I have received almost 700 copies of worm or virus mail to this
account in the past 24 hours.
This has been the GIBE virus, the new "returned mail" item.
Anyone else?
i see linux systems weren't affected nor DOS or, suprisingly, MS IIS. i
swear these attacks only happen *after* ms posts a security bulletin.
then the script kiddies go to work figuring that people don't check for
updates and apply them.
for the past week, i've only had two e-mail spams sitting on the ISPs
server. i didn't download them, i just saw them in mailwasher -
www.mailwasher.net
i just got in and there were an additional 55 on the server. one of them
came from someone i know who most likely has me in her address book
which will be outhouse excuse as Jim calls it - i like that.
i'll use mailwasher to bounce them as invalid address. i see one money
making spam *may* have been harvested from usenet assuming it stripped
the "invalid" off the end of my posting addy. that would have happened
(and it's dated a week or so ago) before i further obfuscated my addy.
it has an opt out.
the flood:
i see one has gekjau.exe attached. it's from
"Internet Message System" <
[email protected]>
an undeliverable message. i didn't send jack so nothing can be returned.
another "undeliverable" with
Content-Type: audio/x-wav; name="gsfoego.exe" i can see the MIME type
causing that to get run, but not here. i'm covered.
both are 800 lines - see the pattern?
another one with
Content-Type: audio/x-wav; name="ccihsep.scr"
an executable screensaver
there's more "returned" mails but i also have a slew of those ms
security updates and other ms crap. i usually don't get so many of
those. maybe 1 a month (cause i bounce, not delete.) no exe files
attached but the ones i checked are all 800 lines. hmmm... what's with
800 lines?
i see a lot of "MS" crap which is *not* the update ruse, but returned
mail with exe files.
i think i'll leave the stuff on the ISPs server and let them examine it,
unless they tell me to go ahead and bounce it. nice feature - they have
online chat support.
well earthlink doesn't care. so much for trying to help them. they said
to contact MS. f MS. i'm not infected. sarc will find the bastard,
maybe.
looks like i got off easy on this flood, so far. sorry to hear others
got hammered.
mike