nbsp; Symantic has a good write up on
it.&nbsp; It takes addresses from files on the pc (including cached web
pages.)&nbsp; See:<br>
<a class="moz-txt-link-freetext" href="http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.c@mm.html?Open">http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.c@mm.html?Open</a><br>
<br>
On one account, we get about 20-30 email per day because of the worm.<br>
<br>
Brad Robertson<br>
<br>
<br>
Jim Williams wrote:<br>
<blockquote type="cite"
 cite="mid6.0.3.0.2.20040416131742.02a66a10@pop.voyager.net">Over time
you will probably see a lot of these.&nbsp; A message was sent
to this location in which your name was "spoofed" as the
"From" address.&nbsp; Whoever has the virus that sent this
location the message has your name in their address book.&nbsp; Since the
message was sent (by another computer) with your name spoofed as the
from
address, the failure message was sent back to you.<br>
  <br>
At 01:05 PM 4/16/04, you wrote:<br>
  <blockquote type="cite" class="cite" cite="">Talking of purloined
"From" addresses, I got this message the other day, supposedly
from the address " <a class="moz-txt-link-abbreviated" href="mailto:PageUp_Virus_Gateway2@pageup.com.au">PageUp_Virus_Gateway2@pageup.com.au</a>" with
the following message:<br>
Content violation found in email message.<br>
    <br>
"From: <a class="moz-txt-link-abbreviated" href="mailto:tonyb@writeme.com">tonyb@writeme.com</a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:deborahm@pageup.com.au">deborahm@pageup.com.au</a><br>
    <br>
File(s): game_xxo.pif<br>
    <br>
Matching filename: *.pif "<br>
    <br>
&nbsp;I don't have " <a class="moz-txt-link-abbreviated" href="mailto:deborahm@pageup.com.au">deborahm@pageup.com.au</a> " in my address
book, never heard of her and I don't own that ".pif"
file.&nbsp; What's going on here??&nbsp; Anyone have a clue?<br>
PS: my Email client is Eudora 6.01 and I use a local ISP.&nbsp; My
computer is a Gateway EV700 running Windows XP<br>
    <br>
    <br>
    <font color="#0000ff">=;-}) Tony Biegen {:-})&nbsp;&nbsp;&nbsp; <br>
Voice/FAX: (516) 797-0464 <br>
    </font><font color="#ff0000">EMail:
<a class="moz-txt-link-abbreviated" href="mailto:tonyb@writeme.com">tonyb@writeme.com</a></font><font color="#0000ff"> <br>
&lt;||:-)) "You can't shake hands with a clenched fist!"&nbsp;
Golda Meir<br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    </font></blockquote>
  <br>
_______________________________________________
Need to subscribe, unsubscribe or change your email address? See
<a class="moz-txt-link-abbreviated" href="http://www.usps.org/mailman/listinfo/comphelp">www.usps.org/mailman/listinfo/comphelp</a> for details.
</blockquote>
</body>
</html>

--------------080504060206080905010605--