Results 1 to 11 of 11
  1. #1
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Server accuses me of worms

    Found this (edited, my highlighter) message sent to me today, using webmail, from a remail server who shall remain unnamed:
    -------------------
    <serv@myremailer.com>

    Mail server report.

    Our firewall determined <span style="background-color: #FFFF00; color: #000000; font-weight: bold">the</span hi> e-mails containing worm copies are being sent from your computer.

    Nowadays it happens from many computers, because this is a new virus type (Network Worms).

    Using the new bug in <span style="background-color: #FFFF00; color: #000000; font-weight: bold">the</span hi> Windows, these viruses infect the computer unnoticeably.
    After <span style="background-color: #FFFF00; color: #000000; font-weight: bold">the</span hi> penetrating into the computer the virus harvests all the e-mail addresses and sends <span style="background-color: #FFFF00; color: #000000; font-weight: bold">the</span hi> copies of itself to these e-mail
    addresses

    Please install updates for worm elimination and <span style="background-color: #FFFF00; color: #000000; font-weight: bold">your computer restoring</span hi>.

    Best regards,
    Customers support service
    -------------------
    The message contained an executable named "Update-KB8056-x86.exe". I haven't downloaded the message to my laptop, so I didn't run the executable (duh). In view of the clumsy wording highlighted above, gosh, I'm just a bit suspicious! It's effective social fear engineering, though, it had me going until I slowed down and thought, this doesn't feel quite right.

    I sent an on-website message to the service asking if they intended to send me this message. Also, 'KB8056' isn't a valid KB AFAIK. I'm up-to-date on XP-SP2 security updates and McAfee scanner.

    Anyone seen this or have any light to shed? (I really don't want to go to the vet and get dewormed.)
    -John ... I float in liquid gardens
    UTC -7ąDS

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Server accuses me of worms

    John,
    Never heard of this and could not find any info on it either.
    You are right about the clumsy wording in the "alert". I don't think any reputable company would allow that type of sentence structure. You sure did the right thing in dumping it.

    Also, don't bother the vet and try to make an appointment. <img src=/S/woof.gif border=0 alt=woof width=15 height=15>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Re: Server accuses me of worms

    And the response from POBOX.COM (yep, considering the 20 minute customer service turnaround, I'm naming them):
    -------------------------------------------------
    This email that you have received purporting to have come from our Pobox is not in any way associated with our service. These messages are forgeries, and did not originate from Pobox.com. They may either contain an attachment or a link to another website. Do not open these messages! A virus may be transmitted to your computer. These emails appear to have been sent in an attempt to spread a virus. These emails are programmed to take the domain name of the recipient in the text to make it appear as legitimate as possible and to make the recipient open it.

    For more details on viruses that are currently spreading, please see our News Announcements at:

    http://pobox.com/news.mhtml

    Thank you for your report of the problem.
    -------------------------------------------------
    Looks like they have text ready to cut-&-paste!
    -John ... I float in liquid gardens
    UTC -7ąDS

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Server accuses me of worms

    <center>
    <hr>Looks like they have text ready to cut-&-paste!<hr>
    </center>
    Don't they all !!! <img src=/S/disappointed.gif border=0 alt=disappointed width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Server accuses me of worms

    Postini, which uses McAfee for AV, quarantined a message like that for me last night. Let me see if I still have it in the Removed folder...
    <hr>Date: Wed, 20 Sep 2006 03:38:49 +0200
    From: secur@companydomain
    To: address@companydomain
    Subject: Mail server report.

    Mail server report.

    Our firewall determined the e-mails containing worm copies are being sent from your computer.

    Nowadays it happens from many computers, because this is a new virus type (Network Worms).


    Using the new bug in the Windows, these viruses infect the computer unnoticeably.
    After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses

    Please install updates for worm elimination and your computer restoring.

    Best regards,
    Customers support service

    Attachments:
    APPLICATION/OCTET-STREAM; name="Update-KB4296-x86.exe" <hr>
    Yeah... not a very good try if you can't even fool the AV scanner. <img src=/S/wink.gif border=0 alt=wink width=15 height=15>

    Postini added this header: <code>X-pstnvirus: W32/Stration@MM</code>

    (Even if it had gotten downloaded, another AV would have snagged it, and if that was missed, Outlook would have blocked the attachment. it's getting harder to sting business users via email.)

  6. #6
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Re: Server accuses me of worms

    Pretty much the same wording, different name for the executable payload. I hope that if I had d/l'd it, McAfee would have caught it (I killed t from the webmail client). But I'm concerned that this virus carrying messages wasn't stopped by my real ISP (as distinct from my remailer) before I ever saw it.
    -John ... I float in liquid gardens
    UTC -7ąDS

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Server accuses me of worms

    If your real ISP is forwarding, perhaps it doesn't filter those, only the ones that go into your actual box??

  8. #8
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Re: Server accuses me of worms

    The real ISP is my actual mailserver- the remailer server passes messages to my real ISP, and the remailer was spoofed, so I wouldn't expect the remailer to catch it, I would expect the real ISP to catch it. (Or am I not understanding you?)
    -John ... I float in liquid gardens
    UTC -7ąDS

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Server accuses me of worms

    Well, it was one or the other and I guessed wrong. <img src=/S/grin.gif border=0 alt=grin width=15 height=15> Perhaps your ISP's filters weren't up to date at the moment of arrival...

  10. #10
    4 Star Lounger
    Join Date
    Mar 2004
    Location
    Griffith, New South Wales, Australia
    Posts
    507
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Server accuses me of worms

    The .exe extension on the attachment worries me. Surely there is no mail server that still allows transmission of .exe files? Or should that be a tongue-in-cheek question?

  11. #11
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Server accuses me of worms

    FWIW - A friend forwarded me a message similar to the one you received and also had a reference to "W32.Stration@mm" - program being used was Norton antiVirus 2006 Server Edition.

    Symantec has a notice that this threat is "Risk Level 1: Very Low".
    Scott

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •