Fwd: [Loch-Ruadh] Returned mail--"to class"

Tue Sep 10 04:35:16 PDT 2002

--
[ Picked text/plain from multipart/alternative ]

I am only getting the messages in my yahoo account mailbox and from what i understand from Patrick it can't get into my system with the way our dsl is set up.  But I did not understand the large number of these emails I was getting or the source of the virus.
 jesse wrote:For what it's worth, mta4.rcsntx.swbell.net is a mail server, not an
individual. All this server does is holds mail till it can be delivered
to the correct party(s).

Jesse

-----Original Message-----
From: loch-ruadh-admin at ansteorra.org
[mailto:loch-ruadh-admin at ansteorra.org] On Behalf Of Sluggy
Sent: Monday, September 09, 2002 12:59 AM
To: loch-ruadh at ansteorra.org
Subject: Re: Fwd: [Loch-Ruadh] Returned mail--"to class"

Sam Milligan wrote:

> This is another example of one of the viruses that use the infected
> system's address book to send out copies of itself, using one address
> from the book as the "To" and another as the "From".

My lovely Lady Gabrielle had a short bout with a Klez worm infection
last week. It appears that she got it from the Ansteorra-Equestrian
list. At least one non-subscriber that "posted" to the LR list appears
to have been in Gabby's short address book. He, on the other hand, seems
to have had a huge address book, and even though he cleaned it up pretty
quick, it still had plenty of time to propagate from there. I have been
getting stuff "from" him and his other friends as the worm does as a
worm does.

An additional insidiousness that they can sometimes prey on you with is
a message with a blank subject line and a blank message. You double
click it to see if there is something there afterall and, boom, you're
infected.

> mta4.rcsntx.swbell.net (although this last one may be just a
pass-thru)

This is one of swbell's mail transfer servers. Most likely, the person
who is infected with the worm is a swbell subscriber.
in its address book. I don't think Gabrielle has Angelia's address in
her address book, so I don't think it came from her in this instance.

> Another reason to keep your antivirus software updated.

I found a simple and powerful tool that cleans several variants of Klez
and a couple other worms. It is easily found by going to
http://www.download.com and searching for "klez". It's a small download,
about 60K if I remember right.

Of course, Klez and other such worms and trojan horses affect Outlook
and Outlook Express, due to Microsoft's (very bad) decision to allow
programs attached to emails to run automatically unless you specifically
disable the feature. Even then, you need only double click to
accidentally run it yourself.

If a car has troubles and the factory issues recall after recall, people
stop buying that car. The number of security-related updates from
Microsoft should frighten people but somehow it doesn't. I guess I will
never understand why.

Ok, I'll get down off the soapbox... :)

Sluggy!
_______________________________________________
Loch-ruadh mailing list
Loch-ruadh at ansteorra.org
http://www.ansteorra.org/mailman/listinfo/loch-ruadh

_______________________________________________
Loch-ruadh mailing list
Loch-ruadh at ansteorra.org
http://www.ansteorra.org/mailman/listinfo/loch-ruadh

---------------------------------
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost