FAO: Naomi - Virus!

Discussion in 'Off-Topic Chat' started by rutty, Feb 18, 2004.

  1. rutty

    rutty Active Member

    I've sent you a PM about this already but I've received two alleged "screensavers" from your email address (me@naomimusic) - Hotmail blocked them so I'm not sure what virus it is, but virus they most probably were.

    I would strongly suggest that you do an immediate virus check, seeing as it looks like you may be the unwitting source.

    It may be a spoofed address though - there's a possibility that this virus has been sent to addresses scooped off this forum, so if anyone receives an email with a "screensaver.scr" attachment then do NOT open it, even if you know the sender.

    Always scan for viruses before opening these things.

  2. Naomi McFadyen

    Naomi McFadyen New Member

    I thought I noticed something was wrong, as I've had a few bounced back emails... running virus scan... will get it sorted


  3. Naomi McFadyen

    Naomi McFadyen New Member


    No virus' found... :?
    must be spammers!
  4. rutty

    rutty Active Member

    It happens - your email address has been found by robots (there's an image eh? ;)) and used as the return address. I suspect that they got my address from here, and yours too, so I'll be suprised if more people haven't received the same thing.

    Panic over though :)
  5. jameshowell

    jameshowell Active Member

    I've had some of these, though not from Naomi, so maybe it's just something lagging behind the recent virus problems?
  6. Okiedokie of Oz

    Okiedokie of Oz Active Member

    Mine was doing that a while back.......stupid spammers......THEY SHOULD ALL BE GIVEN THE DEATH PENALTY!!!!!
  7. Banana

    Banana Member

    Yes, yes, death to all spammers!!! Hooray!
  8. Naomi McFadyen

    Naomi McFadyen New Member

    Amen to that!

  9. cornetchap

    cornetchap Member

    Indeed death to spammers but in fact the problem is caused by the virus itself. The e-mail David received apparently from Naomi may have gathered both addresses from the same machine but not necessarily Naomi's it simply needs to be a machine where both e-mail addresses exist in the users address book.

    The virus will choose random/all addresses in the victims address book to propogate itself and will use random addresses from the same address book to spoof the from address. To track the true origination of the e-mail and therefore the infected machine you need to view the Internet Headers. In Outlook Express this can be done by opening the message (don't open the attachment!) and selecting Options from the View menu. There should be box containing all the Internet Headers. You can follow the propogation of the e-mail through the Internet by looking at the Received lines.


    Cheers, Greg.
  10. Naomi McFadyen

    Naomi McFadyen New Member

    Yeaaaaas... but the thing is, the email address' that have bounced back weren't in my address book... and I don't have David's email addy either... soooooo...
  11. cornetchap

    cornetchap Member

    They won't necessarily be. But they are in somone's address book that also contains your address. Same for the e-mail David received apparently from you.

    Look at it this way, three computers, A, B and C,each with their own address books.

    Computer C is the one with the virus, it's address book has e-mail addresses of users on both computers A (user 1) and B (user 2).

    User 1 on computer A receives an e-mail apparently from User 2 on computer B. In fact the e-mail came from computer C with the To address chosen to be user_1@computer_A and the From address spoofed to be user_2@computer_B.

    User 2 on computer B has no knowledge of user 1 on computer A and vice versa, the relationship purely exists on computer C.

    Make any sense?
  12. Naomi McFadyen

    Naomi McFadyen New Member

    aaah! Yea! I see where you're coming from now :) ta
  13. JessopSmythe

    JessopSmythe Active Member

    I've had loads of "returned" messages in the last few weeks. All of them coming, supposedly, from brass band related email addresses. Either this or another similar forum appears to have been deliberately targetted
  14. rutty

    rutty Active Member

    Chances are that someone we know has a virus. I must admit that I have no idea who might have my email address, so your guess is as good as mine.

    Either way, I've deleted the emails already so I can't look at the headers, otherwise I'd have been able to find out which ISP it came from.

    Best everyone update their virus checkers just in case.
  15. cornetchap

    cornetchap Member

    That's the key David. If you're concerned about having got the virus from someone on this forum you should either update or install a virus checker. I use AntiVir Guard which is free for personal use. If you're not concerned then you should be :)

    That said, it's unlikely that the forum has been deliberately targetted as these messages are not spam [edit: it is spam, but not the work of spammers] and it's not how virii work. (Note for the concerned: I'm not a virus writer) The root cause of the problem for people on this forum may have stemmed from someone on the forum but could equally have stemmed from somone one or two nodes of relationship away, e.g. it's from someone who knows someone who's on the forum. The trouble with this kind of virus is that it will quickly spread through a community such as this that is a) relatively small and b) many people know each other personally within the community.

    As far as I'm aware phpBB, the software upon which this forum is built, does not leak e-mail addresses, so it would be difficult for spammers to get hold of them and I'm sure the forum administrators have followed the software's security instructions and recommendations and are keeping it up to date patch wise.

    Cheers, Greg.
  16. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    For everyone's info my PC's, home and tMP servers are all clean. I believe several people may have had e-mails purporting to be from me... well this is the same thing as explained above.

    All tMP servers are protected as are all tMP e-mail addresses. I have the latest McAfee protection on my home machines and I have Sophos email protection on the same mail accounts at my ISP server end.

    tMP.... virus free!

  17. rutty

    rutty Active Member

    I use Grisoft AVG at home and Zonealarm Free Edition to protect my PC. They both cost nothing, but there are so many PC users that are unaware of the importance of such things.

    If anyone knows someone without either a Virus Checker or a Firewall I would strongly suggest that they get one - they don't even have to spend any money!
  18. Maestro

    Maestro Active Member

    Have had AVG for just over a year now, and I have found that it is the best virus checker of the lot.
  19. Naomi McFadyen

    Naomi McFadyen New Member

    I use AVG as well :D
  20. Fishsta

    Fishsta Active Member


    Whatever you do, don't uninstall it.

    Your internet connection will NEVER WORK AGAIN without some SERIOUS Registry editing.