Viruses

P

Peter

I'm getting incredibly many virus warnings because of mails I get from
people I've never heard of. I'm pretty sure the reason is my recent
postings on this ruby mailing list. Could everyone with a windows pc
please check whether his or hers pc is infected with this virus. You're
not just disturbing me, but many others (basically everyone who has posted
on the mailing list and whose mails are in your mailbox). The following
page gives you information about the virus you're trying to send me
unwillingly and tells you how to get rid of it:

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen

Thanks,
Peter
 
P

Peter Hickman

Peter said:
I'm getting incredibly many virus warnings because of mails I get from
people I've never heard of. I'm pretty sure the reason is my recent
postings on this ruby mailing list. Could everyone with a windows pc
please check whether his or hers pc is infected with this virus. You're
not just disturbing me, but many others (basically everyone who has posted
on the mailing list and whose mails are in your mailbox). The following
page gives you information about the virus you're trying to send me
unwillingly and tells you how to get rid of it:

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen

Thanks,
Peter
Click to expand...

If you do a google for your email address you will see that it generates four
entries:

1) www.student.kuleuven.ac.be/~m9716348/mop/assignment-part2.pdf
2) www.demuynck.org/feature/mop/task2.html
3) www.demuynck.org/feature/mop/task1.html
4) www.eng.kuleuven.ac.be/phd-symposium/book_of_abstracts.pdf

This mailing list also appears in the comp.lang.ruby newsgroup as does your
email address on the messages you posted.

Then again it might be one of us - just not neccessarily so.
 
R

Rasputin

I've been getting around 1 a minute for the last twenty-four hours.
It's not specific to this list.

Next one liner contest is to send mails to all these users saying
'try not to click on every attachment you get sent, stupid!'
 
M

Michael Garriss

Rasputin said:
I've been getting around 1 a minute for the last twenty-four hours.
It's not specific to this list.

Next one liner contest is to send mails to all these users saying
'try not to click on every attachment you get sent, stupid!'
Click to expand...

From Microsoft's web site:

"Because HTML e-mails are simply web pages, IE can render them and open
binary attachments in a way that is appropriate to their MIME types.
However, a flaw exists in the type of processing that is specified for
certain unusual MIME types. If an attacker created an HTML e-mail
containing an executable attachment, then modified the MIME header
information to specify that the attachment was one of the unusual MIME
types that IE handles incorrectly, IE would launch the attachment
automatically when it rendered the e-mail."


"An attacker could use this vulnerability in either of two scenarios.
She could host an affected HTML e-mail on a web site and try to persuade
another user to visit it, at which point script on a web page could open
the mail and initiate the executable. Alternatively, she could send the
HTML mail directly to the user. In either case, the executable
attachment, if it ran, would be limited only by user’s permissions on
the system."

No clicky needed! Gotta love IE5

Michael
 
R

Rasputin

me too. any idea how to stop it? i've just got filters in pine set up for
now. how anoying...
Click to expand...

I think it depends how you get your mail.

I run a local mail server, because I enjoy that kind of thing. So
I'm installing exiscan with clamav to do content filtering.

That'll
(spamlevel.isnt_too_high? "fix it once and for all" | "grind my server to death" )

While it's building, I'm doing simple filtering of all the mails with
'critical' or 'microsoft' using procmail.

Saturday I'm off to VanFest in Malvern to buy a new VolksWagen bus.

On Monday I'm going to mail all the users in that folder and tell them
I am their bank manager, and can they send me their credit card
details for verification.

Then I'm off to Cuba!
 
B

Ben Giddings

Rasputin said:
I think it depends how you get your mail.

I run a local mail server, because I enjoy that kind of thing. So
I'm installing exiscan with clamav to do content filtering.
Click to expand...

For what it's worth, I run SpamAssassin and spent a few hours last night
writing filters for this particular worm. I can share my filters with
anybody that's interested.

Ben
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Ruby Weekly News 29th August - 4th September 2005 1
Python-URL! - weekly Python news and links (Feb 4) 1
Ruby Weekly News 24th - 30th January 2005 4
Ruby Weekly News 5th - 11th June 2006 0
comp.lang.c Answers (Abridged) to Frequently Asked Questions (FAQ) 0
i=infinity;0= i*sin k*pi, 1=cos k*pi, k=m/n, n=4,m=0-00; c*G=20=const, 1/sgrt2>G>0.5, 6<N = NA ^2su 13
People Helping People!!!!!!!!!!!! 1
Cosmic Indulgence 0

Members online

No members online now.
Total: 27 (members: 0, guests: 27)
Robots: 472

Forum statistics

Threads
473,769
Messages
2,569,581
Members
45,056
Latest member
GlycogenSupporthealth

Latest Threads

Top