Constant Netsky_P attacks in email

  • Thread starter Thread starter Rob
  • Start date Start date
R

Rob

over the last few days i have been receiving up to 5 or 6 emails per day
containing the Netsky_P worm.
They all 'appear' to originate from random (and each time different) yahoo
or hotmail accounts and usually arrive two emails at a time.
I have TrendMicro Pc -cillin anti virus which is stopping them and is
describing it as either WORM_NETSKY_P or HTML_NETSKY_P.
I would like to know if my email address is being specifically targeted, if
so will the attacks continue leaving me with no other option than to change
my email address? or will the attacks eventually cease??
advice would be greatly appreciated
 
over the last few days i have been receiving up to 5 or 6 emails per day
containing the Netsky_P worm.
They all 'appear' to originate from random (and each time different) yahoo
or hotmail accounts and usually arrive two emails at a time.
Click to expand...

The from address is forged. Don't be surprised if you recieve bounces, or
complaints, from copies where your address has been used as the forged
from addresss.
I have TrendMicro Pc -cillin anti virus which is stopping them and is
describing it as either WORM_NETSKY_P or HTML_NETSKY_P.
Good.

I would like to know if my email address is being specifically targeted, if
so will the attacks continue leaving me with no other option than to change
my email address? or will the attacks eventually cease??
advice would be greatly appreciated
Click to expand...

Someone who has your email address on their computer, has the email
worm active, on their computer. To figure out where it's coming from,
you'll need to learn how to read email headers. See
http://pobox.com/headers.html

That will provide you with the ip address of the sender. Once you have
that, you can find out which isp owns that address by looking it up at
www.dnsstuff.com, where you put the ip address in the IPWHOIS lookup
box, and press the corresponding whois button.

You can then forward a copy of the email to the abuse@isp email address,
so they can notify the real sender, that their computer's infected. If you
know some people on that isp, you can check your other email, to see if
any email from them has the same ip address, and then notify them
yourself.

Regards, Dave Hodgins
 
Nope you're not the only one, my workplace has been getting them all week,
forturnately, I get the mail which says the attachment in this email has
been deleted because it was not allowed. When I called the IT guys, they
say the servers have been busy deleting shit all week and they're scanning
all the time to make sure nothings getting through.

wb
 
over the last few days i have been receiving up to 5 or 6 emails per day
containing the Netsky_P worm.
They all 'appear' to originate from random (and each time different) yahoo
or hotmail accounts and usually arrive two emails at a time.
I have TrendMicro Pc -cillin anti virus which is stopping them and is
describing it as either WORM_NETSKY_P or HTML_NETSKY_P.
I would like to know if my email address is being specifically targeted, if
so will the attacks continue leaving me with no other option than to change
my email address? or will the attacks eventually cease??
advice would be greatly appreciated
Click to expand...
****************** REPLY SEPARATER ********************
The From: info is forged and useless. The only useful information is in the
header, and all that will tell you is the ISP that it originated from. We were
getting 200-300/day (all quarantined), but the number of notifications were
bothering some of our customers. Over 70% of them were coming from 2 ISP's
(Shaw & Telus), so we blocked thousands of their IP addresses. Several weeks
later, they are finally starting to get it under control, and we have been able
to relax the blocking somewhat. We are also starting to see an increase outside
of these 2 suppliers, and have had to expand the blocking to them.

I still cannot understand how people can be so (please excuse the expression)
stupid as to activate such an obvious virus. If you examine the header, you
will probably discover that they all come from one or two IP addresses.

J.A. Coutts
 
Back
Top