virus attack

"daytripper" wrote in message
...

"Anybody who has posted to a newsgroup with a non-munged address is a
prime
target for this worm.

According to SARC, the worm gets the target email addresses by:
Searches .html, .asp, .eml, .dbx, .wab, .mbx files on the hard disk for
email addresses.

If a victim of the worm uses Outlook Express (ugh!) to read newsgroups,
the newsgroup headers are stored in a .dbx file."

/daytripper (doubt it'll help, but it might 'splain a few thing ;-)

Thanks for that, 'tripper.

--Stan (munged all the time and loving it)

On Fri, 19 Sep 2003 18:17:06 GMT, "Ernie" NO_
wrote:

Several years ago I saw an article that said if you put 1000 as you first
address in your address book the worm tries to access the addresses and
stops when it hits 1000. I don't know if this still works or not, but I
have kept it in mine. Of course this doesn't prevent your receiving the
messages, but it prevents the worm from using your computer to send them.
Ernie


That was one particular worm, Ernie, about three years ago iirc. The quick
defense was indeed to stick (I think it was actually) 100 bogus entries at the
"alphabetic beginning" of your address book, as the worm would only source the
first 100 entries.

The worms of Aught Three have been much more aggressive, with this latest one
searching through a whole library of different files on the user's system
looking for email addresses to propagate itself.

Nasty and unrestrained...

/daytripper (That's ok in a chick, but pretty bad for networking ;-)

"Mark W. Oots" wrote...

"Tim J." wrote...

http://www.mailwasher.net/ or some other email preview & filtering
software.
--

Tim,

I just tried this....Cool!

It seems to work pretty good, we'll see what happens when a bunch of emails
bounce.....

It's not considered very wise in some circles (mine now, too) to bounce
messages. When you bounce them you just use more bandwidth and are probably not
doing any good anyway, since spammers always spam and run to the next email
addy. I now just blacklist (just in case they stick around for more than one
spamming session) and delete. I also don't hesitate to create new filters as
needed.

I receive over 100 emails a day, and 80% are garbage, some of them from valued
clients. ;-) This program has been wonderful in increasing my productiv. . .
er, freeing up time for fishing.
--
TL,
Tim
http://css.sbcma.com/timj

Okay, how do you munge your account?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003

"Wayne Harrison" wrote in message
...
calling all geeks! i am being nearly overwhelmed by emails from an
obviously sham microsoft announcement encouraging the recipient to open an
attachment that no doubt contains a virus. the damn things are coming in
at
the rate of about thirty an hour.

where does one go for a stop to this?

yfitons
wayno


I'm getting about 20 an hour and all on the account I use for
Usenet.....somebody opened something....

Mark

actually...it's a well-known worm that's been resurrected and improved.
symantech's web site has a good description. it gets address books
too, not just newsgroup addys...so, unless everybody has munged your
address, you're fukked. i looked at some of the source header info on
one of the *******s, and it showed a lot of you boyz in the e-addresses
listed. frankly, it's fascinating that so much intelligence and work
and imagination went into writing the code, but the twisted psychoses
connected to it all must be staggering...

jeff

Sierra fisher wrote:
Okay, how do you munge your account?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003

"Jeff Miller" wrote in message
news:REMab.184$sp2.16@lakeread04...
actually...it's a well-known worm that's been resurrected and improved.
symantech's web site has a good description. it gets address books
too, not just newsgroup addys...so, unless everybody has munged your
address, you're fukked. i looked at some of the source header info on
one of the *******s, and it showed a lot of you boyz in the e-addresses
listed. frankly, it's fascinating that so much intelligence and work
and imagination went into writing the code, but the twisted psychoses
connected to it all must be staggering...

jeff

Jeff, if you saw my name on that list please let me know, so that I can have
this thing exorcised!

Op

your name was in red... not sure what that meant, but you ain't gotta
spell "redrum" on a mirror to get my attention...

ffej

Guyz-N-Flyz wrote:

"Jeff Miller" wrote in message
news:REMab.184$sp2.16@lakeread04...

actually...it's a well-known worm that's been resurrected and improved.
symantech's web site has a good description. it gets address books
too, not just newsgroup addys...so, unless everybody has munged your
address, you're fukked. i looked at some of the source header info on
one of the *******s, and it showed a lot of you boyz in the e-addresses
listed. frankly, it's fascinating that so much intelligence and work
and imagination went into writing the code, but the twisted psychoses
connected to it all must be staggering...

jeff


Jeff, if you saw my name on that list please let me know, so that I can have
this thing exorcised!

Op

"Sierra fisher" wrote in message
...
Okay, how do you munge your account?

In Outlook Express 6, Tools/Accounts and pick your news account and go to
properties. Add ".remove.invalid' (no quotes...) to your email address
and/or reply address. There are other ways, but the '.invalid' is a good
thing to use because mail routers know enough to discard those. Using an
email address with a valid domain name (the stuff after the '@' sign) causes
extra traffic potentially causing delivery attempts to some domain that
doesn't want to see your bounced emails. A really bad thing to do is to use
a real domain name that is not your own.

When you munge your address like that, it's nice it the problem is
self-documenting or you can optionally add a sig line telling people how to
fix your address.

Note that some news servers have a policy of requiring a valid
reply-address. Most do not.

--Stan

In article , says...
just spent 1 hr, 2 mins, and 56 seconds receiving bull**** on the
home system......

makes ya rethink yer death penalty stance, eh wayno?

--waldo..... guillotine sounds appropriate for the fukkin
*******s.....


Only if you file the edge off so its good and blunt...
and then work your way from the toes up...

Arrr!
Bloody Davey Kidd