[lug] Someone on this list likely has a windows virus

D. Stimits stimits at idcomm.com
Tue Apr 30 01:21:20 MDT 2002


John Starkey wrote:
> 
> I'm receiving hundreds of these a day on one webmaster alias, and have
> been for two weeks. Here's a link someone sent me last night regarding
> the virus. Seems it's out of control at the moment.
> 
> http://centralcommand.com/april1802.html
> 
> I think a certain amount of it is targeted. One subject line that I
> receive reads "Webmaster, here's a flash to enjoy". That alias is for a
> Flash dev site, maybe a coincidence.
> 
> John

I have had windows virii/worms hand taylored for me after I've had
spammers shut down, but they were pretty obvious. It is possible that
the virus is picking key words out of sites and using that. It's nice to
run linux when opening email. It is my belief from the number of
forgeries that name verizon in their forgery that someone does not like
verizon, but I also think that the individual names being forged are
simply taken from address books or browsed newsgroups and web sites at
random. The number of people on BLUG list getting these, and then
finding by looking closer that it contains the name of someone from
BLUG, is far too much coincidence to not believe someone with BLUG
addresses is not infected. If the virus can read via web pages, then all
it would take is a google search that shows a BLUG archive, and opening
that page...which would trigger sending it to everyone in that
particular month's digest. Hard to say.

But one thing that would be useful: Anyone getting this virus sent
should look at full headers, see if it is a BLUG name being forged. If
so, look for the dotted decimal address (which is presumably unforged),
and post that to BLUG. Eventually we'll look up enough of these to get a
closer idea. Right now I think someone in Brazil, but even more likely,
multiple infections.

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list