At 10:08 AM 18/09/2003, David Lesher wrote:
I'm suddenly getting 3-4x the "M$ patch" and "bounced mail"
virus attacks as compared to 2-3 days ago.
This virus seems to depart from the standard "Click on mine patches
pleases" type text. Instead, it has quite an elaborate message complete
with in
I overlooked the OBVIOUS reason that someone just mentioned:
> There is a new worm:
> http://www.f-secure.com/v-descs/swen.shtml
Damn, we need a TV-Guide type page listing all the first run
and rerun M$ viruses. It's just too hard to keep them all
straight..
--
A host is a host from coas
--On Thursday, September 18, 2003 10:45 -0400 William Warren
<[EMAIL PROTECTED]> wrote:
I have noticed suddenly my virus filter catching more of those exact same
messages here in the last 24 hours.
David Lesher wrote:
I'm suddenly getting 3-4x the "M$ patch" and "bounced mail"
virus attacks as
I have noticed suddenly my virus filter catching more of those exact
same messages here in the last 24 hours.
David Lesher wrote:
I'm suddenly getting 3-4x the "M$ patch" and "bounced mail"
virus attacks as compared to 2-3 days ago.
Is this perhaps a result of VeriSlime's actions?
[Note I'm ta
Review the system restore feature of XP machines as it relates to
patches. This seems to be the big buzz around the desktop people where
I work.
Regards,
jade
On Mon, 2003-08-25 at 11:06, Geo. wrote:
> >>We've found that downloading both the appropriate patches and cleaning
> tools,
> and then d
>>We've found that downloading both the appropriate patches and cleaning
tools,
and then disconnecting from the network (as in unplug your ethernet cord or
hang up your modem line) before you run them both - patch then clean - works
and prevents you from being re-infected during the process.<<
Fo
> There is no evidence that the patch does not fix the vulnerability. You
> may be getting infected during the patching and cleaning process. Best
> bet is to patch, reboot, then clean.
We've found that downloading both the appropriate patches and cleaning tools,
and then disconnecting from t
Wesley-
There is no evidence that the patch does not fix the vulnerability. You
may be getting infected during the patching and cleaning process. Best
bet is to patch, reboot, then clean.
Regards,
===
Daniel Ingevaldson
Engineering Manager, X-Force R&D
[EMAIL PROTE
Oh I don't know.
Many here do a pretty good impression
of that unique combination of skills
prior to that first cup of coffee
:P
[EMAIL PROTECTED] wrote:
On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly <[EMAIL PROTECTED]> said:
How catty. We all start somewhere, or have you forgotten
How catty. We all start somewhere, or have you forgotten?
not only that, but we all start in exactly the
same place -- with zero knowledge. there was a
day when even X didn't know Y, for all X and Y.
s.
Sorry folks, my last message being sent to the list was my fault - this
topic has long gone off-list.
Again, apologies.
Cheers,
Cade
On Wed, 20 Aug 2003 [EMAIL PROTECTED] wrote:
> You *do* have to admit it's an unusual combination of skills to:
>
> a) have enough clue to get subscribed to NANOG-post
> *AND*
> b) not be able to identify Windows Messenger spam
I dunno about that...I know when I first saw the Messenger spam
On Wed, 20 Aug 2003 at 7:51pm Johannes Catterwell wrote:
>
> Chris Todd schrieb:
> >
> > Thanks
> > Chris Todd
> > Computer Technician
>
> Computer Technician? you sure?
That ain't nothing compared to the "Network Security Engineer"
that posted a few messages before that had never heard of Blast
Chris,
Chances are that you're not but...make sure you block the following ports (at a
minimum) at your firewall:
135
137-139
445
If you don't have a firewall, you need to get one installed ASAP. In the
meantime, install a personal (software) firewall - if the circumstances allow.
If you are
own".
You know?
Have a good one!
Cheers,
Cade
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 2:03 PM
To: Claire Kelly
Cc: [EMAIL PROTECTED]
Subject: Re: virus or hacked?
On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly &l
t;
> -Original Message-
> From: Johannes Catterwell [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 20, 2003 1:52 PM
> To: Chris Todd
> Cc: [EMAIL PROTECTED]
> Subject: Re: virus or hacked?
>
>
>
> Chris Todd schrieb:
> >
> > Thanks
>
On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly <[EMAIL PROTECTED]> said:
> How catty. We all start somewhere, or have you forgotten?
You *do* have to admit it's an unusual combination of skills to:
a) have enough clue to get subscribed to NANOG-post
*AND*
b) not be able to identify Windows Me
Indeed.
- Original Message -
From: "Claire Kelly" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 20, 2003 1:45 PM
Subject: RE: virus or hacked?
>
> How catty. We all start somewhere, or have you forgotten?
>
> Gruss + Che
That was my thought after my initial knee jerk how to fix response. I'm
sorry for replying to the list
Thanks,
Paul
--
Paul A Bradford
Senior Network Engineer
Adelphia Cable Communications
814-274-6663
Computer Technician
Western Newspapers, Inc.
(928)775-2499
Resistance is Futile
> --
> From: McBurnett, Jim
> Sent: Wednesday, August 20, 2003 11:48 AM
> To: Todd Mitchell - lists; Chris Todd
> Cc: [EMAIL PROTECTED]
> Subject: RE: virus or hacked?
>
->| -Original Message-
->| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
->Of
->| Chris Todd
->| Sent: Wednesday, August 20, 2003 12:33 PM
->| To: '[EMAIL PROTECTED]'
->| Subject: virus or hacked?
->|
->|
->| Good morning:
->| I was wondering if anyone has seen this message
: [EMAIL PROTECTED]
Subject: Re: virus or hacked?
Chris Todd schrieb:
>
> Thanks
> Chris Todd
> Computer Technician
Computer Technician? you sure?
--
Johannes Catterwell,| Did you ever wonder
Darmstadt, Germany | ... why you have to click
johannes at catte
> From: Chris Todd <[EMAIL PROTECTED]>
> Date: Wed, 20 Aug 2003 09:32:30 -0700
>
>
> Good morning:
> I was wondering if anyone has seen this message on a win2k server
> before and might be able to help me
Chris:
This is the new spam technique using the windows "admin" pop-up
vector.
Supposed
Chris Todd schrieb:
Thanks
Chris Todd
Computer Technician
Computer Technician? you sure?
--
Johannes Catterwell,| Did you ever wonder
Darmstadt, Germany | ... why you have to click
johannes at catterwell dot de | on "Start" to stop Windows?
| -Original Message-
| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
| Chris Todd
| Sent: Wednesday, August 20, 2003 12:33 PM
| To: '[EMAIL PROTECTED]'
| Subject: virus or hacked?
|
|
| Good morning:
| I was wondering if anyone has seen this message on a win2k server
b
That would probably be the messenger service in Win2k. to stop it,
go to Settings -> control panel -> Administrative Tools -> Services.
Find Messenger and disable it.
Thanks,
Paul
Or load the linux OS of choice ;)
On Wed, 2003-08-20 at 12:32, Chris Todd wrote:
> Good morning:
> I was wo
On Tue, 19 Aug 2003, David Diaz wrote:
>
> Spam may be off topic but in this case relevant. Has anyone else
> noticed bounced emails that appear to have origionated from their
> nanog email boxes and contain viruses?
>
> Obviously some bot has gone threw the nanog list and is now forging
>
On Tue, 19 Aug 2003, Steven M. Bellovin wrote:
> I've gotten hundreds of such bounce messages today. Only a few have
> Received: lines, but those have differed. I don't know for sure if
> it's the nanog list, since I don't use a different email address for it.
I suspect it's the list archive
Forwarding this for Mark, he deserved some credit for verifying the
IP but did not want his other addy harvested.
It's like you need a wing man now for posting to mail lists!
Cougar
Subject: Re: Virus emails from nanog mail list
From: "Mark J. Scheller"
To: David Diaz &l
>
> The IP address (which may or may not be accurate) appears to be
> [195.157.87.253].
>
> Has anyone else noticed this recently?
>
I have received 100+ SoBig trojan emails in the last few hours from
IP 12.107.153.212. It figures, seems to be located in AT&T land
so there might also be conne
On Tue, 19 Aug 2003 12:42:49 EDT, David Diaz <[EMAIL PROTECTED]> said:
> Obviously some bot has gone threw the nanog list and is now forging
> headers such that they appear to come from those addresses, and they
> are attaching viruses.
More likely, some poor lurker at the IP address listed ha
I have not seen the NANOG email problem, but have received several tens
of thousans of SPAM messages that claim to be from
'[EMAIL PROTECTED]'. The originating address in the messages is
66.218.66.70. As David pointed out, this may or may not be correct.
Dan
-Original Message-
From: Da
In message <[EMAIL PROTECTED]>, David Diaz writes:
>
>Spam may be off topic but in this case relevant. Has anyone else
>noticed bounced emails that appear to have origionated from their
>nanog email boxes and contain viruses?
>
>Obviously some bot has gone threw the nanog list and is now forgin
> Date: Tue, 19 Aug 2003 12:42:49 -0400
> From: David Diaz <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
>
> Spam may be off topic but in this case relevant. Has anyone else
> noticed bounced emails that appear to have origionated from their
> nanog email boxes and contain viruses?
>
> O
*sigh*
Joe has almost got it. Apparently a Jim of ICG sent an e-mail to a
large collection of NOC contacts -- one of which was ours -- asking
about a holiday moratorium. It hit our (digitalwest.net) ticketing
system (RT2) which stripped off the Cc: line so I didn't see it when I
responded via
It appears to be caused by an someone replying to all, instead of just the
originator of the message. Since most of the recipients were role accounts
under a ticketing system, the auto-responders took over, creating an
interesting loop; It provides a good reason why an auto-responder should
strip
On Monday, Nov 25, 2002, at 22:31 Canada/Eastern, Randy Rostie wrote:
We received the following email, with an incredible number of email
addresses in the cc: field. We did not even get the original message.
Maybe someone has a virus on their computer?
Maybe someone forwarded all the address
-- On Monday, November 25, 2002 8:11 PM -0800
-- Scott Granados <[EMAIL PROTECTED]> supposedly wrote:
Looks like someone's address book or peering list.
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
^^
A really old peering list. :)
I got 4
Looks like someone's address book or peering list.
- Original Message -
From: "Randy Rostie" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 25, 2002 7:31 PM
Subject: virus or?
We received the following email, with an incredible number of email
addresses in the cc: fi
39 matches
Mail list logo