OK -- basic SWEN query

  • Thread starter Thread starter MB
  • Start date Start date
M

MB

For the past few days, like many others, I've been getting the email
bombardment (I have to keep going to the Prodigy server and clean out my
over-capacity bulk mail folder).

1) Am I correct in assuming I do not have this virus (msconfig and regedit
appear to work and my updated AV programs don't seem to flag anything and my
computer appears to be working just fine-- also, I haven't opened any of the
attachments; I do need to install critical updates however).

2) Do I now have to change my email address or do these things peter out
over time???

MB
 
Watcha!

Remember to never open an attachment. Everyone should know that Microsoft
will never send secuirty patches by email - as you know this is done by us
the users through Windows Update or HFNETCHK (Shlavik Technologies), so
never open an email attachement that looks like it is from MS.

Hopefully these things will clear up after a while though.

One thing this problem did get me to thinking about is how we can be more
concientious with the emails we send or reply to. One very important thing
we can do is when sending to multiple recipients is to put them all in the
BCC field. This way we are not forwarding other peoples email addresses on
to others who then forward it on to a.n.other etc where it eventually gets
to someone without scruples.

I have just replied to another post re this same problem so I am copying it
here to see if there is anything we can do to stop it:

Regards

Jonathan Burrows

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I too am getting these and others like it - they come from two sources it
appears. Perhaps you should check yourself where they come from. If you
are using Outlook youcan go to View>>Options to view the header information.
In Outlook Express you can see this from File>>Properties and Details to see
the same. I have sent emails to each of the domains listed by finding out
their information from the WHOIS database (not that it will do any good).
Here are two examples of the header information - I bet yours are similar!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From bimba.bezeqint.net [192.115.106.39] by
mailserver10.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=067FCD8D-5238-43EA-8E4C-50ADAFA3971B
; Sun, 21 Sep 2003 18:33:54 +0100
Received: from hhmsyuy (bzq-219-232-200.pop.bezeqint.net [62.219.232.200])
by bimba.bezeqint.net (Bezeq International SMTP out Mail Server) with SMTP
id DFB8F766; Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
From: "Internet Security Division" <[email protected]>
To: "Commercial Customer" <[email protected]>
SUBJECT: Latest Internet Critical Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ynpxfnrlzzlynda"
Message-Id: <[email protected]>
Date: Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Or this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From vsmtp3.tin.it [212.216.176.223] by
mailserver08.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=8DFD3E64-B414-4E5C-B4BC-C5EEB37385D8
; Sun, 21 Sep 2003 18:06:09 +0100
Received: from hvfip (80.180.80.160) by vsmtp3.tin.it (7.0.019)
id 3F4F1DDF008B731D; Sun, 21 Sep 2003 18:58:48 +0200
Date: Sun, 21 Sep 2003 18:58:48 +0200 (added by (e-mail address removed))
Message-ID: <[email protected]> (added by
(e-mail address removed))
FROM: "MS Network Delivery Service" <[email protected]>
TO: "Internet Client" <[email protected]>
SUBJECT: Returned Mail: Returned To Mailer
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="zwimlilnlpcrybb"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Anyway, surely we don't have to be complacent to this sort of thing???? It
is annoying and to those of us with good Anti Virus (up-to-date ones at
that), it is an anoyance only, to others though it is a pain in the nect if
they get caught by it.

Regards

Jonathan Burrows
 
MB said:
For the past few days, like many others, I've been getting the email
bombardment (I have to keep going to the Prodigy server and clean out my
over-capacity bulk mail folder).

1) Am I correct in assuming I do not have this virus
Click to expand...

I would say yes, it seems that you don't have the worm.
2) Do I now have to change my email address or do these things peter out
over time???
Click to expand...

It should peter out over time, but there will likely be another..
...then another...etc...

It might be a good idea to takes steps now to avoid problems
later. Shop around for filtering programs, use multiple addresses,
and take care where you make them available for harvesting.
 
Thanks for your helpful advice to me and others on this newsgroup.
I'm hoping this just slowly dies out. I don't want to change my email
address because of professional reasons. I depend on this email address.

However, I guess I'll at least add a "nospam" when posting to newsgroups!!!

I do some filtering also, but it seems like it would be very difficult to
filter out the current crop of crap messages!!

Mel
 
Try copying the headers to an email and send it to the ISP that is named
in the Message-ID line. In your case it would bezeqint.net or tin.it
It would be directed to the abuse department - (e-mail address removed)


Jonathan said:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I too am getting these and others like it - they come from two sources it
appears. Perhaps you should check yourself where they come from. If you
are using Outlook youcan go to View>>Options to view the header information.
In Outlook Express you can see this from File>>Properties and Details to see
the same. I have sent emails to each of the domains listed by finding out
their information from the WHOIS database (not that it will do any good).
Here are two examples of the header information - I bet yours are similar!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From bimba.bezeqint.net [192.115.106.39] by
mailserver10.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=067FCD8D-5238-43EA-8E4C-50ADAFA3971B
; Sun, 21 Sep 2003 18:33:54 +0100
Received: from hhmsyuy (bzq-219-232-200.pop.bezeqint.net [62.219.232.200])
by bimba.bezeqint.net (Bezeq International SMTP out Mail Server) with SMTP
id DFB8F766; Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
From: "Internet Security Division" <[email protected]>
To: "Commercial Customer" <[email protected]>
SUBJECT: Latest Internet Critical Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ynpxfnrlzzlynda"
Message-Id: <[email protected]>
Date: Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Or this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From vsmtp3.tin.it [212.216.176.223] by
mailserver08.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=8DFD3E64-B414-4E5C-B4BC-C5EEB37385D8
; Sun, 21 Sep 2003 18:06:09 +0100
Received: from hvfip (80.180.80.160) by vsmtp3.tin.it (7.0.019)
id 3F4F1DDF008B731D; Sun, 21 Sep 2003 18:58:48 +0200
Date: Sun, 21 Sep 2003 18:58:48 +0200 (added by (e-mail address removed))
Message-ID: <[email protected]> (added by
(e-mail address removed))
FROM: "MS Network Delivery Service" <[email protected]>
TO: "Internet Client" <[email protected]>
SUBJECT: Returned Mail: Returned To Mailer
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="zwimlilnlpcrybb"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click to expand...
 
from the said:
Thanks for your helpful advice to me and others on this newsgroup.
I'm hoping this just slowly dies out. I don't want to change my email
address because of professional reasons. I depend on this email address.

However, I guess I'll at least add a "nospam" when posting to newsgroups!!!

I do some filtering also, but it seems like it would be very difficult to
filter out the current crop of crap messages!!
Click to expand...

The following filters (applied at my ISP) get 99% of the damn things
(plus, probably, and real messages from MS, should there ever be such a
thing):

To "Client" drop
To "Partner" drop
To "User" drop
To "Customer" drop
To "Receiver" drop
To "Commercial" drop
To "Consumer" drop
From "Microsoft" drop
From "Inet Message" drop
From "MS Corporation" drop
From "MS Internet" drop
From "Net Email" drop
From "Customer Assistance" drop
 
I do some filtering also, but it seems like it would be very difficult to
filter out the current crop of crap messages!!
Click to expand...

If your mailer will filter on the 'to' line it is easy
 
How do I activate my filters? I am fairly computer illiterate and
I have been getting droves of these awful Microsoft security patches??

I am updated with Norton and have tried their suggestions but nothing
is stopping this little bugger?

Thanks

Devon in Calgary
 
Two suggestions.

First: Call your ISP and ask them why they are not filtering this out
when it comes in. Many ISP's do this, including mine (Road Runner).
Not only does this save you time and effort, it reduces the load on
their own system when they don't receive it, or delete before you have
to download it.

Two: Apparently you're using Outlook Express 6. I don't use it, but
I have OE 5 installed on my computer. In that version, you go to
Tools, Message Rules, Mail and create "rules". A rule specifies a
check to be made on each incoming message, and then what to do when if
the condition is true.

For example, you can create a rule that says in effect: If a message
contains the words "MS Corporation" in the "From:" field, then delete
it.

This virus writer is a little slicker than most. It uses different
words in the "From" and "To" fields as well as the "Subject", so a
single rule won't catch them all. Look at GSV's list.

P.S. What you and I have each done is called "top-posting". I did it
because I followed your lead, but it is considered rude in many
newsgroups. It's especially inappropriate when other posters in the
thread have "bottom-posted", adding their comments to the end of the
previous message.

Steven




How do I activate my filters? I am fairly computer illiterate and
I have been getting droves of these awful Microsoft security patches??

I am updated with Norton and have tried their suggestions but nothing
is stopping this little bugger?

Thanks

Devon in Calgary
Click to expand...
 
GSV Three Minds in a Can said:
The following filters (applied at my ISP) get 99% of the damn things
(plus, probably, and real messages from MS, should there ever be such a
thing):
Click to expand...

<snip>

I found, to my delight, that my ISP has a pretty good server-level
filtering system that is configurable by the user. It's accessible
through the WebMail interface. And *message size* is one of the
parameters you can filter on.

So now, anything over 100,000 bytes that is not from an approved sender
is consigned to instant digital oblivion. It never sees the inside of my
mail account. :-)

Edward
 
Steve M (remove wax for reply) said:
Two suggestions.

First: Call your ISP and ask them why they are not filtering this out
when it comes in. Many ISP's do this, including mine (Road Runner).
Not only does this save you time and effort, it reduces the load on
their own system when they don't receive it, or delete before you have
to download it.
Click to expand...

All RR's are not equal. Mine is stripping the worm from *most* of
them, but it is still sending them on.

If I don't retrieve my mail every couple of hours, my 10MB mailbox is
still overflowing. [inadvertently tested it this AM when a defrag
locked up my system at 1AM- I had an overflow message timestamped 5AM]

-snip-
This virus writer is a little slicker than most. It uses different
words in the "From" and "To" fields as well as the "Subject", so a
single rule won't catch them all. Look at GSV's list.
Click to expand...

Second that-- An excellent list. The use of the 'to:' field is very
efficient.
P.S. What you and I have each done is called "top-posting". I did it
because I followed your lead, but it is considered rude in many
newsgroups. It's especially inappropriate when other posters in the
thread have "bottom-posted", adding their comments to the end of the
previous message.
Click to expand...

Jim
-
[stolen sig lines follow]
A: Top posters.
Q: What is the most annoying thing on Usenet?

A: Because it reverses the logic of a conversation....
Q: Why shouldn't I top post?
A: Top posters.
Q: What is the most annoying thing on Usenet?

A: Because it reverses the logic of a conversation....
Q: Why shouldn't I top post?
 
Jim Elbrecht said:
-snip-

All RR's are not equal. Mine is stripping the worm from *most* of
them, but it is still sending them on.
Click to expand...

For the past 12 hours or so the flood had slowed to a trickle. So
either my RR's post office is broken-- or they have begun to kill the
MS emails at their server.

Even the little 30-40 line messages have disappeared.

Jim
 
Back
Top