help! suspicious emails
Discussion
Ive just opened my inbox, ad have emails from:
r.massey@dailymail.co.uk
fifthgear@five.tv
mailsweeper@glasgow.newquest.co.uk
lallen@dataforce.co.uk
Two of them have attachments along with the text "The message contains Unicode characters and has been sent as a binary attachment."
the other two have no attachments but are suggesting that i have ent them something, i.e. "Thank you for taking the trouble to send your e-mail.
It will be read with interest, although personal replies
cannot be guaranteed"
Sounds like a virus to me....i have not opened the attachments....am i ok to just delete the emails?
r.massey@dailymail.co.uk
fifthgear@five.tv
mailsweeper@glasgow.newquest.co.uk
lallen@dataforce.co.uk
Two of them have attachments along with the text "The message contains Unicode characters and has been sent as a binary attachment."
the other two have no attachments but are suggesting that i have ent them something, i.e. "Thank you for taking the trouble to send your e-mail.
It will be read with interest, although personal replies
cannot be guaranteed"
Sounds like a virus to me....i have not opened the attachments....am i ok to just delete the emails?
DELETE! Don't open at all!!! This is the virus that was in the news yesterday, seems to have infected some people you've had contact with in the past. More here:
http://news.bbc.co.uk/1/hi/technology/3439959.stm
Tony
http://news.bbc.co.uk/1/hi/technology/3439959.stm
Tony
You need to open the attachment on this one for the virus to activate - the preview pane doesn't appear to be a risk, at least not in Outlook proper.
<random names>@<my domain> appears to be one of the thing that's used as a spoofed from: address so, like Ted, I'm getting bounces (and my mail system then tries to bounce the bounce as it comes in to a nonexistent user here).
Where they get their random list of from: domains from I don't know.
<random names>@<my domain> appears to be one of the thing that's used as a spoofed from: address so, like Ted, I'm getting bounces (and my mail system then tries to bounce the bounce as it comes in to a nonexistent user here).
Where they get their random list of from: domains from I don't know.
Marshy said:
Where they get their random list of from: domains from I don't know.
some are preprogrammed into the virus IIRC (hotmail, aol etc) but the rest are picked up from your address book and temporary internet files.....
We've now stopped over 4 and a half million copies of MyDoom
I've opened one of them, but it just shows some sort of binary code (do not try this with MS Windows):
email said:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
***@oldhouseweb.com
no such address here
------ This is a copy of the message, including all the headers. ------
Return-path: <***@web.de>
Received: from [80.128.71.241] (helo=web.de)
by hosting.pinetreeinternet.com with esmtp (Exim 4.24)
id 1Am3K5-0002jE-5e
for ***@oldhouseweb.com; Wed, 28 Jan 2004 22:58:33 -0500
From: ***@web.de
To: ***@oldhouseweb.com
Subject: Mail Transaction Failed
Date: Thu, 29 Jan 2004 04:58:16 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_73637DDC.845E3CF5"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <E1Am3K5-0002jE-5e@hosting.pinetreeinternet.com>
This is a multi-part message in MIME format.
------=_NextPart_000_0009_73637DDC.845E3CF5
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
------=_NextPart_000_0009_73637DDC.845E3CF5
Content-Type: application/octet-stream;
name="readme.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="readme.zip"
UEsDBAoAAAAAAEgfPTCwFOBrAlgAAAJYAAAKAAAAcmVhZG1lLnBpZk1akAADAAAABAAAAP//AAC4
AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQMAAAAAAAAAAAAAAAAA
4AAPAQsBBwAAUAAAABAAAABgAABgvgAAAHAAAADAAAAAAEoAABAAAAACAAAEAAAAAAAAAAQAAAAA
AAAAANAAAAAQAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA6MEAADAB
etc. etc.
------=_NextPart_000_0009_73637DDC.845E3CF5--
You have one of these: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
Anti-Virus software that isn't updated is worthless. Had you opened the attachment, you'd have been playing you part in propagating the virus around the world. Some viruses don't even need to be opened. So *please* stump up the £10 a year to keep you and your friends free of it!
Edited to add: I've caught 40 Novargs in 24 hours...and I'm just a home user.
>> Edited by simpo two on Thursday 29th January 12:29
Anti-Virus software that isn't updated is worthless. Had you opened the attachment, you'd have been playing you part in propagating the virus around the world. Some viruses don't even need to be opened. So *please* stump up the £10 a year to keep you and your friends free of it!
Edited to add: I've caught 40 Novargs in 24 hours...and I'm just a home user.
>> Edited by simpo two on Thursday 29th January 12:29
simpo two said:
You have one of these: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
Anti-Virus software that isn't updated is worthless. Had you opened the attachment, you'd have been playing you part in propagating the virus around the world. Some viruses don't even need to be opened. So *please* stump up the £10 a year to keep you and your friends free of it!
Edited to add: I've caught 40 Novargs in 24 hours...and I'm just a home user.
>> Edited by simpo two on Thursday 29th January 12:29
Cheers, Simpo. The *.zip file hasn't been executed because the worm hasn't been compiled for my Linux machine.
I've stumped up €50 for a Linux distribution that has AV software and its updates included (just in case there will be a virus or worm for Linux systems around).
>> Edited to correct link in quote
>> Edited by Bodo on Thursday 29th January 12:38
TheHobbit said:
Where they get their random list of from: domains from I don't know.
some are preprogrammed into the virus IIRC (hotmail, aol etc) but the rest are picked up from your address book and temporary internet files.....
By "your" I assume you mean the address book of the infected party, not me
One of my domains is hatstand.org. I'm getting bounces as a result of spoofed virus mails sent alleged to be from <various users>@hatstand.org. The interesting thing is that the <various users> are people that have never ever existed under the hatstand.org domain, and therefore won't have been harvested from anyone's address book.
And it's only hatstand.org that's exhibiting this behaviour: the other, er, five or so domains that I have haven't been used as spoofed sources.
In other words, the virus is picking random domains, and then using preprogrammed user names in that domain to use as the spoofed source address.
Probably
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff