[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Getting Mail Bombed!
- Subject: Re: [cobalt-users] Getting Mail Bombed!
- From: Michael <mike@xxxxxxxxxx>
- Date: Sun Jul 22 10:41:10 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
At 04:24 PM 7/22/2001 -0700, you wrote:
>----- Original Message -----
>From: "Michael" <mike@xxxxxxxxxx>
>To: <cobalt-users@xxxxxxxxxxxxxxx>
>Sent: Sunday, July 22, 2001 2:24 PM
>Subject: Re: [cobalt-users] Getting Mail Bombed!
>
>
>> No no you don't understand. I am not sending OUT these messages as I
>would if infected, instead I am RECEIVING them.
>>
>> How do I get the rack to reject these? I bet its tough since it is coming
>from infected files!
>>
>>
>>
>> At 02:08 PM 7/22/2001 -0400, you wrote:
>> >Here's the fix ! You have a Virus probably !!
>> >
>> >http://www.mcafee.com/anti-virus/viruses/sircam/
>> >
>> >About 30 or so steps to fix it !!!
>> >
>> >Happened to me, and was all fixed up in about 10 mins.
>> >
>> >Cheers, Lennie Core
>> >
>> >
>> >> ANY help on getting rid of this would rock!
>> >>
>> >> Below is a sample header from one of them. They are coming from many
>differenent sources, so it is more than simply adding their names to deny
>from...
>> >>
>> >>
>> >>
>> >> Return-Path: <marcelapujol@xxxxxxxxxxxxxxx>
>> >> Received: from mail.fibertel.com.ar (mta1.fibertel.com.ar
>[24.232.0.161])
>> >> by www.astrology-online.com (8.10.2/8.10.2) with ESMTP id
>f6MGBgc05310
>> >> for <webmaster@xxxxxxxxxxxxxxxxxxxx>; Sun, 22 Jul 2001
>11:11:43 -0500
>> >> Received: from computer.fibertel.com.ar (24.232.133.74) by
>mail.fibertel.com.ar (5.1.056)
>> >> id 3B599C5C0002E84D for webmaster@xxxxxxxxxxxxxxxxxxxx; Sun, 22
>Jul 2001 13:02:14 -0300
>> >> Message-ID: <3B599C5C0002E84D@xxxxxxxxxxxxxxxxxxxx> (added by
>postmaster@xxxxxxxxxxxxxxx)
>> >> From: "Marcela Pujol"<marcelapujol@xxxxxxxxxxxxxxx>
>> >> To: webmaster@xxxxxxxxxxxxxxxxxxxx
>> >> Subject: QueDiostebendigasiempre
>> >> date: Sun, 22 Jul 2001 12:56:59 -0300
>> >> MIME-Version: 1.0
>> >> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
>> >> X-Mailer: Microsoft Outlook Express 5.50.4133.2400
>> >> Content-Type: multipart/mixed;
>boundary="----1A73EB0F_Outlook_Express_message_boundary"
>> >> Content-Disposition: Multipart message
>> >> X-UIDL: *d*"!Gj!"!6cR"!p=E"!
>> >>
>> >> Content-Type: text/plain; charset=ISO-8859-1
>> >> Content-Transfer-Encoding: quoted-printable
>> >> Content-Disposition: message text
>> >>
>> >> Hola como estas =3F
>> >>
>> >> Te mando este archivo para que me des tu punto de vista
>> >>
>I agree that it appears to be a viral attack. Is it possible that you (or a
>user on a list related to <webmaster@xxxxxxxxxxxxxxxxxxxx>) is using a
>windows box, the windows box becoming infected, the infection spreading to
>your maillist or address book, and then returning to you as all of these
>newly infected machines return the faor, trying to infect you?
>
>If it originated from your box, clean it now, if it went through a maillist
>on your cobalt, fet a virus filter for the cobalt.
>
>Just think of the possibilities
>Bill
One more thing, not only did I find no trace of it on my system, but everyone on my rack uses EUDORA and the header says its all being sent from outlook express...