FAO: Naomi - Virus!

[rutty]

I've sent you a PM about this already but I've received two alleged "screensavers" from your email address (me@naomimusic) - Hotmail blocked them so I'm not sure what virus it is, but virus they most probably were.

I would strongly suggest that you do an immediate virus check, seeing as it looks like you may be the unwitting source.

It may be a spoofed address though - there's a possibility that this virus has been sent to addresses scooped off this forum, so if anyone receives an email with a "screensaver.scr" attachment then do NOT open it, even if you know the sender.

Always scan for viruses before opening these things.

Dave

 

[Naomi McFadyen]

I thought I noticed something was wrong, as I've had a few bounced back emails... running virus scan... will get it sorted



Cheers!

 

[Naomi McFadyen]

:shock:

No virus' found... :?
must be spammers!

 

[rutty]

:shock:

No virus' found... :?
must be spammers!

It happens - your email address has been found by robots (there's an image eh? ) and used as the return address. I suspect that they got my address from here, and yours too, so I'll be suprised if more people haven't received the same thing.

Panic over though

 

[jameshowell]

I've had some of these, though not from Naomi, so maybe it's just something lagging behind the recent virus problems?

 

[Okiedokie of Oz]

Mine was doing that a while back.......stupid spammers......THEY SHOULD ALL BE GIVEN THE DEATH PENALTY!!!!!

 

[Banana]

Yes, yes, death to all spammers!!! Hooray!

 

[Naomi McFadyen]

Amen to that!

:lol:

 

[cornetchap]

Indeed death to spammers but in fact the problem is caused by the virus itself. The e-mail David received apparently from Naomi may have gathered both addresses from the same machine but not necessarily Naomi's it simply needs to be a machine where both e-mail addresses exist in the users address book.

The virus will choose random/all addresses in the victims address book to propogate itself and will use random addresses from the same address book to spoof the from address. To track the true origination of the e-mail and therefore the infected machine you need to view the Internet Headers. In Outlook Express this can be done by opening the message (don't open the attachment!) and selecting Options from the View menu. There should be box containing all the Internet Headers. You can follow the propogation of the e-mail through the Internet by looking at the Received lines.

HTH

Cheers, Greg.

 

[Naomi McFadyen]

Yeaaaaas... but the thing is, the email address' that have bounced back weren't in my address book... and I don't have David's email addy either... soooooo...

 

[cornetchap]

Yeaaaaas... but the thing is, the email address' that have bounced back weren't in my address book... and I don't have David's email addy either... soooooo...

They won't necessarily be. But they are in somone's address book that also contains your address. Same for the e-mail David received apparently from you.

Look at it this way, three computers, A, B and C,each with their own address books.

Computer C is the one with the virus, it's address book has e-mail addresses of users on both computers A (user 1) and B (user 2).

User 1 on computer A receives an e-mail apparently from User 2 on computer B. In fact the e-mail came from computer C with the To address chosen to be user_1@computer_A and the From address spoofed to be user_2@computer_B.

User 2 on computer B has no knowledge of user 1 on computer A and vice versa, the relationship purely exists on computer C.

Make any sense?

 

[Naomi McFadyen]

aaah! Yea! I see where you're coming from now ta

 

[JessopSmythe]

I've had loads of "returned" messages in the last few weeks. All of them coming, supposedly, from brass band related email addresses. Either this or another similar forum appears to have been deliberately targetted

 

[rutty]

I've had loads of "returned" messages in the last few weeks. All of them coming, supposedly, from brass band related email addresses. Either this or another similar forum appears to have been deliberately targetted

Chances are that someone we know has a virus. I must admit that I have no idea who might have my email address, so your guess is as good as mine.

Either way, I've deleted the emails already so I can't look at the headers, otherwise I'd have been able to find out which ISP it came from.

Best everyone update their virus checkers just in case.

 

[cornetchap]

I've had loads of "returned" messages in the last few weeks. All of them coming, supposedly, from brass band related email addresses. Either this or another similar forum appears to have been deliberately targetted

[snip]

Best everyone update their virus checkers just in case.

That's the key David. If you're concerned about having got the virus from someone on this forum you should either update or install a virus checker. I use AntiVir Guard which is free for personal use. If you're not concerned then you should be

That said, it's unlikely that the forum has been deliberately targetted as these messages are not spam [edit: it is spam, but not the work of spammers] and it's not how virii work. (Note for the concerned: I'm not a virus writer) The root cause of the problem for people on this forum may have stemmed from someone on the forum but could equally have stemmed from somone one or two nodes of relationship away, e.g. it's from someone who knows someone who's on the forum. The trouble with this kind of virus is that it will quickly spread through a community such as this that is a) relatively small and b) many people know each other personally within the community.

As far as I'm aware phpBB, the software upon which this forum is built, does not leak e-mail addresses, so it would be difficult for spammers to get hold of them and I'm sure the forum administrators have followed the software's security instructions and recommendations and are keeping it up to date patch wise.

Cheers, Greg.

 

[TheMusicMan]

For everyone's info my PC's, home and tMP servers are all clean. I believe several people may have had e-mails purporting to be from me... well this is the same thing as explained above.

All tMP servers are protected as are all tMP e-mail addresses. I have the latest McAfee protection on my home machines and I have Sophos email protection on the same mail accounts at my ISP server end.

tMP.... virus free!

John

 

[rutty]

I use Grisoft AVG at home and Zonealarm Free Edition to protect my PC. They both cost nothing, but there are so many PC users that are unaware of the importance of such things.

If anyone knows someone without either a Virus Checker or a Firewall I would strongly suggest that they get one - they don't even have to spend any money!

 

[Maestro]

Have had AVG for just over a year now, and I have found that it is the best virus checker of the lot.

 

[Naomi McFadyen]

I use AVG as well

 

[Fishsta]

Zone Alarm is THE WORST FIREWALL PROGRAM EVER.

Whatever you do, don't uninstall it.

Your internet connection will NEVER WORK AGAIN without some SERIOUS Registry editing.