[rescue] Crazy viruses from the list...
Patrick Giagnocavo +1.717.201.3366
patrick at zill.net
Mon May 24 11:31:37 CDT 2004
On Mon, May 24, 2004 at 12:45:40PM -0400, William Enestvedt wrote:
> Thomas Gallaway wrote:
> >
> > I dont know but I have within the last 2 hours received 4 viruses
> > from [an email address that's probably only for this list.]. All
> > of wich originated from
> >
> > Received: from 19-02.com (gtw13-2.esc13.net [170.76.20.253])
> >
> I just got two more virus-laden email messages; their headers include
> "<20040112131716.ga7951 at jdboyd.zill.net>" and "[170.76.20.253]" (which
> is a group named AcNet Gobierno Mexicano who changed their DNS record a
> week ago). The attachment, Your_money.vbs, was dropped by our mail
> system.
This is a virus that randomly spoofs From: headers. It spreads by
reading Outlook's address book then spoofing itself as one of the
addresses listed there.
I have found it very difficult to trace these back to the infected box.
The procmail anti-virus script (look on freshmeat.net) I have found to
be helpful. Along with runing Mutt :-)
Cordially
--
+--------------------------------------------------+
| Patrick Giagnocavo, patrick at zill.net |
| Zill.Net - OpenACS, Postgres, Web hosting |
| OpenACS v4 shared server $49.95/month |
| Colocation w/50GB transfer $79.00/month |
| Managed servers (incl. system) $225/month |
+--------------------------------------------------+
More information about the rescue
mailing list