*WARNING* Virus alert on Loafdom mailing list.

[The Flying Mouse]

Hi folks.
I've just been informed that a virus worm is currently in the Loafdom mailing list.
As many of you will be reveivers of this list I thought it let you know so you can take the necessery precautions

[Deb]

I got an email from caryl with the virus attatched and im not even on the mailing list. And it wasnt from mailing list addy, but caryls own email account, I have tried to let her know, through email and pm with no luck


Deb

[JenniferSal]

Hi! Just to clarify, there's TWO Loafdom mailing lists, and as far as i know the one titled simply 'loafdom' doesnt have the bug, but the Republic one might? (if im wrong, someone let me know please - thought it was safe since i disabled attachments a while ago!) Besides, unfortunately the 'older' list (the former, not the latter)doesnt have much mail traffic anymore, so hopefully that means no one is getting anything funky nonetheless! OK enough from me, take care!!

Jen S.

[Vickip]

There is as far as I'm aware no virus on our mailing list. Deb is not on it. Caryl's virus checker is updated for that virus ... she just scanned her system, and it's clear.

She doesn't have Deb's email address. If Deb has received a virus appearing to come from Caryl's address book, it is most likely that someone has picked up her address from a website .. could be the UK forum. As Deb isn't even in Caryl's address book it hasn't come from Caryl!! Blame her for all the troubles they have brought upon themselves .. for the Iraq War, for the last earthquake .. for the fall in the dollar .. but not for a virus sent to someone whose address she does not have!

[Wezzie]

If I may add to this topic, first let me inform you when it comes to computers I'm not the brightest light bulb in the house. With that said, I've been getting emails from people I know and those I don't know, Heck I even got one from myself???
Anyway I contacted my ISP server and was informed that there is/was (?) a virus going around, and if someone didn't have a good/updated virus program in place this virus would send emails to everyone on their list, then send email on to people on the other person's list. Hope you understand what I'm saying here. So why did I get an email from myself?? cause my darn Outlook Express has me in my address book.
I have Norton Internet/Virus installed on my PC and just updated to the new version, before my old one ran out.
Hope this made some kind of sence ?
Wezzie

[Deb]

Quote:

Originally Posted by Vickip

There is as far as I'm aware no virus on our mailing list. Deb is not on it. Caryl's virus checker is updated for that virus ... she just scanned her system, and it's clear.

She doesn't have Deb's email address. If Deb has received a virus appearing to come from Caryl's address book, it is most likely that someone has picked up her address from a website .. could be the UK forum. As Deb isn't even in Caryl's address book it hasn't come from Caryl!! Blame her for all the troubles they have brought upon themselves .. for the Iraq War, for the last earthquake .. for the fall in the dollar .. but not for a virus sent to someone whose address she does not have!

Vicki I did not blame Caryl for sending me a virus, I just said i had got one from her email account. I'm not that thick that I dont know virus's take over someones address book, I was trying to let her know so she could check her comp or at least be aware of it. As I said I did try to reply to it and I also pmed her, only once it was posted in here did I mention it and more to help her than anything else, If my comp had a virus or my email had been taken over by aliens I'd like someone to tell me. So someone from the uk forum is very unlikely to of sent me a virus in caryls name, virus's do that all on their own.

[Bigmomma]

This is bigmommas husband posting here,normally I frequent pc security related forums,but I believe that this information is important to all users here also.And I would like to clarify a few facts.

-----------------------------------------------------------------------------------------
OK,first of all,when I sent the message to various mods/admins here,I did not specifically say that it was the ROL mailing list.

My wife recieved a email from c........................................m,the security measures on my pc prevented my wife from opening the file.She mentioned it to me,and I said I would look later,which I did,and upon scanning with AV,found out it was the Win32:Netsky-C worm,which is very prevalent at the moment.

The virus itself was attached to a file which came from c........................................m ,now I do not know wether that is ROL mailer or not.

But as this virus is a mass-mailing worm,thought it is important to alert anyone who might be in the address book of that email address,now I presume that some people from here may have been in the address book of the said email address,or even if their email address is on the computer where that email address is used from,because it does not just use address book,it scans the infected computer in different ways also to find any email addresses it can.

I do not know if c........................................m also uses the ROL mailer on their pc,if they do,then it could also use the ROL mailer to send the virus,or maybe the mailing list is on the pc of c........................................m ,and this is why I think it is important to alert everyone.

If it does infect another user,then it would then use all email addresses on their pc,and as many people here probably have each others mailing addresses on their pcs,it could spread quickly around all members of this forum,this is again why i believe it is important

Now there are a couple of scenarios that this could be.........

1.The antivirus on said pc is useless(probably not)

2.The antivirus on said pc is not updated,this is a relatively new worm/virus,so if the virus definitions are not up to date,then it will not detect it.

3.The mail server/account of c........................................m has been hacked into,and someone is using it to send viruses.

4.The virus was sent from the said pc intentionally(I sincerely hope not)

One of the most common causes of virus infections happens because users do not update their antivirus frequently enough,so I suggest you all do.

I still have a copy of the origanal email,if anyone wishes me to forward to them,then just pm my wife(only for those that know how to handle viruses and are maybe curious)

If you dont use antivirus,then I suggest you start using one,I use avast antivirus,which is FREE,you may try the antivirus,with no limitation for free for 6 months,if you wish,by registering a personal license(again FREE) allows you to recieve updates for 14 months.Updates for this av are very small,and are very quickly released,nearly every other day,sometimes daily,and are automatic.

kind regards....
jp

Edit(R.): Email addresses removed for privacy and security reasons

[Winston]

Quote:

Originally Posted by Vickip

She doesn't have Deb's email address. If Deb has received a virus appearing to come from Caryl's address book, it is most likely that someone has picked up her address from a website .. could be the UK forum. As Deb isn't even in Caryl's address book it hasn't come from Caryl!! Blame her for all the troubles they have brought upon themselves .. for the Iraq War, for the last earthquake .. for the fall in the dollar .. but not for a virus sent to someone whose address she does not have!

[rick]

i have spoken to caryl on the phone about this as i am on her adress list but i have not recived any this is what she said

1 The email address being used is one on the ROL site and has been picked up by a spider
2 Caryl's antivirus is up to date and includes protection against this specific worm. Her antivirus is updated daily, and a scan of her computer has shown her system is clean.
3 The email addresses which say they have received emails from Caryl are not in her address book .. so there is no way they could be coming from her or her system. Even the cleverst virus can only access/download/use addresses which are in the person's address book.

i hope this clear's up any missgiving's this hasnothing to do with the rolperiod .end of story!
i belive her why cant you?

[Winston]

Quote:

Originally Posted by rick

...i belive her why cant you?

where did you get the impression that people are saying that caryl started the virus??????

[libertine]

Quote:

Originally Posted by rick

i belive her why cant you?

Sigh. To quote my friend Winston, RTFP. Don't think anyone said that they thought it was being done by Caryl let alone being done to be malicious. Deb explained herself in pretty clear terms, I thought...

Quote:

Originally Posted by sultonfan

Vicki I did not blame Caryl for sending me a virus, I just said i had got one from her email account. I'm not that thick that I dont know virus's take over someones address book, I was trying to let her know so she could check her comp or at least be aware of it. As I said I did try to reply to it and I also pmed her, only once it was posted in here did I mention it and more to help her than anything else, If my comp had a virus or my email had been taken over by aliens I'd like someone to tell me. So someone from the uk forum is very unlikely to of sent me a virus in caryls name, virus's do that all on their own.

Quote:

Originally Posted by vickip

Blame her for all the troubles they have brought upon themselves .. for the Iraq War, for the last earthquake .. for the fall in the dollar .. but not for a virus sent to someone whose address she does not have!

And BTW, that reaction was possibly just a little over the top... Just my opinion, of course.

[Bigmomma]

If that is the case,then.....

Why has she not made a post here warning people that her email address(which many people will regard as safe btw)has been used maliciously,or if she is unable to post,then got somebody else to do it for her??

If loafdom.com is her domain,then surely she has access to the cp to close down that email address.....and prevent anyone else being sent emails,from what many would regard as a "safe" address........

And it is not coincidental that 2 people from the same forum(here)would recieve a virus like that.What you are saying,is that someone has gained control of her email address,then decided to mail a virus to 2 members of this forum,this is definately not coincidental.

There are ways to find out specifically where a email has origanated from.....even to find out the machine that it origanated from.

jp

[Diane]

Quote:

Originally Posted by Vickip

She doesn't have Deb's email address. If Deb has received a virus appearing to come from Caryl's address book, it is most likely that someone has picked up her address from a website .. could be the UK forum. As Deb isn't even in Caryl's address book it hasn't come from Caryl!! Blame her for all the troubles they have brought upon themselves .. for the Iraq War, for the last earthquake .. for the fall in the dollar .. but not for a virus sent to someone whose address she does not have!

Thanks Mouse and Deb for bringing the virus to everyone's attention, and to Bigmomma's husband for the detailed explanation and for the sound advice.

Nobody's blaming anyone. We can all unknowingly pass on a virus. It happens!

Diane

[Deb]

Quote:

Originally Posted by rick

i have spoken to caryl on the phone about this as i am on her adress list but i have not recived any this is what she said

1 The email address being used is one on the ROL site and has been picked up by a spider
2 Caryl's antivirus is up to date and includes protection against this specific worm. Her antivirus is updated daily, and a scan of her computer has shown her system is clean.
3 The email addresses which say they have received emails from Caryl are not in her address book .. so there is no way they could be coming from her or her system. Even the cleverst virus can only access/download/use addresses which are in the person's address book.

i hope this clear's up any missgiving's this hasnothing to do with the rolperiod .end of story!
i belive her why cant you?

Once again.....

I DID NOT SAY CARYL WAS A LIAR ON THIS ONE.

I got an email one day last week from caryl and unlike the others, mine actually came from Caryls bt account. At the time I replied to it asking Caryl if she knew if she had sent it and if not to check her comp (or words to that effect, dont shoot me if i got it slightly wrong) Gave it a while and no reply, so I pmed her, if no one believes me check the poxy pm box and you'll see it sitting there long before this even got mentioned. i didnt mention it on the board then because i didnt think anyone else had it. Once it was posted I thoguht i'd add my experience of this to help others and beleive it or not!!! shock horror!!!!! Caryl also. As I have already explained in reply to Vickis post.

Big mommas hubby has already explained that virus's can take email addys from any where on your comp.

How this informative thread turned to this is really beyond me, I really do wish people would get the facts straight before jumping on someone. Know woneder threads get out of hand and we're having the problems we are here.

If theres any comp geeks here that know how i can get any deleted mail back from outlook, please let me know, so i can actually prove i got this email in the first place,
or to find out from my norton reports where the email came from.

[Weissheim]

Quote:

Originally Posted by sultonfan

If theres any comp geeks here that know how i can get any deleted mail back from outlook, please let me know, so i can actually prove i got this email in the first place,
or to find out from my norton reports where the email came from.

Have you cleared out your "Deleted Items" folder lately? If not, check there.

[Deb]

Quote:

Originally Posted by Weissheim

Quote:

Have you cleared out your "Deleted Items" folder lately? If not, check there.

yeah I clear it all the time especially since a few of us had a bout of virus's the other week, i worry about them doing something even in the trash lol. Plus I read somewhere its best to. I do have a report of it in norton, it just wont give me any info of where it came from, anyone got any ideas on where esle it might say it?

thanx for replying anyway :)
Deb

[Sapphire Lady]

Debs

You could try going into your Deleted Items folder, click Tools then select Recover Deleted Items. You'll see the e-mails you deleted over the last couple of weeks and you can select which one(s) you want to recover.

Depends on what version of Outlook you have though. I can do this on my work PC, but not at home.

Lynne

[Deb]

Thanx Lynne

Just tried and I havent got that option. I have outlook express 6

Deb

[Deb]

Dear Symantec Store Customer,

Virus Warning!
W32.Netsky.D@mm - Category 4 Virus

Symantec has upgraded the W32.Netsky.D@mm to a Level 4 threat [On a scale of 1-5,
5 being highest].

W32.Netsky.D@mm, a variant of the recent W32.Netsky.C, a mass-mailing worm that uses its own SMTP engine to send itself to e-mail addresses it finds when scanning a hard drive. This may clog mail servers or degrade network performance. The worm attempts to remove registry keys for various worms such as W32.Mydoom.A@mm, W32.Mydoom.B@mm and W32.Mimail.T@mm, attempting to deactivate these threats.

Identifiable Characteristics of email:

(The Subject, Body, and e-mail attachment vary. See technical details for the full lists of possible subject lines, messages, and attachments. Click on Symantec Security Response link below for more details.)

From: (spoofed)


Subject: Re: Your website
Re: Your product
Re: Your letter(there are various different variants)



Body: Your file is attached.
Please read the attached file.
Please have a look at the attached file.


Attachment: your_website.pif
your_product.pif
your_letter.pif
your_archive.pif


With the newly found mass-mailing worm, W32.Netsky.D@mm, Symantec advises customers to protect the network and update the definition file of all the Symantec AntiVirus solutions, using LiveUpdate and Intelligent Updater.

New Customers
For protection against the W32.Netsky.D@mm, purchase Norton AntiVirus 2004 for only £44.99. You may wish to enhance your security by purchasing Norton Internet Security 2004 for only £54.99 which includes Norton AntiVirus 2004, Norton Personal Firewall 2004 and Norton AntiSpam 2004.


Thats the info norton are sending out about this virus, hope it helps someone.

Not all virus checkers pick up everything either, even if they are updated.

[Weissheim]

Quote:

Originally Posted by sultonfan

Thanx Lynne

Just tried and I havent got that option. I have outlook express 6

Deb

Yes, you only get that option in the later versions of Outlook, not Outlook Express.

Don't think you can recover your permanently deleted messages in OE6 unfortunately.

[Heli]

In the past three days i have been sent the same virus 7 times now!!! Luckily my fire wall is picking them up for me before i let curiosity get the better of me!!

[Lady B]

Quote:

Originally Posted by Bigmomma

If that is the case,then.....

Why has she not made a post here warning people that her email address(which many people will regard as safe btw)has been used maliciously,or if she is unable to post,then got somebody else to do it for her??

If loafdom.com is her domain,then surely she has access to the cp to close down that email address.....and prevent anyone else being sent emails,from what many would regard as a "safe" address........

And it is not coincidental that 2 people from the same forum(here)would recieve a virus like that.What you are saying,is that someone has gained control of her email address,then decided to mail a virus to 2 members of this forum,this is definately not coincidental.

There are ways to find out specifically where a email has origanated from.....even to find out the machine that it origanated from.

jp

Caryl can't reply to this because she evidentally has been banned from the forums for whatever reason.

I received 3 emails the other day that contained that same worm and I started to open one of them because I thought I recognized the email address as one I've seen on the BatCaves list. Now it may or may not have been anyone really on that list but my virus scanner caught it before it went into anything. (WHEW!) This was not sent to my RoL list address or the one I have in my profile here (without looking I think I had changed it). And many of us are on multiple lists so who knows where this started.

This does not mean that it really came from anyone on either the RoL list or the BatCaves list. It just means that it attached itself to someone's name and multiplied from there. The same with the one that supposedly came from Caryl. It didn't originate from her even though it may look like it did. Someone must have had both of those addresses in their address book (Caryl's and Deb's) or somewhere in their files/system for this worm to attach itself to them and spread. The main thing is to make sure your virus scanner is updated to catch it to prevent it from going any farther.

Lady B

[Deb]

No one said it definitley did come from caryl but on the other hand no one can say it definitely didnt either, but the point here is that everyone needs to be careful what they do and dont open and to keep their virus stuff updated

Deb

[Lady B]

Quote:

Originally Posted by sultonfan

. . . . . . . but the point here is that everyone needs to be careful what they do and dont open and to keep their virus stuff updated

Deb

Exactly!

Lady B

[R.]

To clarify this:

I'm 99,99% sure that Caryl is not spreading any internet worm.
You can verify this quite easily, if you analyse the mail headers.
It's much more likely that one member of that mailing lists got infected and now the worm is harvesting that member's address book.

Additionally a warning:
There are variants of the W32/Bagle worms on the loose.
I received an email from management@mlukfc.com notifying me about my email account utilization.
This is a fake email address and the email is not coming from mlukfc.com.

Code:

Subject: Notify about your e-mail account utilization.

Dear user,  the management of Mlukfc.com  mailing  system wants to let you know  that,

Some of  our clients complained about the  spam (negative e-mail  content)
outgoing from  your e-mail account. Probably, you have been infected by
a  proxy-relay trojan server.  In order to keep your computer safe,
follow the  instructions.

For details see the  attached file.

Cheers,
   The Mlukfc.com  team                                  http://www.mlukfc.com

Part of the email header:

Code:

Received: from  tot-syd-aa01.proxy.aol.com (tot-syd-aa01.proxy.aol.com [202.67.64.151]) by rly-ip04.mx.aol.com (v95.1) with ESMTP id RELAYIN2-340451e33271; Tue, 02 Mar 2004 18:52:20 1900
Received: from toshiba-user ([202.67.122.27])
	by tot-syd-aa01.proxy.aol.com (8.12.10/8.12.10) with SMTP id i22Nm8JB019154
	for <webmaster@mlukfc.com>; Tue, 2 Mar 2004 23:48:10 GMT

This one was sent from a computer called "toshiba-user" in Australia.
Does that sound familiar to someone?