Bogus Microsoft Emails

  • Thread starter Thread starter Laphan
  • Start date Start date
L

Laphan

Hi All

I may be way of the mark here, but has anybody else recvd a bucket load of
virus laden emails stating that they are from Microsoft since they posted to
the Microsoft newsgroups??

Like a green foul I used to put a valid email address in my news settings
and it is only this address that is pummelled with about 500 a day.

My ISP is bloody trying to charge me for the increased bandwidth and it's
all down to these 150KB each emails!!

Anybody know how to stop them coming through?

Rgds

Laphan
 
I know of some getting in excess of 2,000 a day.
There is little you can do other than set rules on Outlook Express.
However that does not stop the sender and your ISP still sees them.
Your ISP needs to do something.
Anything you do on your computer is after the ISP has passed them to
you.
 
I may be way of the mark here, but has anybody else recvd a bucket load of
virus laden emails stating that they are from Microsoft since they posted to
the Microsoft newsgroups??
Click to expand...

Post to ANY newsgroup and your address will be "harvested" and used
for spam (I wonder if anyone every buys the junk?) or virii
My ISP is bloody trying to charge me for the increased bandwidth and it's
all down to these 150KB each emails!!
Click to expand...

Tell your ISP to do like mine did... put a filter on the incoming
stream and automatically delete any message which has an EXE as an
attachment (or, for that matter, any type of file which may be run
by clicking on the attachment)

If someone actually NEEDS to send me a program, they will just have
to learn how to use WinZip or other software and not send a "raw"
program file as an attachment

John Thomas Smith
http://www.direct2usales.com
http://www.pacifier.com/~jtsmith
 
Tell your ISP to do like mine did... put a filter on the incoming
stream and automatically delete any message which has an EXE as an
attachment (or, for that matter, any type of file which may be run
by clicking on the attachment)

If someone actually NEEDS to send me a program, they will just have
to learn how to use WinZip or other software and not send a "raw"
program file as an attachment

John Thomas Smith
http://www.direct2usales.com
http://www.pacifier.com/~jtsmith
Click to expand...
I have the same problem with my Yahoo account.
They don't really provide any method to filter them out.
Having about 20 or 30 emails all 140+K in size,
doesn't leave any room for legitimate emails, thus
rendering Yahoo email useless.

Anybody know of a contact for YAhoo email?

Dave
 
Greetings --

What you received is either a very common, malicious hoax or the
output of a computer infected by one of several widely publicized,
wide-spread, mass emailing worms. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.

There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them. Also, by now, most
reputable ISPs have put filters of their own in place to block these.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Hi Laphan:

Since you (until recently) were using your real email address in newsgroup
posts, it would probably help to create a new e-mail address and cancel your
old one from all accounts.

Also, one thing that works for me is an Outlook Express message rule that
deletes from the server any incoming e-mail that does NOT have my real
e-mail address in the TO or CC line. This stops a lot of spam mail.

In addition, use regularly and keep updated an anti-virus program and an
anti-spyware program. I use AVG from Grisoft for anti-virus, and Ad-Aware
from Lavasoft for anti-spyware. There are free versions for both of them.

Regards.
 
-----Original Message-----
Hi All

I may be way of the mark here, but has anybody else recvd a bucket load of
virus laden emails stating that they are from Microsoft since they posted to
the Microsoft newsgroups??

Like a green foul I used to put a valid email address in my news settings
and it is only this address that is pummelled with about 500 a day.

My ISP is bloody trying to charge me for the increased bandwidth and it's
all down to these 150KB each emails!!

Anybody know how to stop them coming through?

Rgds

Laphan

Yes, I am also getting 50% of emails as these bogus
Click to expand...
emails and am at a loss how to stop them though must
admit that my Norton's Anti-virus quarantines the
infected files and then I delete them.
Regards, Pippin
 
Tell your ISP to do like mine did... put a filter on the incoming
I have the same problem with my Yahoo account.
They don't really provide any method to filter them out.
Having about 20 or 30 emails all 140+K in size,
doesn't leave any room for legitimate emails, thus
rendering Yahoo email useless.
Click to expand...

Prescreen and block Email http://www.mailwasher.net

I'm not sure if MailWasher works with Yahoo... but if it does, MW is
a GREAT program to be able to "mark" the email while it is still on
your ISP's server, and DELETE it instead of downloading to your PC

John Thomas Smith
http://www.direct2usales.com
http://www.pacifier.com/~jtsmith
 
Hi All

Thanks for the lightening replies.

FYI, if it wasn't for my trusty old Mailwasher I'd have lost the plot ages
ago !!

My main problem is that my ISP gives me 300MB bandwidth a month, which
easily covered my requirements even though email traffic is part of this
bandwidth rather than the usual web and FTP bandwidth.

However because of this 'attack', my last 2 months have been in region of
1.4GB per month !!

Because the ISP didn't warn me of this increase, they hit me with a bill for
£34.00 + VAT for extra bandwidth usage !!

Due to the fact that they can't block these emails (due to the changing
sender and subject) and because even though I delete them using Mailwasher
rather than download the email, the email usage is calculated on the mail
coming into their servers, they are trying to change things round so that
email bandwidth isn't part of the equation. It's still a problem.

I know this sounds daft, but is there anyway I could kill my old postings so
that any new virus knobs can't extract my address and hit me?

Rgds

Laphan


Hi Laphan:

Since you (until recently) were using your real email address in newsgroup
posts, it would probably help to create a new e-mail address and cancel your
old one from all accounts.

Also, one thing that works for me is an Outlook Express message rule that
deletes from the server any incoming e-mail that does NOT have my real
e-mail address in the TO or CC line. This stops a lot of spam mail.

In addition, use regularly and keep updated an anti-virus program and an
anti-spyware program. I use AVG from Grisoft for anti-virus, and Ad-Aware
from Lavasoft for anti-spyware. There are free versions for both of them.

Regards.
 
Laphan said:
My ISP is bloody trying to charge me for the increased bandwidth and
it's all down to these 150KB each emails!!
Click to expand...

Tell your ISP that you will not pay extra for their inability to place a
filter for a Well known E-mail virus. And, that if that do charge you
extra, you will get another ISP.

These e-mails are not your fault and you have no control over them. you
should not be penalized for them.

--

David

Programmers write "Help Files" for a reason. use them.

"Due to Viewer dicretion...
Graphic violence is advised"

http://www.HeroicStories.com/
http://www.thisistrue.com/
 
You seem to be having the same problem I am...My ISP seems to be
clueless about the whole thing! They seem to be unable or unwilling to
come up with a filter to discard these virus messages. It shouldn't
matter that they are coming from all sorts of different sources, if my
home email client can spot them, why can't they??? Meanwhile, they jump
on me for using so much bandwith in my incoming emails!

Hi All

Thanks for the lightening replies.

FYI, if it wasn't for my trusty old Mailwasher I'd have lost the plot ages
ago !!

My main problem is that my ISP gives me 300MB bandwidth a month, which
easily covered my requirements even though email traffic is part of this
bandwidth rather than the usual web and FTP bandwidth.

However because of this 'attack', my last 2 months have been in region of
1.4GB per month !!

Because the ISP didn't warn me of this increase, they hit me with a bill for
£34.00 + VAT for extra bandwidth usage !!

Due to the fact that they can't block these emails (due to the changing
sender and subject) and because even though I delete them using Mailwasher
rather than download the email, the email usage is calculated on the mail
coming into their servers, they are trying to change things round so that
email bandwidth isn't part of the equation. It's still a problem.

I know this sounds daft, but is there anyway I could kill my old postings so
that any new virus knobs can't extract my address and hit me?

Rgds

Laphan


Hi Laphan:

Since you (until recently) were using your real email address in newsgroup
posts, it would probably help to create a new e-mail address and cancel your
old one from all accounts.

Also, one thing that works for me is an Outlook Express message rule that
deletes from the server any incoming e-mail that does NOT have my real
e-mail address in the TO or CC line. This stops a lot of spam mail.

In addition, use regularly and keep updated an anti-virus program and an
anti-spyware program. I use AVG from Grisoft for anti-virus, and Ad-Aware
from Lavasoft for anti-spyware. There are free versions for both of them.

Regards.
Click to expand...

--
Gary Edstrom <[email protected]>
Visit my Midway Island home page at http://gbe.dynip.com/Midway

A conscience is what hurts when all of your other parts feel so
good.

The above tagline is number 22 in a series of 541. Collect them all!
 
Due to the fact that they can't block these emails (due to the changing
sender and subject) and because even though I delete them using Mailwasher
Click to expand...

Being you are in the UK and I am in the US, it may be that your ISP
uses different software... but my ISP wrote a "rule" for all of the
email coming in... if the email includes an attachment that may be
run (ends in EXE or COM or PIF or several other endings) the entire
message is deleted before it ever gets to a user's mailbox

John Thomas Smith
http://www.direct2usales.com
http://www.pacifier.com/~jtsmith
 
If you are using Outlook Express:
You can eliminate most of this by doing the following:

Select Tools>Message Rules>Mail>Mail Rules tab>New button>1: Select the
conditions for your rule: Check "Where the TO line contains people, 2:
Select the action for your rule: Check "Delete it from server", 3: Rule
description, Left click "contains people", enter your email addresses at the
blinking cursor, click on Add, click on the Options button, Select "Message
does not contain the people below", click OK, OK, OK, OK. You're done.


--
This mail/message and any attachment was scanned with NAV prior to being
sent to you.
Hi All

Thanks for the lightening replies.

FYI, if it wasn't for my trusty old Mailwasher I'd have lost the plot ages
ago !!

My main problem is that my ISP gives me 300MB bandwidth a month, which
easily covered my requirements even though email traffic is part of this
bandwidth rather than the usual web and FTP bandwidth.

However because of this 'attack', my last 2 months have been in region of
1.4GB per month !!

Because the ISP didn't warn me of this increase, they hit me with a bill for
£34.00 + VAT for extra bandwidth usage !!

Due to the fact that they can't block these emails (due to the changing
sender and subject) and because even though I delete them using Mailwasher
rather than download the email, the email usage is calculated on the mail
coming into their servers, they are trying to change things round so that
email bandwidth isn't part of the equation. It's still a problem.

I know this sounds daft, but is there anyway I could kill my old postings so
that any new virus knobs can't extract my address and hit me?

Rgds

Laphan


Hi Laphan:

Since you (until recently) were using your real email address in newsgroup
posts, it would probably help to create a new e-mail address and cancel your
old one from all accounts.

Also, one thing that works for me is an Outlook Express message rule that
deletes from the server any incoming e-mail that does NOT have my real
e-mail address in the TO or CC line. This stops a lot of spam mail.

In addition, use regularly and keep updated an anti-virus program and an
anti-spyware program. I use AVG from Grisoft for anti-virus, and Ad-Aware
from Lavasoft for anti-spyware. There are free versions for both of them.

Regards.
 
There are a number of ways of blocking these types of emails.

From what I've seen and documented when these initially started coming out,
they have attatchments (.exe or the such) which can easily be blocked at the
gateway (email server) or at your computer before you download them. In
Outlook Express, via the Rules Wizard, there is a way to Do Not Download an
email if it has an attatchment. If you're using a POP3 server, then that
will allow you to view the subject line and THEN download it at your
discression. If you're using Outlook, then there is an available option like
the one previously mentioned.

If your ISP is clueless, and is billing you for this, then they need to be
informed, and they need to take the appropriate precautions (i.e.
identification of possible subject lines (which is also, mind you,
documented at the Symantec website)) and block these messages at their
gateway to ensure that their customers are not being charged for something
which is a known issue. Blocking these types of emails is a very easy thing
to do. I block about 20 different types/classes of emails directly on my
mail server and am able to add/modify/delete blocks whenever required for my
users.

Just my two-point-five cents.

Jayson M. Sperling
TLUW Networks
Network Administrator
 
Back
Top