Results 1 to 12 of 12
  1. #1
    4 Star Lounger
    Join Date
    Feb 2001
    Location
    BECCLES, Suffolk, England
    Posts
    407
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus Infection?

    I run 3 peer to peer networked Pc's. Pc2, running on WXp / Orifice2000 / Outlook, is currently receiving a 50+ number of bounce-back messages for unrecognised or closed aol.com e-mail addresses.
    My virus definitions are up to date (using Norton) and we do a complete virus scan every 2 days - we caught a couple of incoming virus' the other day and zpped the messages out.
    I ran the Blaster worm file - as mentioned in this forum. Just wondering if any one has experience of this - and how to stop it ?
    <IMG SRC=http://www.wopr.com/w3tuserpics/StephenElms_sig.jpg> Didn't think that I made my first post here on 5th February 2001...!

  2. #2
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Infection?

    Stephen--

    If the "couple of viruses" included Blaster, did you run the Blaster Removal Tool from MS (because you should) and MS also added a September Update for Blaster so make sure you have it. It isn't clear from your post whether you in fact did have the Blaster worm. Do you mean by "worm file," the removal tool?

    Download Blaster Removal Tool Here
    Microsoft Provides Blaster Removal Tool 1/7/04 and MS03-039 Patch to Update Against Blaster
    What You Should Know About the Blaster Worm and Its Variants
    MS03-039: Security Update to Defend Against Blaster
    Technet on Security Update
    Blaster Update Download
    Symantec Blaster Response

    The latest definition from Norton was Friday January 16, 2004--is that the one you have? I'd use the Intelligent Updater instead of Live Update to make sure you get the latest definitions:

    Differences between LiveUpdate and the Intelligent Updater

    SMBP

  3. #3
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Virus Infection?

    Are you saying that you have received the bounce back messages to one that you had NOT sent?

    If so, it is that your email address has been "SPOOFED", or used to send out the message. Some one has your address and the address of the people that were bounced in their address book, or some SPAMMER has just used your address as the return address.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  4. #4
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Infection?

    Dave--

    Can someone do this with a Trojan so that you couldn't distinguish the Trojan from a spammer spoofing or using a return address and can a spammer deploy a Trojan to do this?

    Thanks,

    SMBP

  5. #5
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Virus Infection?

    DOS attacks are done with "Slave Bots" planted on remote machines and called to action by their "Masters" when they want to mount an attack on a website. I'm sure that they can be programmed to perform almost any task you can perform while sitting at the PC.

    Here's the control panel for a Sub-Seven Trojan that was on my old Windows 98 system before firewalls and AV software were REQUIRED to surf the net safely. You decide what they are capable of. This program is about 4 years old.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  6. #6
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Infection?

    Thanks Doc, Dave.

    SMBP

  7. #7
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Virus Infection?

    The act of spamming NOTHING to do with a Trojan, just the act of using another's emaill address for the contact address. It is NOT even done near you machine, but on the spammers machine. Most email programs allow the setting to set a reply address.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  8. #8
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Infection?

    And still around, and far more dangerous than it was four years ago.

    This, however, does not reek of a DDoS attack.
    -Mark

  9. #9
    4 Star Lounger
    Join Date
    Feb 2001
    Location
    BECCLES, Suffolk, England
    Posts
    407
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Infection?

    All these bounce back address are at aol.com. None of these address are in my address book! Therefore i presume that someone must be using my email address to send spam?
    <IMG SRC=http://www.wopr.com/w3tuserpics/StephenElms_sig.jpg> Didn't think that I made my first post here on 5th February 2001...!

  10. #10
    4 Star Lounger
    Join Date
    Feb 2001
    Location
    BECCLES, Suffolk, England
    Posts
    407
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Infection?

    Dont know what, if anything, ive got. MS removal tool has been run.
    <IMG SRC=http://www.wopr.com/w3tuserpics/StephenElms_sig.jpg> Didn't think that I made my first post here on 5th February 2001...!

  11. #11
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Infection?

    I don't think you've "got" anything. If you'd like to see another conversation similar, <!post=take a read of this thread.,325551>take a read of this thread.<!/post>

  12. #12
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Virus Infection?

    Try right-clicking on one of the offending messages and select Properties from the drop-down, then select the Details tab and read the To: / From: information there to see if your address is indeed the return address or the Return Path. If so, I'd forward one of them to AOL or send an email to AOL advising them of the issue. You didn't mention who your ISP is, but if it's AOL then contact Customer Service. If not then email abuse@aol.com . It sounds more like someone has been sending out SPAM and SPOOFING your address as Dave said earlier.

    I found this on a quick search here from the CEO of an email marketing firm.
    "some ISPs will automatically filter e-mail they believe to be unsolicited commercial e-mail into a bulk e-mail folder that the recipient has to peruse separately. Or, in some cases, ISPs block delivery of bulk e-mail to their members.
    <font color=red>Often, the only way you can detect this is if the ISP notifies you of spam complaints from its members</font color=red>."
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •