[mythtv-users] OT: virus going about?
Ian Armstrong
mail01 at iarmst.co.uk
Sun Sep 26 11:34:55 EDT 2004
On Sunday 26 Sep 2004 14:22, Charlie Brej wrote:
> Craig Tinson wrote:
> > hey guys.. this is wierd..
> >
> > woke up this morning to two virus's (am presuming) in my inbox.. they
> > just plain emails with zip files attached...
> >
> > one is from : 200409182149.00869.jcw at wilsonet.com
> > and the other from: 8.1080802 at forevermore.net
> >
> > those two look familiar.. one I know is jarods domain and isn't the
> > other the nuxexport site?
> >
> > just thought it was wierd.. anyone else got these?
>
> I got about 20 a week ago and another 20 today. It seems very burstish.
> They try to go for random number based email accounts with zip, exe and src
> files. Often with very long filenames so you don't see the extension.
I got home this morning and also found another 20 warnings in my inbox. It's
being reported as W32/Netsky.P at mm and looking at the headers points to a user
on adelphia.net (69-170-120-79.clspco.adelphia.net to be precise). My current
tally for this user is 59 infected mails starting on 18 Sept.
> If anyone could write a sendmail line to bounce them away dependent on the
> silly return address I would be grateful.
Todays run also had legitimate From addresses. Given that most virus laden
emails give a false From/Return address it's best not to bounce. On my setup
(QMail/SpamAssassin/F-Prot) they get quarantined on the mail-server & email
notification is sent to me.
--
Ian
More information about the mythtv-users
mailing list