Viruses

Discussion in 'Ruby' started by Peter, Sep 19, 2003.

  1. Peter

    Peter Guest

    I'm getting incredibly many virus warnings because of mails I get from
    people I've never heard of. I'm pretty sure the reason is my recent
    postings on this ruby mailing list. Could everyone with a windows pc
    please check whether his or hers pc is infected with this virus. You're
    not just disturbing me, but many others (basically everyone who has posted
    on the mailing list and whose mails are in your mailbox). The following
    page gives you information about the virus you're trying to send me
    unwillingly and tells you how to get rid of it:

    http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen

    Thanks,
    Peter
     
    Peter, Sep 19, 2003
    #1
    1. Advertising

  2. Peter wrote:
    > I'm getting incredibly many virus warnings because of mails I get from
    > people I've never heard of. I'm pretty sure the reason is my recent
    > postings on this ruby mailing list. Could everyone with a windows pc
    > please check whether his or hers pc is infected with this virus. You're
    > not just disturbing me, but many others (basically everyone who has posted
    > on the mailing list and whose mails are in your mailbox). The following
    > page gives you information about the virus you're trying to send me
    > unwillingly and tells you how to get rid of it:
    >
    > http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen
    >
    > Thanks,
    > Peter
    >
    >


    If you do a google for your email address you will see that it generates four
    entries:

    1) www.student.kuleuven.ac.be/~m9716348/mop/assignment-part2.pdf
    2) www.demuynck.org/feature/mop/task2.html
    3) www.demuynck.org/feature/mop/task1.html
    4) www.eng.kuleuven.ac.be/phd-symposium/book_of_abstracts.pdf

    This mailing list also appears in the comp.lang.ruby newsgroup as does your
    email address on the messages you posted.

    Then again it might be one of us - just not neccessarily so.
     
    Peter Hickman, Sep 19, 2003
    #2
    1. Advertising

  3. Peter

    Rasputin Guest

    * Peter Hickman <> [0949 14:49]:
    > Peter wrote:
    > >I'm getting incredibly many virus warnings because of mails I get from
    > >people I've never heard of. I'm pretty sure the reason is my recent
    > >postings on this ruby mailing list. Could everyone with a windows pc
    > >please check whether his or hers pc is infected with this virus. You're
    > >not just disturbing me, but many others (basically everyone who has posted
    > >on the mailing list and whose mails are in your mailbox). The following
    > >page gives you information about the virus you're trying to send me
    > >unwillingly and tells you how to get rid of it:
    > >
    > > http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen


    I've been getting around 1 a minute for the last twenty-four hours.
    It's not specific to this list.

    Next one liner contest is to send mails to all these users saying
    'try not to click on every attachment you get sent, stupid!'

    --
    Corrupt, adj.:
    In politics, holding an office of trust or profit.
    Rasputin :: Jack of All Trades - Master of Nuns
     
    Rasputin, Sep 19, 2003
    #3
  4. Rasputin wrote:

    >* Peter Hickman <> [0949 14:49]:
    >
    >
    >>Peter wrote:
    >>
    >>
    >>>I'm getting incredibly many virus warnings because of mails I get from
    >>>people I've never heard of. I'm pretty sure the reason is my recent
    >>>postings on this ruby mailing list. Could everyone with a windows pc
    >>>please check whether his or hers pc is infected with this virus. You're
    >>>not just disturbing me, but many others (basically everyone who has posted
    >>>on the mailing list and whose mails are in your mailbox). The following
    >>>page gives you information about the virus you're trying to send me
    >>>unwillingly and tells you how to get rid of it:
    >>>
    >>> http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen
    >>>
    >>>

    >
    >I've been getting around 1 a minute for the last twenty-four hours.
    >It's not specific to this list.
    >
    >Next one liner contest is to send mails to all these users saying
    >'try not to click on every attachment you get sent, stupid!'
    >
    >


    From Microsoft's web site:

    "Because HTML e-mails are simply web pages, IE can render them and open
    binary attachments in a way that is appropriate to their MIME types.
    However, a flaw exists in the type of processing that is specified for
    certain unusual MIME types. If an attacker created an HTML e-mail
    containing an executable attachment, then modified the MIME header
    information to specify that the attachment was one of the unusual MIME
    types that IE handles incorrectly, IE would launch the attachment
    automatically when it rendered the e-mail."


    "An attacker could use this vulnerability in either of two scenarios.
    She could host an affected HTML e-mail on a web site and try to persuade
    another user to visit it, at which point script on a web page could open
    the mail and initiate the executable. Alternatively, she could send the
    HTML mail directly to the user. In either case, the executable
    attachment, if it ran, would be limited only by user’s permissions on
    the system."

    No clicky needed! Gotta love IE5

    Michael
     
    Michael Garriss, Sep 19, 2003
    #4
  5. Peter

    Rasputin Guest

    * ahoward <> [0922 16:22]:
    > On Sat, 20 Sep 2003, Rasputin wrote:
    >
    > > * Peter Hickman <> [0949 14:49]:
    > > > Peter wrote:
    > > > >I'm getting incredibly many virus warnings because of mails I get from
    > > > >people I've never heard of. I'm pretty sure the reason is my recent
    > > > >postings on this ruby mailing list. Could everyone with a windows pc
    > > > >please check whether his or hers pc is infected with this virus.


    > > > > http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen


    > > I've been getting around 1 a minute for the last twenty-four hours.
    > > It's not specific to this list.


    > me too. any idea how to stop it? i've just got filters in pine set up for
    > now. how anoying...


    I think it depends how you get your mail.

    I run a local mail server, because I enjoy that kind of thing. So
    I'm installing exiscan with clamav to do content filtering.

    That'll
    (spamlevel.isnt_too_high? "fix it once and for all" | "grind my server to death" )

    While it's building, I'm doing simple filtering of all the mails with
    'critical' or 'microsoft' using procmail.

    Saturday I'm off to VanFest in Malvern to buy a new VolksWagen bus.

    On Monday I'm going to mail all the users in that folder and tell them
    I am their bank manager, and can they send me their credit card
    details for verification.

    Then I'm off to Cuba!

    > > Next one liner contest is to send mails to all these users saying
    > > 'try not to click on every attachment you get sent, stupid!'


    --
    The best thing about growing older is that it takes such a long time.
    Rasputin :: Jack of All Trades - Master of Nuns
     
    Rasputin, Sep 19, 2003
    #5
  6. Peter

    Ben Giddings Guest

    Rasputin wrote:
    >>>I've been getting around 1 a minute for the last twenty-four hours.
    >>>It's not specific to this list.

    >
    >
    >>me too. any idea how to stop it? i've just got filters in pine set up for
    >>now. how anoying...

    >
    > I think it depends how you get your mail.
    >
    > I run a local mail server, because I enjoy that kind of thing. So
    > I'm installing exiscan with clamav to do content filtering.


    For what it's worth, I run SpamAssassin and spent a few hours last night
    writing filters for this particular worm. I can share my filters with
    anybody that's interested.

    Ben
     
    Ben Giddings, Sep 19, 2003
    #6
  7. Peter

    Ben Giddings Guest

    David Corbin wrote:
    >>For what it's worth, I run SpamAssassin and spent a few hours last night
    >>writing filters for this particular worm. I can share my filters with
    >>anybody that's interested.
    >>
    >>Ben

    >
    >
    > please.


    http://infofiend.com/log/index.php/item/222

    For some reason I'm having trouble with the body/rawbody/full rules, but
    the subject and sender ones seem pretty good.

    Ben
     
    Ben Giddings, Sep 19, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Postmaster

    Warning: E-mail viruses detected

    Postmaster, Jul 1, 2003, in forum: Python
    Replies:
    0
    Views:
    369
    Postmaster
    Jul 1, 2003
  2. MailScanner

    Warning: E-mail viruses detected

    MailScanner, Jul 3, 2003, in forum: Python
    Replies:
    0
    Views:
    343
    MailScanner
    Jul 3, 2003
  3. MailScanner

    Warning: E-mail viruses detected

    MailScanner, Aug 19, 2003, in forum: Python
    Replies:
    0
    Views:
    414
    MailScanner
    Aug 19, 2003
  4. MailScanner

    Warning: E-mail viruses detected

    MailScanner, Aug 20, 2003, in forum: Python
    Replies:
    0
    Views:
    346
    MailScanner
    Aug 20, 2003
  5. MailScanner

    Warning: E-mail viruses detected

    MailScanner, Aug 22, 2003, in forum: Python
    Replies:
    0
    Views:
    292
    MailScanner
    Aug 22, 2003
Loading...

Share This Page