Results 1 to 10 of 10
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Newark, New Jersey, USA
    Posts
    999
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus (Doom) (2002)

    Ok, not sure f this is the place for this (i should) But, I'm getting all these virus infested emails from my own server. Its a linux server with apache and courier-mta. Here's the header:

    Delivered-To: mike@thewolfmans.com
    Return-Path: <sam@thewolfmans.com>
    Received: from thewolfmans.com ([::ffff:66.252.175.92])
    by wolfmail2.thewolfmans.com with esmtp; Wed, 04 Feb 2004 15:34:18 -0500
    From: sam@thewolfmans.com
    To: mike@thewolfmans.com
    Subject: Mail Transaction Failed
    Date: Wed, 4 Feb 2004 15:12:21 -0500
    Mime-Version: 1.0
    Content-Type: multipart/mixed; boundary="=_wolfmail2.thewolfmans.com-3702-1075926860-0001-2"
    X-Priority: 3
    X-MSMail-Priority: Normal

    I don't have a user SAM

    I scanned all windows PC's and they are clean.. . Any thoughts??

    Also, I'm getting alot of undeliverable messages to other domains to my postmaster account . Is this virus client based?
    Mike Wolfman
    Jack of all, Master of none
    Bow before me, for I am root.
    <IMG SRC=http://www.wopr.com/w3tfiles/112673-wolfsig.jpg>

  2. #2
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus (Doom) (2002)

    Not that it's much help, but someone seems to be spoofing your IP Address. (This appears to have happened to me during SoBif.F - as I was never infected then neither by virus nor by Trojan.) How you track it down and stop it, I don't know. HTH
    Gre

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Virus (Doom) (2002)

    MyDoom randomizes the sender's address from addresses found on the victim's computer. Maybe a spammer with a dictionary of common names @ thewolfmans.com got hit by the virus? If so, I'm not sure whether that's funny or extremely alarming.

  4. #4
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Virus (Doom) (2002)

    I agree with the above, you have been spoofed. You will find the a large percent of email servers are of the Linux line. I think every POP3 account that I have, has been spoofed, because some id10t has my address in their address book and has been infected. Like wise with you, same issues, just different address book, I hope.

    By the way, we keep hearing from those other OS users (MAC and Linux) that they do NOT have a virus problem, what happened? <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15>

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  5. #5
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus (Doom) (2002)

    > I'm not sure whether that's funny or extremely alarming.
    As I said my IP address was spoofed - despite my not having been infected. In October I accidentally discovered I am on the att.worldnet blacklist. ISP certification is required for blacklist removal and my ISP in Austria just seems not to want to know. Switching to a competitor would require paying for all sorts of bundled services. <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>
    Gre

  6. #6
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Newark, New Jersey, USA
    Posts
    999
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus (Doom) (2002)

    I don't think its on my linux box. I have a feeling its a client with an infected Windows box.... I gotta send out a global email. Thanx all
    Mike Wolfman
    Jack of all, Master of none
    Bow before me, for I am root.
    <IMG SRC=http://www.wopr.com/w3tfiles/112673-wolfsig.jpg>

  7. #7
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Virus (Doom) (2002)

    Mike,
    Any one that has you address can spoof you. So do you know EVERY one and place that this email address is listed. Also some get harvested from the header of all those forwarded emails and sold. <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15>

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  8. #8
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Newark, New Jersey, USA
    Posts
    999
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus (Doom) (2002)

    Wonderful.. oh well, thanx all.
    Mike Wolfman
    Jack of all, Master of none
    Bow before me, for I am root.
    <IMG SRC=http://www.wopr.com/w3tfiles/112673-wolfsig.jpg>

  9. #9
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Roanoke area, Virginia, USA
    Posts
    3,729
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus (Doom) (2002)

    sam. mike, tom, michael, jose and about 15 other names are in the mydoom package. The virus adds them to any domain name it finds and sends messages to or from them. In fact, it uses anthing following an @ as a domain. We'vrecieved a lot from NNTP message IDs. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  10. #10
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Virus (Doom) (2002)

    That sort of blacklisting typically involves your SMTP server's IP address, not your personal IP address (although I suppose that's possible on a planet where mail headers never lie). If this is an internal company SMTP server, you could dual home it with a second NIC and assign that interface a different IP address (I think, I've never actually tried it), or migrate your server to a new address over time (potential loss of messages if the TTLs in the name server records are too long). If it is your ISP's SMTP server address that has the problem, and your ISP can't prove it's clean (i.e., by passing an open relay test), they are going to have problems with many other networks in addition to AT&T's. In that case, your options are less attractive. <img src=/S/sad.gif border=0 alt=sad width=15 height=15>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •