Re: [cobalt-users] Virus email

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

"webmaster@xxxxxxxxxxxx" wrote:

> Who on this list uses windows?

Just about all of us, I'd bet.

> Since this is a virus and not a
> spammer, is it possible to find out who is the originator so they can
> be told that they have it?

Yes, by looking at the headers, you can often tell who's got the virus. 
I notify people of virii in their systems often.

> These are some more headers(ONLY FROM YESTERDAY!!!):
> 
> lucia (200-191-142-253-as.acessonet.com.br [200.191.142.253])
>   0016756770 (slip-32-101-140-168.mo.us.prserv.net [32.101.140.168])
> b9802010 ([200.33.20.65])
> pavilion (defi-cas1-cs-26.dial.bright.net [216.201.30.28])
> redoct (morr-cas3-cs-57.dial.bright.net [209.143.36.211])
> b6g2y1 (ppp-3fa70952.pttv.losch.net [63.167.9.82])
> dennis (168.16.226.200.in-addr.arpa.ig.com.br [200.226.16.168] (may be forged))
> pavilion (host-12-4-134-169.acsworld.net [12.4.134.169])
> billdaly (dialup117.c.watervalley.net [216.220.141.117])
> hppav (adsl-64-218-173-108.dsl.austtx.swbell.net [64.218.173.108])
> beto ([200.222.223.199])
> rolando-s (cablelink42-153.intercable.net [207.248.42.153])
> cr13859-a (cr13859-a.hnsn1.on.wave.home.com [24.112.154.122])
> o5d9p8 ([200.61.137.212])
>   Nosferatu (claudius-asy-116.nepean.uws.edu.au [137.154.196.158])
> katm (H1-252.viptx.net [12.18.120.252])
> oemcomputer (202-154-142-247-tollfree.connections.net.nz [202.154.142.247])
> oemcomputer ([216.79.71.16])
> 
> Is the worm randomly generating this stuff or is there a way to trace it?

If they look like this, then it's junk, because headers don't look like
this.

On the same subject, I got an email with this virus ONCE and did NOT get
infected.  There's nothing like diligence.  There's no better anti-virus
program than the human mind.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205