europa-list
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Virus/worm (?) rec'd today

from [Fergus Kyle] [Permanent Link][Original]
Subject: Re: Virus/worm (?) rec'd today
From: Fergus Kyle <VE3LVO@rac.ca>
Date: Sat, 5 Oct 2002 17:03:05 
Oh Jeez, Fred:
            I run Norton 2002 Anti-virus. It checks all incoming mail and
Attachments  and also runs through all intentional outgoing mail. As well,
it updates automatically every Friday night.
            Mu BELIEF is - it is not me and I am not infested. If it is the
BugBear virus, it is recent (note the Europa Forum remarks), it caught the
anti-virus folks offguard and managed to infest those who open their
attachments without due regard for clues. It then rifles out one, tow or
sometimes more addresses, seeks recent text from 'sent' messages, and
circumvents the outgoing virus-checker to send these bogus messages.
            The main clue here is, if it's an attachment via the Forum it's
bogus because the forum strips attachments. Second, although you may know
the sender (and so be offguard), you do not expect an attachment from
him/her. Third the subject can be a signal - it may not be on a topic of
your interest.
             The fourth clue is that my address is VE3LVO@rac.ca (my ham
radio callsign and Natl club) which transfers to f.kyle@sympatico.ca
which is my actual home address. I do this so that I can rid myself of spam
by changing the former but leaving the latter for my true friends.
           So I earnestly expect that the message is from an infected member
who has opened a virus-laden attachment and I am the 3rd person and you the
4th. At least I hope this to be the case. At present Norton is catching
about 4 or 5 infected attachments daily (thank God).
Hope this is of help (and I'm right!)\
Ferg
----- Original Message -----
From: "Fred Fillinger" <fillinger@ameritech.net>
Subject:  Virus/worm (?) rec'd today


> Rec'd Europa list email with subj: Tacho drive...
>
> msg began as follows:
>
> Message text written by INTERNET:fkyle@bigwave.ca
> >re: your last email remark - >>"it is taken from the tacho drive"<<. Is
> this a 912....do yo     [that is, truncated]
>
> Then attached "song.pif" in MIME format; 71K length.  MIME boundary is
> "9BPCBUGRUZLGSR".
>
> Sez from "Nigel Charles" <72016.3721@cix.co.uk>, not Nigel's usual
> address.
>
> Header proposes it's really from "mike ([62.252.1.8]) by
> mta6-svc.business.ntl.com," and usual Europa list stuff absent.
>
> I use Netscape with Post-It notes for address file and settings to
> simplify dealing with such matters.  So do I just try actually playing
> the song to see if it is a virus?? :-)
>
> Anyway, above offered to help track down infestations with obvious
> list users' connection.
>
> Fred F.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bugbear Virus AND EXTENSION VIRUS - ignore previous message, Shaun Simpkins
Next by Date:  Hang on, chaps!, Fergus Kyle
Previous by Thread:  Virus/worm (?) rec'd today, Fred Fillinger
Next by Thread:  Re: Bugbear Virus AND EXTENSION VIRUS - ignore previous message, Shaun Simpkins
Indexes:  [Date] [Thread] [Top] [All Lists]