Subcultural engagement for the 21st Century...
Barbelith is a new kind of community (find out more)...
You can login or register.

Underground > Conversation >

Some chump keeps sending me viruses..

16:23 / 24.05.02

Everyday this week I've had a massive email (each from a different address - mostly hotmail ones) containing a bunch of bizarrely named attachments that set off the virus warning, and thus get deleted.

None of them had any text, except the first one, which said something like "Here's a new website, hope you like it."

Sound familiar?

This is particularly bothering me because a)I'm getting one every single day, and they're pretty huge files and b)they're all sent directly to me, by name, not forwarded or anything.

Is this a random, irregular occurance that I just haven't been subject to before now?

If it continues, should I get off my virtual arse and do something about it?

We're The Great Old Ones Now

17:13 / 24.05.02

Yes.

mate

17:29 / 24.05.02

Trace the originating IP address. It will look like this: 128.334.67.123

Cool name by the way.

18:12 / 24.05.02

Viruses, trojans etc. are a pain but my worst experience has come through falling for an embarrassing hoax virus warning which was around a few weeks ago. Got some very snotty responses from some people in my address book when I did the right thing and warned them all. Mucho humiliated having to email them all the next day once I realised my error. Now the world knows I am a numpty, a fact which I am at pains usually to conceal.

18:15 / 24.05.02

Is that the one which tells you to go and delete a certain file? Which just happens to be part of the operating software or somesuch?

We've had about ten of those from different people; even the Big Issue fell for it. So don't feel bad...

18:41 / 24.05.02

Any virus warning you get in the mail (except possibly one from your systems admin) is always a hoax. No matter what. You can check them out on the Norton or Symantec or whatever sites, but I've never had a real one ever...

19:01 / 24.05.02

This is particularly bothering me because a)I'm getting one every single day, and they're pretty huge files and b)they're all sent directly to me, by name, not forwarded or anything.

You see, I would have said that this sounds a lot like your email address has been registered with something or other, and a 'bot' is just sending a fresh mail each day, but it is a little queer that these messages contain no text. I think your best course of initial action, as mate says, is to check the IP address of the sender.

Of course, you could always just have whichever email handling program you use register the originating address as a 'junk mail' address, which will bin the mails as soon as they come in. Better still, some will allow you to bounce all mails coming from a certain email address, so the file never gets anywhere near you to begin with...

Less searchable M0rd4nt

20:06 / 24.05.02

You might like to download Mailwasher. It's a free programme that checks for viruses and spam, and allows you to bounce back unwanted email so it looks like your account is dead.

15:03 / 30.05.02

I got some more of these today. So how do I trace IP addresses, never having done such things before..?

Less searchable M0rd4nt

15:29 / 30.05.02

If you use Netscape:

1. Go to VIEW.
2. Select HEADERS.
3. Select ALL.

If you use Outlook,

1. Go to FILE.
2. Click on PROPERTIES.
3. A new window will open. Select DETAILS.
4. Click on the MESSAGE SOURCE button.
5. Make it Full Screen to view.

You'll see a line saying something like "Received: from [217.54.0.3]"

Then go to samspade.org, enter the number in the "DO STUFF" box, find out who to report the abuse to and report it.

16:49 / 30.05.02

aagh.. this supposedly simple task makes my brain hurt..

Which bit of this:

Return-Path:
Received: from ultra.hbci.com (EHLO mailserv.hbci.com) (206.230.105.5) by mta617.mail.yahoo.com with SMTP; 30 May 2002 00:27:34 -0700 (PDT)
Received: from Tilis (m-0-72.docsis.hbci.com [64.211.113.72] (may be forged)) by mailserv.hbci.com (Switch-2.1.1/Switch-2.1.0) with SMTP id g4U7LRB16840 for ; Thu, 30 May 2002 02:21:27 -0500 (CDT)
Date: Thu, 30 May 2002 02:21:27 -0500 (CDT)
Message-Id: <200205300721.g4U7LRB16840@mailserv.hbci.com>

is the IP I'm looking for?

None of them seem to give much of a coherent reponse when I put them into sam spade..

17:46 / 30.05.02

Rizla, just out of interest when you go to open these emails, do you get a blank explorer screen with a meaningless hyperlink (something like cid:;biz.?id?=2534/@er)?

If so, then you are experiencing the same problem as I had a few days ago when my email account started receiving odd emails from addresses I recognised, but whose owners denied sending. All were vast emails and were effectively unreadable as a result of the pseudo-hyperlink as I've outlined above. Yesterday I received an email from one of the friends in question, who had found the virus responsible on his system.

I would guess that you're using Microsoft Outlook or Outlook Express on Windows 98 system. If so then you are almost certainly receiving (and possibly infected by) the handiwork of a kak-worm virus or one of it's variants. My advice is to clean your system using a virus checker (you can get a copy of AVG for free here). You may also want to go to somewhere like Sophos and check your symptoms alongside their virus database.

17:49 / 30.05.02

Oh, and incidently. Never use any version of Outlook or Outlook Express. Not only is it bugged to hell, but is consistently shown to be the greatest virus propagation tool ever devised.

18:03 / 30.05.02

Rizla the first IP in the chain (which is actually the third one on the list just to confuse people) is 64.211.113.72 which comes up as

Global Crossing (NET-GBLX-11) GBLX-11 64.208.0.0 - 64.215.255.255
Hiawatha Broadband Comm. (NETBLK-FGC-REQ000000010082) FGC-REQ000000010082
64.211.112.0 - 64.211.119.255

Using the sam spade 'do stuff' option. Might be the service provider, if you click on the NETBLK it gives you the contact details. Send off the complete mail headers to their abuse person (usually abuse@wossernam.com) and they should sort it.

Learned this the hardway when some spammer set his machine up wrong and I got 1400 e-mails over a very fraught weekend.

Oh yeah Hoax e-mails, the pages to check are..

http://www.symantec.com/avcenter/hoax.html, has an exhaustive listing
and
http://directory.google.com/Top/Society/Folklore/Literature/Urban_Legends/Computer_Virus_Hoaxes/
has tons of other links.

Oh also two thumbs up to AVG very nice bit of kit, but remember to update the virus definition files regular like. Got caught that way with a MSN virus.