TDR 'doomed'

[Texas Diesel]

I filter my incoming emails by having them automatically forwarded between Earthlink and then ending up in my main email account. Both Internet services have spam/virus protection, finally my machine has a firewall/virus/spam stuff, said all that to say this, I got the following message that said a virus (mydoom) was in a attachment from "rpatton@turbodieselregister.com". I seriuosly doubt that it came from Robin or the TDR but how did the sender mimick the FROM address and make it seem to come from the TDR????



Actual warning message:



"From:

To: -- email address removed --

Subject: STATUS

Date: Sat, 7 Feb 2004 17:08:56 -0600



You currently have EarthLink Virus Blocker powered by Symantec enabled.

The following attachments were infected and have been repaired:



No attachments are in this category.



The following infected attachments were deleted:



1. message. zip: W32. Mydoom. A@mm"



It's actually amazing, I get 400+ spam messages a day (combined email addresses I use) and atleast 4 virus attempts a day, all of it winds up in either my bulk mail folder or automatically deleted by the virus software, where does all this stuff come ?from?

 

[Philip]

Spoofing return email addy's is not that hard.



Most likely it is the same script kiddy that hacked the site the other night would be my guess.

 

[Texas Diesel]

What happened the other night?

 

[HEMI®Dart]

I think they are trying to get rid of ya Tejas Deezul.

 

[lizzyhermit]

my vpn protected, firewall protected, anti-virus protected, router protected email is getting hit quite heavily with infected email in the last few days.

even now I'm getting email from a "mail delivery system" informing me I'm sending infected email. BUT, it isn't our comapny hi bucks email delivery system. slick trick.

 

[Steve St.Laurent]

There are MANY viruses out there that spoof email addresses. That makes it harder to stop a virus because it didn't come from the address it says it did. The vast majority of viruses coming out these days do this and the doom virus is one of them. Only thing you can do is protect yourself - trying to go back to the source pretty much doesn't work any more. As to what happened the other night look in the website forum, there are several posts explaining what happened.

 

[Texas Diesel]

Originally posted by HEMI®Dart

I think they are trying to get rid of ya Tejas Deezul.

:-laf But if I dont send my membership dues in soon Steve will have to axe me.



Guess the old rule about not opening email from people you dont know doesnt work anymore.

 

[fest3er]

The only thing that can mean anything in an email is the latest 'Received' header, which is inserted by the last server to handle your email, usually your ISP.

At least some of the worms have their own built-in mail transfer agent, so they send email directly to your server (or pretty darn close).

If you look at the raw content of the email and see only one received header (from the 'Internet' to your ISP; your ISP could have multiple email handlers, each adding a Received: header), there is a high probability it is a bogus email. Most legitimate email is sent from the workstation/PC to the ISP's or company's mail handler, which then routes it as needed. A single Received: header should be viewed with suspicion.

N

 

[Will24]

Don't seem to have a virus problem with my mac

 

[Gary - K7GLD]

"Don't seem to have a virus problem with my mac"



WHY would a reasonably sane hacker take the time and bother to write a virus for a 'puter with so few users?

 

[Bill Lins]

Originally posted by Gary - KJ6Q

"Don't seem to have a virus problem with my mac"



WHY would a reasonably sane hacker take the time and bother to write a virus for a 'puter with so few users?

Dunno, but I'm glad they don't!

 

[Rd.Runnr]

Hear! Hear!---Me too! Chose Mac. :