[Steppes] Virus making the rounds
Kevin Black
kblack4 at hotmail.com
Wed Aug 20 20:01:17 PDT 2003
I approved the e-mail earlier this aft, however the mailing list software
automatically strips attachments so it won't get through. If you need it, I
believe Symantec has a free fix on their website.
Hubert d'Aiguës-Mortes
Qui fait plus, mieux vaux
>From: ironwyrm at juno.com
>Reply-To: "Barony of Steppes - SCA, Inc." <steppes at ansteorra.org>
>To: steppes at ansteorra.org
>Subject: Re: [Steppes] Virus making the rounds
>Date: Wed, 20 Aug 2003 15:51:50 -0700
>MIME-Version: 1.0
>Received: from mc6-f34.law1.hotmail.com ([65.54.252.170]) by
>mc6-s19.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 20 Aug
>2003 19:59:49 -0700
>Received: from blackstar.ansteorra.org ([216.62.214.29]) by
>mc6-f34.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 20 Aug
>2003 19:59:46 -0700
>Received: from blackstar.ansteorra.org (localhost.localdomain
>[127.0.0.1])by blackstar.ansteorra.org (8.11.6/8.11.6) with ESMTP id
>h7L2xWa09696;Wed, 20 Aug 2003 21:59:32 -0500
>Received: from m24.nyc.untd.com (m24.nyc.untd.com [64.136.22.87])by
>blackstar.ansteorra.org (8.11.6/8.11.6) with SMTP id h7KKrla04565for
><steppes at ansteorra.org>; Wed, 20 Aug 2003 15:53:48 -0500
>Received: from cookie.untd.com by cookie.untd.com
>for<"HPDPuVLpN4W0V+Yj2v8QverZ0Vb299N9x8gLYByx+Wpy2YaR5Z/ASA==">;Wed, 20 Aug
>2003 13:53:21 PDT
>Received: (from ironwyrm at juno.com) by m24.nyc.untd.com (jqueuemail) id
>H7287GN2;Wed, 20 Aug 2003 13:53:21 PDT
>X-Message-Info: MxAodtZPLiQJx+bOOWRa2OMqyD2y6z3gi5GSUzaFQ8A=
>Message-ID: <20030820.155151.-44807.9.ironwyrm at juno.com>
>X-Mailer: Juno 5.0.33
>X-Juno-Line-Breaks: 3-9,11-99,102-128,131-133,136-180
>X-Mailman-Approved-At: Wed, 20 Aug 2003 21:59:29 -0500
>X-BeenThere: steppes at ansteorra.org
>X-Mailman-Version: 2.1.2
>Precedence: list
>List-Id: Barony of Steppes - SCA, Inc. <steppes.ansteorra.org>
>List-Help: <mailto:steppes-request at ansteorra.org?subject=help>
>List-Post: <mailto:steppes at ansteorra.org>
>List-Subscribe:
><http://www.ansteorra.org/mailman/listinfo/steppes>,<mailto:steppes-request at ansteorra.org?subject=subscribe>
>List-Archive: <http://www.ansteorra.org/pipermail/steppes>
>List-Unsubscribe:
><http://www.ansteorra.org/mailman/listinfo/steppes>,<mailto:steppes-request at ansteorra.org?subject=unsubscribe>
>Sender: steppes-bounces at ansteorra.org
>Errors-To: steppes-bounces at ansteorra.org
>Return-Path: steppes-bounces at ansteorra.org
>X-OriginalArrivalTime: 21 Aug 2003 02:59:46.0671 (UTC)
>FILETIME=[475C9FF0:01C36790]
>
>I send an attachment file to the list that will rid people of the current
>virus going around, but it's currently being held by the moderator for
>review. If you have the problem and no antivirus software sorry, be
>patient maybe the moderator will release it soon.
>
>It did get rid of my problem!
>
>Ironwyrm
>
>
>On Wed, 20 Aug 2003 17:59:07 +0000 "Kevin Black" <kblack4 at hotmail.com>
>writes:
> > Actually that's not quite true. While it may be spoofing the return
> > address
> > it is in fact spreading as a worm and gathering address book info,
> > there are
> > also variants of the Re. Details (re. movie, re. thanks etc.):
> >
> > <cut and paste>
> >
> > NEW YORK - A new strain of one of the most virulent e-mail viruses
> > ever
> > spread quickly worldwide Tuesday morning, causing fresh annoyance to
> > users
> > worn out by last week's outbreak of the Blaster worm.
> >
> > The new virus, named "Sobig.F" by computer security companies,
> > attacks
> > Windows users via e-mail and file-sharing networks. It also deposits
> > a
> > Trojan horse, or hacker back door, that can be used to turn victims'
> > PCs
> > into senders of spam e-mail.
> >
> > MessageLabs Inc., a company that filters e-mail for corporations,
> > had
> > blocked more than 100,000 copies of Sobig.F by midday Tuesday,
> > making it by
> > far the most active virus of the day.
> >
> > "It's definitely spreading very quickly, just an incredible ramp-up
> > so far
> > this morning," said Brian Czarny, marketing director at MessageLabs.
> > The
> > variant is likely to be one of the more successful versions of a
> > very
> > successful virus strain, he said.
> >
> > The previous Sobig.A and Sobig.B variants are both on MessageLabs'
> > list of
> > the biggest 10 e-mail viruses of all time.
> >
> > The e-mail message that carries Sobig.F has the subject line "Re:
> > Details"
> > and the message "Please see attached file for details." If a
> > recipient
> > clicks on the attachment, which can have multiple names ending in
> > the .pif
> > file extension, the computer will be infected.
> >
> > The virus will then send itself out to names found in the victim's
> > address
> > book and will use one of these names to forge a return address. As
> > such, the
> > infected party may not quickly learn of the infection, while an
> > innocent
> > party may get the blame for helping to propagate it.
> >
> >
> >
> > Hubert d'Aiguës-Mortes
> > Qui fait plus, mieux vaux
> >
> >
> >
> >
> > >From: "Chiara" <chiara at io.com>
> > >Reply-To: chiara at io.com, "Barony of Steppes - SCA,Inc."
> > ><steppes at ansteorra.org>
> > >To: <steppes at ansteorra.org>
> > >Subject: Re: [Steppes] Virus making the rounds
> > >Date: Wed, 20 Aug 2003 11:17:29 -0500 (CDT)
> > >MIME-Version: 1.0
> > >Received: from mc4-f31.law16.hotmail.com ([65.54.237.166]) by
> > >mc4-s3.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
> > Wed, 20 Aug
> > >2003 10:11:27 -0700
> > >Received: from blackstar.ansteorra.org ([216.62.214.29]) by
> > >mc4-f31.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
> > Wed, 20
> > >Aug 2003 10:09:37 -0700
> > >Received: from blackstar.ansteorra.org (localhost.localdomain
> > >[127.0.0.1])by blackstar.ansteorra.org (8.11.6/8.11.6) with ESMTP
> > id
> > >h7KH8ua01066;Wed, 20 Aug 2003 12:08:56 -0500
> > >Received: from hiram.io.com (hiram.io.com [199.170.88.27])by
> > >blackstar.ansteorra.org (8.11.6/8.11.6) with ESMTP id
> > h7KGGTa31896for
> > ><steppes at ansteorra.org>; Wed, 20 Aug 2003 11:16:29 -0500
> > >Received: from
> >
> >webmail.io.com(IDENT:P0vJchdyDwAqsUr2Gxhp64Wccn9zi6QX at columbia.io.com[19
>9.170.88.107])by
> >
> > >hiram.io.com (8.11.2/8.11.2) with ESMTP id h7KGGDL27689for
> > ><steppes at ansteorra.org>; Wed, 20 Aug 2003 11:16:13 -0500
> > >Received: from io.com (webmail [127.0.0.1])by webmail.io.com
> > >(8.12.8/8.12.8) with SMTP id h7KGHTTj029252for
> > <steppes at ansteorra.org>;
> > >Wed, 20 Aug 2003 11:17:29 -0500
> > >Received: from 199.50.29.42 (SquirrelMail authenticated user
> > ches)by
> > >webmail.io.com with HTTP; Wed, 20 Aug 2003 11:17:29 -0500 (CDT)
> > >X-Message-Info: MxAodtZPLiQ6HPHOc8rBiV8e6TqWwlBgkcE8BFfTC+8=
> > >Message-ID:
> > <36535.199.50.29.42.1061396249.squirrel at webmail.io.com>
> > >In-Reply-To: <002501c36728$78cd9e80$28768d42 at prodigy.net>
> > >References: <002501c36728$78cd9e80$28768d42 at prodigy.net>
> > >X-Priority: 3
> > >Importance: Normal
> > >X-Mailer: SquirrelMail (version 1.2.11)
> > >X-Mailman-Approved-At: Wed, 20 Aug 2003 12:08:54 -0500
> > >X-BeenThere: steppes at ansteorra.org
> > >X-Mailman-Version: 2.1.2
> > >Precedence: list
> > >List-Id: Barony of Steppes - SCA, Inc. <steppes.ansteorra.org>
> > >List-Help: <mailto:steppes-request at ansteorra.org?subject=help>
> > >List-Post: <mailto:steppes at ansteorra.org>
> > >List-Subscribe:
> >
> ><http://www.ansteorra.org/mailman/listinfo/steppes>,<mailto:steppes-requ
>est at ansteorra.org?subject=subscribe>
> > >List-Archive: <http://www.ansteorra.org/pipermail/steppes>
> > >List-Unsubscribe:
> >
> ><http://www.ansteorra.org/mailman/listinfo/steppes>,<mailto:steppes-requ
>est at ansteorra.org?subject=unsubscribe>
> > >Sender: steppes-bounces at ansteorra.org
> > >Errors-To: steppes-bounces at ansteorra.org
> > >Return-Path: steppes-bounces at ansteorra.org
> > >X-OriginalArrivalTime: 20 Aug 2003 17:09:40.0241 (UTC)
> > >FILETIME=[D77C2810:01C3673D]
> > >
> > >Actually, the flavor of this one is rather bad. It is a spoofer.
> > It
> > >started two nights ago and is still going strong. It is originating
> > in
> > >China and it is spoofing specific ISP's. Unfortunately mine is one
> > of
> > >them.
> > >
> > >It does not mean that I am infected or that my ISP is infected. It
> > means
> > >that they have taken the ending of many internet companies and
> > attached it
> > >to mail addresses and sent the thing out. AOL and ansteorra.org are
> > also
> > >being abused in this manner. Again, we are not infected, just
> > being
> > >abused.
> > >
> > >However it does not hurt to be covered and covered we are. :)
> > >
> > >Chiara
> > >
> > >
> > >_______________________________________________
> > >Steppes mailing list
> > >Steppes at ansteorra.org
> > >http://www.ansteorra.org/mailman/listinfo/steppes
> >
> > _________________________________________________________________
> > <b>Get MSN 8</b> and help protect your children with advanced
> > parental
> > controls. http://join.msn.com/?page=features/parental
> >
> > _______________________________________________
> > Steppes mailing list
> > Steppes at ansteorra.org
> > http://www.ansteorra.org/mailman/listinfo/steppes
> >
> >
>
>________________________________________________________________
>The best thing to hit the internet in years - Juno SpeedBand!
>Surf the web up to FIVE TIMES FASTER!
>Only $14.95/ month - visit www.juno.com to sign up today!
>_______________________________________________
>Steppes mailing list
>Steppes at ansteorra.org
>http://www.ansteorra.org/mailman/listinfo/steppes
_________________________________________________________________
<b>MSN 8:</b> Get 6 months for $9.95/month.
http://join.msn.com/?page=dept/dialup
More information about the Steppes
mailing list