Re: (313) viruses
I'd be careful even with that method to be honest, as some of these viruses do genuinely send emails from people you know / trust, having infected their email systems and fired off messages to all their contacts. (ie the IP address can be genuine even if the message is not) The best indicator is really the content itself - most of these ones ask you to check an attachment, which installs the virus, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately. - Original Message - From: peter mueller [EMAIL PROTECTED] To: Dan Bean [EMAIL PROTECTED]; 313@hyperreal.org Sent: Friday, April 30, 2004 3:26 PM Subject: Re: (313) something weird/abe duque, the hand inside the glove puppet? if you're not sure wether a mail really comes from 313 or not, you can easily find out by checking the header of the mail. most part of headers get faked as well, but in the received line there's always the ip from the source of the mail. the ip of the hyperreal-server is 209.237.226.90. if you don't find this ip in any of the received lines, you can be sure that it's a virus or worm... bye, peter On Fri, 30 Apr 2004 14:56:53 +0100, Dan Bean [EMAIL PROTECTED] wrote: 1. Just got one of those spam emails that mimics a delivery failure notice and has an attachment that supposedly contains further info. I've never opened these in the past but have trashed them on the assumption that the attachment contains a virus or the like. Anyway, what you might all wish to know is that I just got one from the following address! [EMAIL PROTECTED] My initial reaction is obviously not to open it and to warn you all. Can anyone confirm whether this is the correct response or alternatively tell me if in fact it is a bona fide message - I've never received messages in this form from hyperreal before so I'm not 100% sure whether to dismiss it or not + it seems to be totally out of any context.
RE: (313) viruses
, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately. Or Help a Leper. Or I found this secret information about you. -Original Message- From: Matt Chester [mailto:[EMAIL PROTECTED] Sent: 30 April 2004 3:43 To: 313@hyperreal.org Subject: Re: (313) viruses I'd be careful even with that method to be honest, as some of these viruses do genuinely send emails from people you know / trust, having infected their email systems and fired off messages to all their contacts. (ie the IP address can be genuine even if the message is not) The best indicator is really the content itself - most of these ones ask you to check an attachment, which installs the virus, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately. - Original Message - From: peter mueller [EMAIL PROTECTED] To: Dan Bean [EMAIL PROTECTED]; 313@hyperreal.org Sent: Friday, April 30, 2004 3:26 PM Subject: Re: (313) something weird/abe duque, the hand inside the glove puppet? if you're not sure wether a mail really comes from 313 or not, you can easily find out by checking the header of the mail. most part of headers get faked as well, but in the received line there's always the ip from the source of the mail. the ip of the hyperreal-server is 209.237.226.90. if you don't find this ip in any of the received lines, you can be sure that it's a virus or worm... bye, peter On Fri, 30 Apr 2004 14:56:53 +0100, Dan Bean [EMAIL PROTECTED] wrote: 1. Just got one of those spam emails that mimics a delivery failure notice and has an attachment that supposedly contains further info. I've never opened these in the past but have trashed them on the assumption that the attachment contains a virus or the like. Anyway, what you might all wish to know is that I just got one from the following address! [EMAIL PROTECTED] My initial reaction is obviously not to open it and to warn you all. Can anyone confirm whether this is the correct response or alternatively tell me if in fact it is a bona fide message - I've never received messages in this form from hyperreal before so I'm not 100% sure whether to dismiss it or not + it seems to be totally out of any context. *** Opinions expressed in this email are those of the individual and not Entergy-Koch Trading Limited or its affiliated companies. This email and any files transmitted with it, including replies and forwarded copies (which may contain alterations) subsequently transmitted from the Company, are confidential and solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. If you are not listed on the To or Cc lines of the original email (or are not the person responsible for delivering to an intended recipient), then you are not an intended recipient and have received this email in error. Any use by an unintended recipient is strictly prohibited. If you have received this email in error please notify the IT manager by telephone on +44 (0)20 7337 8300 or via email to [EMAIL PROTECTED], attaching this message. Please then delete this email and all attachments, and destroy any copies thereof. Thank you. ***
RE: (313) viruses
and who can't resist opening an attachment with the title Help a Leper? very few I would gather ;) MEK Blackman, Ryan (UKEKT) To: 'Matt Chester' [EMAIL PROTECTED], 313@hyperreal.org [EMAIL PROTECTED]cc: och.eu.comSubject: RE: (313) viruses 04/30/04 09:37 AM , and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately. Or Help a Leper. Or I found this secret information about you. -Original Message- From: Matt Chester [mailto:[EMAIL PROTECTED] Sent: 30 April 2004 3:43 To: 313@hyperreal.org Subject: Re: (313) viruses I'd be careful even with that method to be honest, as some of these viruses do genuinely send emails from people you know / trust, having infected their email systems and fired off messages to all their contacts. (ie the IP address can be genuine even if the message is not) The best indicator is really the content itself - most of these ones ask you to check an attachment, which installs the virus, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately. - Original Message - From: peter mueller [EMAIL PROTECTED] To: Dan Bean [EMAIL PROTECTED]; 313@hyperreal.org Sent: Friday, April 30, 2004 3:26 PM Subject: Re: (313) something weird/abe duque, the hand inside the glove puppet? if you're not sure wether a mail really comes from 313 or not, you can easily find out by checking the header of the mail. most part of headers get faked as well, but in the received line there's always the ip from the source of the mail. the ip of the hyperreal-server is 209.237.226.90. if you don't find this ip in any of the received lines, you can be sure that it's a virus or worm... bye, peter On Fri, 30 Apr 2004 14:56:53 +0100, Dan Bean [EMAIL PROTECTED] wrote: 1. Just got one of those spam emails that mimics a delivery failure notice and has an attachment that supposedly contains further info. I've never opened these in the past but have trashed them on the assumption that the attachment contains a virus or the like. Anyway, what you might all wish to know is that I just got one from the following address! [EMAIL PROTECTED] My initial reaction is obviously not to open it and to warn you all. Can anyone confirm whether this is the correct response or alternatively tell me if in fact it is a bona fide message - I've never received messages in this form from hyperreal before so I'm not 100% sure whether to dismiss it or not + it seems to be totally out of any context. *** Opinions expressed in this email are those of the individual and not Entergy-Koch Trading Limited or its affiliated companies. This email and any files transmitted with it, including replies and forwarded copies (which may contain alterations) subsequently transmitted from the Company, are confidential and solely for the use of the intended recipient. It may contain material protected by attorney-client privilege. If you are not listed on the To or Cc lines of the original email (or are not the person responsible for delivering to an intended recipient), then you are not an intended recipient and have received this email in error. Any use by an unintended recipient is strictly prohibited. If you have received this email in error please notify the IT manager by telephone on +44 (0)20 7337 8300 or via email to [EMAIL PROTECTED], attaching this message. Please then delete this email and all attachments, and destroy any copies thereof. Thank you. ***
Re: (313) viruses
i've had loads of these recently - but norten sorts them out - Original Message - From: Matt Chester [EMAIL PROTECTED] To: 313@hyperreal.org Sent: Friday, April 30, 2004 3:42 PM Subject: Re: (313) viruses I'd be careful even with that method to be honest, as some of these viruses do genuinely send emails from people you know / trust, having infected their email systems and fired off messages to all their contacts. (ie the IP address can be genuine even if the message is not) The best indicator is really the content itself - most of these ones ask you to check an attachment, which installs the virus, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately. - Original Message - From: peter mueller [EMAIL PROTECTED] To: Dan Bean [EMAIL PROTECTED]; 313@hyperreal.org Sent: Friday, April 30, 2004 3:26 PM Subject: Re: (313) something weird/abe duque, the hand inside the glove puppet? if you're not sure wether a mail really comes from 313 or not, you can easily find out by checking the header of the mail. most part of headers get faked as well, but in the received line there's always the ip from the source of the mail. the ip of the hyperreal-server is 209.237.226.90. if you don't find this ip in any of the received lines, you can be sure that it's a virus or worm... bye, peter On Fri, 30 Apr 2004 14:56:53 +0100, Dan Bean [EMAIL PROTECTED] wrote: 1. Just got one of those spam emails that mimics a delivery failure notice and has an attachment that supposedly contains further info. I've never opened these in the past but have trashed them on the assumption that the attachment contains a virus or the like. Anyway, what you might all wish to know is that I just got one from the following address! [EMAIL PROTECTED] My initial reaction is obviously not to open it and to warn you all. Can anyone confirm whether this is the correct response or alternatively tell me if in fact it is a bona fide message - I've never received messages in this form from hyperreal before so I'm not 100% sure whether to dismiss it or not + it seems to be totally out of any context.
Re: (313) viruses
viruses and worms use their own smtp engine to spread themselves, which means they're not sent from the mailserver of a domain but from the infected pc itself. therefor they also have a different ip (the ip of the infected computer) than the ip of the mailserver. but you'r definitely right, the best way to protect yourself from stuff like that is checking the content! bye, peter On Fri, 30 Apr 2004 15:42:59 +0100, Matt Chester [EMAIL PROTECTED] wrote: I'd be careful even with that method to be honest, as some of these viruses do genuinely send emails from people you know / trust, having infected their email systems and fired off messages to all their contacts. (ie the IP address can be genuine even if the message is not) The best indicator is really the content itself - most of these ones ask you to check an attachment, which installs the virus, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately.
Re: (313) viruses
I recommend you get: Norton Anti Virus Zone Alarm (free from Tucows) Ad-Aware (free from Tucows) SpyBot (free from Tucows) I think you'll be surprised what you have on your machine... Martin 30/4/04 3:45 PM peter [EMAIL PROTECTED] viruses and worms use their own smtp engine to spread themselves, which means they're not sent from the mailserver of a domain but from the infected pc itself. therefor they also have a different ip (the ip of the infected computer) than the ip of the mailserver. but you'r definitely right, the best way to protect yourself from stuff like that is checking the content! bye, peter
Re: (313) viruses
At 12:57 PM 4/30/2004, Martin Dust wrote: Zone Alarm (free from Tucows) watch out for this one. lots of vulnerabilities introduced by this firewall. -- unsigned short int to_yer_mama; http://www.mkb-dj.org Matthew Kane : Software Engineer : Zebra Atlantek, Inc. [EMAIL PROTECTED] || [EMAIL PROTECTED]