[lug] Someone on this list likely has a windows virus

D. Stimits stimits at idcomm.com
Mon Apr 29 13:16:24 MDT 2002


Warren Sanders wrote:
> 
> D. Stimits wrote:
> 
> >Either someone on this list has a windows virus, or else this list is
> >being targeted. Tkil noticed someone sent one of the recent windows
> >virii with the header forged to look like me. I just got one forged to
> >look like Alan Robertson. I have also received several of what I think
> >are Klez virus from non-BLUG sources, the epidemic seems to be started
> >
> This seems to be the virus I had last removed from our network before
> finally getting NAV installed (just started new job... had to make some
> modifications).  We had similar emails blambing another addressbook
> member of sending viri.
> 
> Now the latest of our satelite offices in the South Americas have had
> some old virus infected by an [HTML/MimeExploit.IFRAME].  I think this
> was from a 1999 IE exploit.  Maybe the virus is new, I don't know but it
> pretty much shut their systems down good.  I have been getting more last
> week from export at lufer.com.br... I assume that is Brazil?
> 
> These are not infecting us, it's just a pain being the sys admin to get
> tons of  warnings from the mail server.

To me it is spam, but unlike a commercial spammer, stopping it or
controlling it is different. Yes, at least one of the emails I got was
from Brazil, but claimed to be our own Alan Robertson (and no, it wasn't
his, it was forged). In every case I've seen, verizon has been in the
headers, though I believe this is also forged; I think verizon is being
targeted by the virus as a scapegoat to handle all the reports, sort of
a DoS on their abuse department.

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list