[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Virus email

Subject: Re: [cobalt-users] Virus email
From: "webmaster@xxxxxxxxxxxx" <webmaster@xxxxxxxxxxxx>
Date: Thu Dec 14 09:41:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"webmaster@xxxxxxxxxxxx" wrote:

 Who on this list uses windows?


Just about all of us, I'd bet.


I guess I need to start using a "<smile>" or "<sarcasm>"

 > Since this is a virus and not a

 spammer, is it possible to find out who is the originator so they can
 be told that they have it?


Yes, by looking at the headers, you can often tell who's got the virus.
I notify people of virii in their systems often.


That's what I'm looking for help to try to do.

 > These are some more headers(ONLY FROM YESTERDAY!!!):


 lucia (200-191-142-253-as.acessonet.com.br [200.191.142.253])
   0016756770 (slip-32-101-140-168.mo.us.prserv.net [32.101.140.168])
 b9802010 ([200.33.20.65])

 > pavilion (defi-cas1-cs-26.dial.bright.net [216.201.30.28])
. . .
 > Is the worm randomly generating this stuff or is there a way to trace it?

If they look like this, then it's junk, because headers don't look like
this.

I didn't want to enclose the complete header because the messagewould have been lengthy and I had previously included one in a prioremail, so I just included the ips hoping someone would see theirs ifit wasn't forged.


Here's another complete one:
Return-Path: <>

Received: from 0016756770 (slip-32-101-140-168.mo.us.prserv.net[32.101.140.168])

	by www.musicnn.com (8.9.3/8.9.3) with SMTP id WAA19644
	for <webmaster@xxxxxxxxxxxxx>; Wed, 13 Dec 2000 22:36:55 -0400
Date: Wed, 13 Dec 2000 22:36:55 -0400
Message-Id: <200012140236.WAA19644@xxxxxxxxxxxxxxx>
From: Hahaha <hahaha@xxxxxxxxxxx>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE8XYBOXA7KTER01MJ4L6B4TI7"
X-UIDL: *5$#!W6%#!N(I!!&Xg!!

On the same subject, I got an email with this virus ONCE and did NOT get
infected.  There's nothing like diligence.  There's no better anti-virus
program than the human mind.

I've been getting about 10/day and don't believe I'm infected. Ofcourse the machines on my desktop are two macs and a FreeBSD box.



Howard Sacks
webmaster@xxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] Virus email
  - From: Jeff Lasman

References:
- [cobalt-users] Sun and Raq and the Virus email
  - From: Alfredo
- Re: [cobalt-users] <Sun and Raq and the> Virus email
  - From: Graeme Fowler
- Re: [cobalt-users] Virus email
  - From: webmaster@xxxxxxxxxxxx
- Re: [cobalt-users] Virus email
  - From: Jeff Lasman

Prev by Date: [cobalt-users] RE: htaccess
Next by Date: RE: [cobalt-users] Spam From Cobalt
Previous by thread: Re: [cobalt-users] Virus email
Next by thread: Re: [cobalt-users] Virus email

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index