Email attack

Hi

Ive just received 295 emails and I dont know what the hell they are. They
have titles Like: -

Bug Report
Newest Network Security Upgrade
current internet critical update
Undelivered Message
Newest Internet Security Pack
Last Network Upgrade

They keep coming and I have no idea why, I have not tried to open them just
in case they contain a virus or something. I have not subscribed to any
news letters as far as I know.

Anyone else had this problem?

thanks for any help
Ritch

Ritch said this...

> Bug Report
> Newest Network Security Upgrade
> current internet critical update
> Undelivered Message
> Newest Internet Security Pack
> Last Network Upgrade


All part of a major virus attack happening right now, mostly junk
pretending to be MSoft upgrades. Delete them and don't worry.

--
º~ dªv¡d ~º

its a virus - your virus program should detect it and delete the message


On Sat, 20 Sep 2003 08:29:34 GMT, Groove <(E-Mail Removed)> wrote:

>Ritch said this...
>
>> Bug Report
>> Newest Network Security Upgrade
>> current internet critical update
>> Undelivered Message
>> Newest Internet Security Pack
>> Last Network Upgrade
>
>
>All part of a major virus attack happening right now, mostly junk
>pretending to be MSoft upgrades. Delete them and don't worry.

Like groove said its the latest in hoax MS viruses! some are variations of
Blaster.
Update virus scanner.

I also have a tracker to find where they actually came from

Stephen

"Linux Penguin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> its a virus - your virus program should detect it and delete the message
>
>
> On Sat, 20 Sep 2003 08:29:34 GMT, Groove <(E-Mail Removed)>
wrote:
>
> >Ritch said this...
> >
> >> Bug Report
> >> Newest Network Security Upgrade
> >> current internet critical update
> >> Undelivered Message
> >> Newest Internet Security Pack
> >> Last Network Upgrade
> >
> >
> >All part of a major virus attack happening right now, mostly junk
> >pretending to be MSoft upgrades. Delete them and don't worry.
>

Stephen said this...
> I also have a tracker to find where they actually came from

Don't they just come from random infected boxes?

--
º~ dªv¡d ~º

In article <bkh30e$8q0$(E-Mail Removed)>,
(E-Mail Removed) says...


> Ive just received 295 emails and I dont know what the hell they are.

Viruses.

And given that intended recipients are being harvested from Usenet in
the main, you ought to do something about not publishing your full email
address to such a medium.

Ritch wrote:
> Hi
>
> Ive just received 295 emails and I dont know what the hell they are.

A virus

>
> They keep coming and I have no idea why,

It's because you haven't disguised your email address for usenet posting.

I have an e-mail address I use only for usenet (as the german server I use
asks for a valid address). It's attracting 200+ of these messages a day.
My private e-mail address doesn't get any. I use POP3 Scan Mailbox to
delete them off the server.

I'm willing to bet most recipients have had their addresses harvested from
usenet.

HTH

Tim

In article <bkhdkc$1t897$(E-Mail Removed)>, timdownie2000
@yahoo.co.uk says...
> Ritch wrote:
> > Hi
> >
> > Ive just received 295 emails and I dont know what the hell they are.
>
> A virus
>
> >
> > They keep coming and I have no idea why,
>
> It's because you haven't disguised your email address for usenet posting.
>
> I have an e-mail address I use only for usenet (as the german server I use
> asks for a valid address). It's attracting 200+ of these messages a day.
> My private e-mail address doesn't get any. I use POP3 Scan Mailbox to
> delete them off the server.
>
> I'm willing to bet most recipients have had their addresses harvested from
> usenet.
>
> HTH
>
> Tim
>
>
Tim,

cis.dfn.de asks for a valid name on joing but when you're on usenet you
can change it to a 'dummy'. Might save you getting 200+ a day on a real
but unused account that you obviously watch and have to clean.
(I'm on that server too)

"Ritch" <(E-Mail Removed)> wrote before:
in <bkh30e$8q0$(E-Mail Removed)>

>Hi
>
>Ive just received 295 emails and I dont know what the hell they are.

That's just a start. I filtered about 4000 mails in the past 36 hours.
To learn more about what's going on, read here:
http://www.trendmicro.com/vinfo/viru...SWEN.A&VSect=T

To filter those mails, you need to scan the body of the mails for the
strings *undeliver* and *cumulative patch* .
The mails come in two general versions:
One pretends to be an undeliverable mail, returned to you.
(filter for *undeliver*)
The other is a faked Microsoft Support Mail that delivers a "patch".
(filter for *cumulative patch*)
The "returned" mails were never sent from your e-mail account, but the
RETURN-PATH-field in the headers may tell from what infected host they
came.
The "Microsoft" mails can only be faked, since Microsoft never _sends_
any patches nor updates to you. They would send you information on how
you can download such files, if they would send you anything at all.

regards
André
--
For e-mail use plain-text only, please.
HTML and attachments will be silently discarded.

In article <bkhdkc$1t897$(E-Mail Removed)>, Tim Downie wrote:

> It's because you haven't disguised your email address for usenet posting.
>
> I have an e-mail address I use only for usenet (as the german server I use
> asks for a valid address). It's attracting 200+ of these messages a day.
> My private e-mail address doesn't get any. I use POP3 Scan Mailbox to
> delete them off the server.
>
> I'm willing to bet most recipients have had their addresses harvested from
> usenet.

After spending hours locating and deleting the 50 or so .EXE file
attachments, I've decided to use different addresses for mail and newsgroups.
I use Virtual Access as my newsreader, which makes this easy. It also avoids
being troubled with nasties designed to attack Outlook.

--

Jock Mackirdy
Bedford