Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

worms in maillist

 [1/9] from: tomc::darkwing::uoregon::edu at: 26-Aug-2003 11:48


howdy, just a heads up. my spamassassin is catching virus (supposedly) from people on rebol lists i.e: + 701 Aug 26 [feedback--rebol--net] (102K) Re: Your application + N 706 Aug 26 [ryancole--usa--com] (102K) Re: That movie + N 707 Aug 26 [jr--prolific--com] (102K) Re: That movie so someone on the list is apt to be infected...

 [2/9] from: gchiu:compkarori at: 27-Aug-2003 10:45


Tom, This seems a little odd/inefficient that the virus is sending multiple copies of itself to the same person using different from addresses. Perhaps there are multiple persons on the list who are infected?? On Tue, 26 Aug 2003 11:48:30 -0700 (PDT) Tom Conlin <[tomc--darkwing--uoregon--edu]> wrote:
>howdy, >just a heads up.
<<quoted lines omitted: 8>>
>That movie >so someone on the list is apt to be infected...
-- Graham Chiu http://www.compkarori.com/vanilla Rebol Encyclopaedia Project and Weblog

 [3/9] from: tomc:darkwing:uoregon at: 26-Aug-2003 16:29


Hi Graham, truth can be stranger than fiction ... that is exactly what is being done. -------------------------------------------------------- Return-Path: <[feedback--rebol--net]> Received: from GIGI (lns-p19-18-82-65-116-60.adsl.proxad.net [82.65.116.60]) -------------------------------------------------------- Return-Path: <[ryancole--usa--com]> Received: from GIGI (lns-p19-18-82-65-116-60.adsl.proxad.net [82.65.116.60]) -------------------------------------------------------- Return-Path: <[jr--prolific--com]> Received: from GIGI (lns-p19-18-82-65-116-60.adsl.proxad.net [82.65.116.60]) -------------------------------------------------------- ... 12 copies between Tue, 26 Aug 2003 07:35:42 -0700 (PDT) and Tue, 26 Aug 2003 10:17:17 -0700 (PDT) they only would need one adress book to achive this pinnacle of stupity (... maybe they are hopeing to get in via a whitelist) On Wed, 27 Aug 2003, Graham Chiu wrote:

 [4/9] from: gchiu:compkarori at: 27-Aug-2003 15:03


Hi Tom, At least you've narrowed it down to one of the list members in France using ADSL :) On Tue, 26 Aug 2003 16:29:43 -0700 (PDT) Tom Conlin <[tomc--darkwing--uoregon--edu]> wrote:
>truth can be stranger than fiction ... that is exactly >what is being done.
<<quoted lines omitted: 3>>
>(lns-p19-18-82-65-116-60.adsl.proxad.net >[82.65.116.60])
-- Graham Chiu

 [5/9] from: g:santilli:tiscalinet:it at: 27-Aug-2003 9:52


Hi Tom, On Tuesday, August 26, 2003, 8:48:30 PM, you wrote: TC> so someone on the list is apt to be infected... I got some with ML people emails too, so it looks like it'd be better for everyone here to check his/her antivirus. :-) Regards, Gabriele. -- Gabriele Santilli <[g--santilli--tiscalinet--it]> -- REBOL Programmer Amiga Group Italia sez. L'Aquila --- SOON: http://www.rebol.it/

 [6/9] from: g:santilli:tiscalinet:it at: 27-Aug-2003 9:54


Hi Graham, On Wednesday, August 27, 2003, 12:45:05 AM, you wrote: GC> This seems a little odd/inefficient that the virus is GC> sending multiple copies of itself to the same person using GC> different from addresses. Actually, this virus does exactly that. We've had customers getting hundreds messages PER HOUR from the same infected person... Regards, Gabriele. -- Gabriele Santilli <[g--santilli--tiscalinet--it]> -- REBOL Programmer Amiga Group Italia sez. L'Aquila --- SOON: http://www.rebol.it/

 [7/9] from: tomc:darkwing:uoregon at: 27-Aug-2003 14:17


well got another 40+ today, these are from the same Paris, France provider. proxad.net Received: from GIGI (lns-th2-7-82-64-104-120.adsl.proxad.net [82.64.104.120]) Graham does your rebol list search engine look into the headers as well? Maybe we could narrow whodunit down further. On Wed, 27 Aug 2003, Graham Chiu wrote:

 [8/9] from: gchiu:compkarori at: 28-Aug-2003 12:02


Tom, My search engine is not up to date unfortunately, but I did scan my email archive and this did not bring up this PC "GIGI" or the ip address assigned to this user of 82.64.102.120 so I can't help identify him/her further. Perhaps a note to the ISP is in order? On Wed, 27 Aug 2003 14:17:15 -0700 (PDT) Tom Conlin <[tomc--darkwing--uoregon--edu]> wrote:
>well got another 40+ today, >these are from the same Paris, France provider. >proxad.net >
-- Graham Chiu

 [9/9] from: r3b0l:free at: 29-Aug-2003 9:53


Le 27-Août-03, vous avez écrit :
> At least you've narrowed it down to one of the list > members in France using ADSL :)
<<quoted lines omitted: 8>>
>> (lns-p19-18-82-65-116-60.adsl.proxad.net >> [82.65.116.60])
Yes i confirm, Proxad is a big french ISP (http://www.free.fr/) especially with ADSL. I you use a poor OS like Win2k/XP too, you could too initiate a virus just by browsing. So check your patches and antivirus please, especially frenchies, to avoid those lamely virus like Sobig.F and Lovesan... Note aux français : windowsien(ne)s c'est bien beau de faire la REBOLution mais pensez aussi à utiliser un vrai mailer (pas cette daube d'Outlook, une vraie passoire à "virus pour neuneus') genre Eudora ou Pegasusmail et a utiliser un antivirus à jour (sophos ou aep par ex) + appliquer les patches qui vont bien pour boucher la plupart des nombreuses failles de sécurité de windows. Le reste du monde vous remercie par avance ;-) No problem here, i use an Amiga 4000T and a Pegasos (Amiga PowerPC G3/G4 clone under MorphOS) for mail and browse. Arnaud aka bIgdAn East of France PS : i'll send an email to free support and rebolfrance website to identify the infected user (probably an email with domain free.fr or online.fr ;-) -- email : [rebol--migazone--com] or [r3b0l--free--fr] Site of the day : http://cristal.inria.fr/~harley/pint.html

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted