Once again, you all are right, but absolutely not helping me. All you wrote here is correct, but my problems are caused by a simple virus, which doesn't do any tricks, doesn't use any security hole in MS applications. It just sends itself to other people from the infected machine using its own SMTP routine. It is so simple, it even doesn't make any damage to the infected machine (except some bandwith usage). I just need to find out who is the owner of that particular IP address to ask him to deinfect the computer.
/--- Aley ----- Original Message ----- From: "Andy Chandler" <[EMAIL PROTECTED]> To: "LCD" <sam-users@nvg.ntnu.no> Sent: Monday, April 05, 2004 8:41 PM Subject: Re[2]: Virus Madness!!! - Can somebody help? > Several of the new viri out there actually open up a port on the > infected machine and report back to a website somewhere that the > machine is ready and it is then as a SPAM server. > So it looks like you sent the emails (and in fact you did!), but without > knowing it. > > Sophos has a lot on the new set of ones doing the rounds. There is a > virus on the loose, whose sole purpose, is to disable one of the other > ones. They then retaliate with a new version, sometimes 3 or 4 new > versions in one day and so the cycle continues. > > Those of us on BTinternet (at least Dave on this list) can at least relax a little > - they've stopped 100% of the virus infected emails I would of > received. They currently stop around 80 SPAM messages a day to this > account alone - frightening stuff indeed. > > > > > > Monday, April 5, 2004, 7:17:18 PM, you wrote: > > LCD> Anything can be faked, ever heard about "remailers"? That is a server > LCD> thatstrips the real IP > LCD> from header and sends the mail further. Excellent for people that are > LCD> living in dictatorship > LCD> countries like China, USA or EU, that want to send their opinion to > LCD> newsgroups or mailing > LCD> lists. > LCD> They usualy can also hack into WLAN of innocent people, and use their IP > LCD> to make some > LCD> idiotic or illegal moves. > LCD> So even if the IP in header cannot be faked, it is not sure that the > LCD> attack comes really from > LCD> the person that subscribed the IP. > LCD> And finally, viruses send themself without the knowledge of the users. > LCD> The user is just too > LCD> stupid to own a PC, if he opens each attachement or has no firewall... > > LCD> Greetings to all > > LCD> LCD > > LCD> Aley Keprt wrote: > > >>I usually get lots of SPAM, but no viruses. As several Sam users already > >>mentioned, I use a simple whitelist system to block 100% of SPAM, and allow > >>only known addresses. But this can't currently block viruses. > >>Unfortunatelly... > >> > >>btw. You can find who sent you viruses. Although the sender e-mail address > >>is faked, there is a valid IP address (can't be effectively faked), and with > >>cooperation of its internet service provider, you can find the real > >>computer. (If you have got some luck. :-) > >> > >>/--- > >>Aley > >> > >>---------------------------------------------------------- > >>Mgr.(MSc.) Ales Keprt (also known as Aley) > >>[EMAIL PROTECTED] *** www.keprt.cz *** ICQ: 82357182 > >>Dept. of Computer Science, VSB Technical University > >>Ostrava, CZ - [EMAIL PROTECTED] - www.cs.vsb.cz > >>---------------------------------------------------------- > >> > >> > >>----- Original Message ----- > >>From: "Matthew J. Craven" <[EMAIL PROTECTED]> > >>To: <sam-users@nvg.ntnu.no> > >>Sent: Monday, April 05, 2004 7:11 PM > >>Subject: Re: Virus Madness!!! - Can somebody help? > >> > >> > >> > >> > >>>I have at least 30 a day with all kinds of viruses like the ones you > >>>mention. I don't know if it's anything to do with the sam-users list > >>>though. > >>> > >>>I receive them from all over the world, and yes, the addresses are > >>>normally faked. > >>> > >>>But it's beginning to drive me to the point of distraction as well... > >>>God, I want to wring their pathetic little necks! :-D > >>> > >>>--Matt. > >>> > >>>On 5 Apr 04, at 18:54, Aley Keprt wrote: > >>> > >>> > >>> > >>>>Hello friends, > >>>> > >>>>this is what I can the virus madness! In last fortnight I got over 50 > >>>>e-mails with viruses Netsky.B and Netsky.Q. Is this normal? I think > >>>>and hope it isn't. In recent 12 hours I got 6 new e-mails with > >>>>Netsky.Q. This is absolutely unbelievable. I looked to the e-mail > >>>>headers, and I can see the sender is always the same. Really > >>>>unbelievable. The e-mail address of the sender is not visible (it is > >>>>faked), but I have got the IP address. I write it below, so you all > >>>>can check, if it is somewhat connected with sam-users. It is an > >>>>address in Netherlands, and my only contact to Netherlands is via > >>>>sam-users. > >>>> > >>>>Computer name: node-d-1d4e.a2000.nl > >>>>IP number: 62.195.29.78 > >>>>Provider: UPC Netherlands > >>>> > >>>>Is this a private computer, or a multiuser node/proxy? Can somebody > >>>>help? > >>>> > >>>>And does anybody receive such viruses by e-mail as well (in recent few > >>>>days)? > >>>> > >>>> > >>>>/--- > >>>>Aley > >>>> > >>>> > >>>> > > > >
