Fwd: [Loch-Ruadh] Returned mail--"to class"

Patrick Bixler pbwidget68 at hotmail.com
Tue Sep 10 06:00:29 PDT 2002 

Let me clarify this a bit.  Angela does not use outlook or any other email
program on her computer at home.  She only uses web based email like yahoo
and hotmail.  I do the same.  Neither of the computers that we have
connected to the network here has Outlook configured on them.

I believe that the emails that are getting returned to Angela originated
from someone else who has one of the more advanced worms/viri.  One that
takes addresses from recieved emails and uses that address in the REPLY TO
and FROM areas in the email header.

As far as the DSL and security is concerned.  We are using a Linksys Router
as our Firewall/Gateway.  And so far, (crossing fingers), we have not had
any problems with hacking, viruses, etc.

If you are using a swbell.net email address or using it as your ISP, you
should update your antivirus software and check for new viruses.  Most
antivirus software have an update feature which should be ran WEEKLY.  DAILY
if you are paranoid.

Patrick



>From: Angelia Wallis <angelia_wallis at yahoo.com>
>Reply-To: loch-ruadh at ansteorra.org
>To: loch-ruadh at ansteorra.org
>Subject: RE: Fwd: [Loch-Ruadh] Returned mail--"to class"
>Date: Tue, 10 Sep 2002 04:35:16 -0700 (PDT)
>
>--
>[ Picked text/plain from multipart/alternative ]
>
>I am only getting the messages in my yahoo account mailbox and from what i
>understand from Patrick it can't get into my system with the way our dsl is
>set up.  But I did not understand the large number of these emails I was
>getting or the source of the virus.
>  jesse wrote:For what it's worth, mta4.rcsntx.swbell.net is a mail server,
>not an
>individual. All this server does is holds mail till it can be delivered
>to the correct party(s).
>
>Jesse
>
>-----Original Message-----
>From: loch-ruadh-admin at ansteorra.org
>[mailto:loch-ruadh-admin at ansteorra.org] On Behalf Of Sluggy
>Sent: Monday, September 09, 2002 12:59 AM
>To: loch-ruadh at ansteorra.org
>Subject: Re: Fwd: [Loch-Ruadh] Returned mail--"to class"
>
>Sam Milligan wrote:
>
> > This is another example of one of the viruses that use the infected
> > system's address book to send out copies of itself, using one address
> > from the book as the "To" and another as the "From".
>
>My lovely Lady Gabrielle had a short bout with a Klez worm infection
>last week. It appears that she got it from the Ansteorra-Equestrian
>list. At least one non-subscriber that "posted" to the LR list appears
>to have been in Gabby's short address book. He, on the other hand, seems
>to have had a huge address book, and even though he cleaned it up pretty
>quick, it still had plenty of time to propagate from there. I have been
>getting stuff "from" him and his other friends as the worm does as a
>worm does.
>
>An additional insidiousness that they can sometimes prey on you with is
>a message with a blank subject line and a blank message. You double
>click it to see if there is something there afterall and, boom, you're
>infected.
>
> > mta4.rcsntx.swbell.net (although this last one may be just a
>pass-thru)
>
>This is one of swbell's mail transfer servers. Most likely, the person
>who is infected with the worm is a swbell subscriber.
>in its address book. I don't think Gabrielle has Angelia's address in
>her address book, so I don't think it came from her in this instance.
>
> > Another reason to keep your antivirus software updated.
>
>I found a simple and powerful tool that cleans several variants of Klez
>and a couple other worms. It is easily found by going to
>http://www.download.com and searching for "klez". It's a small download,
>about 60K if I remember right.
>
>Of course, Klez and other such worms and trojan horses affect Outlook
>and Outlook Express, due to Microsoft's (very bad) decision to allow
>programs attached to emails to run automatically unless you specifically
>disable the feature. Even then, you need only double click to
>accidentally run it yourself.
>
>If a car has troubles and the factory issues recall after recall, people
>stop buying that car. The number of security-related updates from
>Microsoft should frighten people but somehow it doesn't. I guess I will
>never understand why.
>
>Ok, I'll get down off the soapbox... :)
>
>Sluggy!
>_______________________________________________
>Loch-ruadh mailing list
>Loch-ruadh at ansteorra.org
>http://www.ansteorra.org/mailman/listinfo/loch-ruadh
>
>_______________________________________________
>Loch-ruadh mailing list
>Loch-ruadh at ansteorra.org
>http://www.ansteorra.org/mailman/listinfo/loch-ruadh
>
>
>---------------------------------
>Yahoo! - We Remember
>9-11: A tribute to the more than 3,000 lives lost
>_______________________________________________
>Loch-ruadh mailing list
>Loch-ruadh at ansteorra.org
>http://www.ansteorra.org/mailman/listinfo/loch-ruadh




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx

More information about the Loch-Ruadh mailing list