Connect with us

Worm and Virus attack

Discussion in 'Electronic Design' started by Aubrey McIntosh, Sep 19, 2003.

Scroll to continue with content
  1. I have received almost 700 copies of worm or virus mail to this
    account in the past 24 hours.

    This has been the GIBE virus, the new "returned mail" item.

    Anyone else?
  2. Don Pearce

    Don Pearce Guest

    Everyone. At 700 you have come off lightly.


  3. Don Pearce wrote...
    I got over 1000 at home this morning, over 450 of them
    arriving in a single 5 minute period at about 0640 EST.
    Strangely, I got almost none at my work email.

    - Win
  4. Rather: everyone who uses an email address on Usenet, or at least on these
    groups. It does not appear to be hitting anyone else I've talked to.

    I think the observation that "SWEN" is "NEWS" backwards is apropos.

    Why people insist on defecating in their own beds is beyond me. I look
    forward to the day when the kids get bored with this pastime.
  5. I have received almost 700 copies of worm or virus mail to this
    Count is up to about 150 at moment, currently running at about 3 or 4 every
    20 minutes. I'll gladly lend my services to apply an Irish adjuster to the
    perpetrators PC.
  6. Jim Thompson

    Jim Thompson Guest

    Those of us running Eudora got NONE ;-)

    ...Jim Thompson
  7. Jim Thompson wrote...
    It has nothing to do with what email client you're
    running. As it happens I've been using The BAT at
    home (and Netscape at work).

    The BAT is a standards-based email program that
    won't do _any_ type of automatic execution, which is
    probably what you're thinking of. But this doesn't
    protect you from getting a flood of email if some
    computers out there should turn their firehoses on
    you! Watch out!

    - Win
  8. I have the opposite experience. I wnet in to work this morning for the
    first time since Monday AM. I spent 5 minutes hitting the delete key. At
    home nothing. It may be due to the fact that the address you see with this
    message is false, and the work address is in the clear.
  9. John Larkin

    John Larkin Guest

    Netscape, none, but I don't see how one's email client affects this.
    At least with Netscape, unopened mail doesn't execute.

    What do the virus messages look like?

  10. Jim Thompson

    Jim Thompson Guest

    Eudora's address book isn't hijackable as Outhouse Excuse's is.

    Although I suppose I could get listed in someone's Outhouse address
    book... it's not likely... I have no friends ;-)

    ...Jim Thompson

    A lot of them look like the "Microsoft" message that starts about
    halfway down the above page. Or a fake bounced e-mail message.

    I've gotten about 1500 of them (at 140K+ each) in the last 30 hours.
    8-( Of course I'm not about to execute an unknown file, but it's
    clogging things up like a mailbomb attack- and some incoming mails got
    bounced overnight.

    Best regards,
    Spehro Pefhany
  12. They're about 150K with a subject or From: indicating that these
    are M$ "fixes". Thay call what they do to male cats-n-dogs
    getting "fixed" too.
    Doesn't matter. I don't use outhouse. I don't have the virus,
    but someone who has my email address in their address book
    certainly does.
    I'll forward you a copy, if you fell left out...
  13. Siol

    Siol Guest

    I got none, its got to be e-mails harvested from Usenet (my email is not listed).

  14. Steve Wertz

    Steve Wertz Guest

    Mine hasn't either, but several forms of my email have such as:

    Plus I've also embedded my address in some article bodies.

    Somebody must be doing some scrubbing of the addresses, becaise I've
    received about 40 (messages saying a message was rejected at my ISP).

    By dissimenating it to people who use USENET, the hackers get great
    feedback about the headaches they're causing. The Troll Syndrome.

  15. Hint: It's called "Swen".

    Best regards,
    Spehro Pefhany
  16. Jim Thompson

    Jim Thompson Guest

    I suspect that here Cox Communications is stopping it all... I note
    that outbound E-mail is posting *very* slowly.

    ...Jim Thompson
  17. Active8

    Active8 Guest

    i see linux systems weren't affected nor DOS or, suprisingly, MS IIS. i
    swear these attacks only happen *after* ms posts a security bulletin.
    then the script kiddies go to work figuring that people don't check for
    updates and apply them.

    for the past week, i've only had two e-mail spams sitting on the ISPs
    server. i didn't download them, i just saw them in mailwasher -

    i just got in and there were an additional 55 on the server. one of them
    came from someone i know who most likely has me in her address book
    which will be outhouse excuse as Jim calls it - i like that.

    i'll use mailwasher to bounce them as invalid address. i see one money
    making spam *may* have been harvested from usenet assuming it stripped
    the "invalid" off the end of my posting addy. that would have happened
    (and it's dated a week or so ago) before i further obfuscated my addy.
    it has an opt out.

    the flood:

    i see one has gekjau.exe attached. it's from

    "Internet Message System" <>

    an undeliverable message. i didn't send jack so nothing can be returned.

    another "undeliverable" with

    Content-Type: audio/x-wav; name="gsfoego.exe" i can see the MIME type
    causing that to get run, but not here. i'm covered.

    both are 800 lines - see the pattern?

    another one with

    Content-Type: audio/x-wav; name="ccihsep.scr"

    an executable screensaver

    there's more "returned" mails but i also have a slew of those ms
    security updates and other ms crap. i usually don't get so many of
    those. maybe 1 a month (cause i bounce, not delete.) no exe files
    attached but the ones i checked are all 800 lines. hmmm... what's with
    800 lines?

    i see a lot of "MS" crap which is *not* the update ruse, but returned
    mail with exe files.

    i think i'll leave the stuff on the ISPs server and let them examine it,
    unless they tell me to go ahead and bounce it. nice feature - they have
    online chat support.

    well earthlink doesn't care. so much for trying to help them. they said
    to contact MS. f MS. i'm not infected. sarc will find the bastard,

    looks like i got off easy on this flood, so far. sorry to hear others
    got hammered.

  18. Active8

    Active8 Guest

    too bad the free Eudora is spyware. not sure about the not free one, if
    there is such a thing.

  19. Active8

    Active8 Guest

    thanks for the BAT tip. i'll have to see if pegasus mail auto executes
    and check out BAT. that was an easy google.

Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day