Virus Alert

Haven't pinned it down yet, but someone on this newsgroup is sending out a
virus.. It is called a Welshia Worm and it does cause problems .. From the
information I can find, the worm is being solicited through another server
and the initiator is very difficult to track.. Attacking someone's computer
is kinda like attacking someone's motorcycle.. Only a very cowardly son of a
bitch would stoop to such a thing.. So.. by definition, the one(s)
responsible who calls themselves biker(s).. I got serious news for you.. You
are not a biker(s), you remain what I called you, "A cowardly son of a
bitch".. Definitely NOT a BIKER.. See you on the road and be careful...

Your friend in Irving
Bill Walker

 

Bill -

I couldn't find any information about this worm on some of the sites.
Are you sure it's called the Welshia Worm? Spelling maybe?

Also, unless there is some strange hook in it in conjunction with
MSOutlookExpress I can't imagine how you would get a virus on the
group without downloading something.

Last but not least, the person that spread the virus to you may be
completely unaware that they did so..... so don't cut off their
testicles just yet. ;-)




--Fullstate

 

.... how did you arrive at the conclusion it is someone
from this group?

..
--
/// Michael J. Tobler: motorcyclist, surfer, skydiver, \\\
\\\ and author: "Inside Linux", "C++ HowTo", "C++ Unleashed" ///
\\\ http://pages.sbcglobal.net/mtobler/mjt_linux_page.html ///
"If you can count your money, you don't have a billion dollars."
-- J. Paul Getty

 

I may be spelling it wrong...

It is coming through "Outlook". The virus isn't fatal but it is bothersome.
You don't have to download it.. When it hits the "inbox", you have got it..
I never open anything unless I know who and what it is..

This is true.. My post is just an alert..

Your friend in Irving
Bill Walker

 

..... hmmm. i CNP directly from the post to google and
got the response i posted
..
--
/// Michael J. Tobler: motorcyclist, surfer, skydiver, \\\
\\\ and author: "Inside Linux", "C++ HowTo", "C++ Unleashed" ///
\\\ http://pages.sbcglobal.net/mtobler/mjt_linux_page.html ///
"All my friends and I are crazy. That's the only thing that
keeps us sane."

 

The virus was identified by "Norton" and it has been eleminated from my
computer.. My ISP is working on the source which is many different domains
and senders.. I am given to understand that this virus can be transmitted
simply by placing a name or address on a list.. That list will initiate and
the virus will continue from different sources, so that tracking is
difficult, if not impossible.. Take care..

 

I've been infected recently by a virus spread in newsgroups. Maybe here!
Dunno.
It's called "qhost-1" and messes up your IP address resolution by creating a
different hosts file.
It's easy enough to get rid of however. More info at mcaffee.com.

 

I don't know if I have it or if I keep getting e-mails because someone on
here has it. But it is bombarding me with MS update notifiers and notifiers
of e-mails that have failed to be delivered(even though i didn't send any in
the first place).

I also believe it originated here, because I have received several messages
that were quarrantined due to a virus and the list of e-mails provided on
these notifications include alot of e-mails I am familiar with only through
this group.

But when scanning my files Norton doesn't find anything,and my virus
definitions are current. So I ASS-U-ME I don't have it.(either that or I'm
too dense to find it...)

 

.... yep, use something other than a m$ product
..

 

someone who has you in their address book has the virii and it is
spoofing your address on things it is sending from their system. when
that stuff bounces, it gets sent back to your address as the originating
addy on the mailing. it may not even be someone you actually know, it
could be in a system that harvested your email addy from any number of
places. there is nothing you can do about that, afaik. using a real
newsreader and email proggy is a start. a macintosh is usually immune to
these sorts of attacks as they are usually outlook/M$ exploits, but you
can't do much about others who use lame proggies and are hosting malware
with your address in their book. having your email address posted as
simply as it is leaves you open to such harvesting by spambots that scan
the web and usenet looking for targets of opportunity.

and some ppl wonder why i never post an email address in any form...

--
jm

'73 R75/5 Toaster (not for sale)
'99 R1100RT (in use)
'00 FLHRCI (sold!)
Iron Butt Assoc, WATR 3X, EIEIO, AEIOU etc blah blah

 

Hmm...

He and I are both getting swarms of emails containing viruses (not any
in particular). I use multiple email accounts from different services
as does my wife. The only email account getting these virus emails is
the one which posts here. The email account my Dad is getting them
from is used to post here. The only commonality the two accounts have
is they post to tx.motorcycles. My wife isn't getting them and my
other many accounts aren't getting them. I don't know of anyone else
here who's getting them.

We're not talking 1 or two...we're talking several hundred a day.
Would you care to wager that a certain someone here signed us up for a
"I'm pissed at you so I'll sign your email up to a mail bomb scheme"?

The way the emails are set up is quite clever. They're official
looking "Here's a patch" emails that are large attachments. They come
in and flood the size of the box. If you open them out of frustration,
then it's hard to get cleaned up. If you don't, you continue getting
the enormous emails. That's ok though, I've got enough bandwidth and
don't use the email they're being sent to anyway. These little things
work both ways!

 

Actually its an Active X worm. Luckily it doesn't spread like a virus.
Basically a popup window came up in internet explorer and executed a
command. Windows 2000 and XP are effected by it. From what I heard it was
the Fortune City popup that was taking people to a ev1.net location. Get
ready for more spam, things like this and the master blaster are only used
to collect information about your computer usage that this guys sell these
lists to spammers.
Also check for MS updates next wednesday (thursday morning). MS does a lot
of updates releases on wednesday and since this exploit is starting to get
attacked, MS will have to get a fix for it quickly.

 

anti-spam: remove the 9 to send me email

Hmm...

He and I are both getting swarms of emails containing viruses (not any
in particular). I use multiple email accounts from different services
as does my wife. The only email account getting these virus emails is
the one which posts here. The email account my Dad is getting them
from is used to post here. The only commonality the two accounts have
is they post to tx.motorcycles. My wife isn't getting them and my
other many accounts aren't getting them. I don't know of anyone else
here who's getting them.

We're not talking 1 or two...we're talking several hundred a day.
Would you care to wager that a certain someone here signed us up for a
"I'm pissed at you so I'll sign your email up to a mail bomb scheme"?

The way the emails are set up is quite clever. They're official
looking "Here's a patch" emails that are large attachments. They come
in and flood the size of the box. If you open them out of frustration,
then it's hard to get cleaned up. If you don't, you continue getting
the enormous emails. That's ok though, I've got enough bandwidth and
don't use the email they're being sent to anyway. These little things
work both ways![/QUOTE]

There have been several notices about the MS patch email virus. It seems to
come and go in spurts. Every so often we get someone calling us about
getting all these emails and there is nothing we can do. We just tell them
that someone they know has the virus and is spewing out all these emails.
Usually the person's computer is running very slow due to all the traffic
they generate. A couple of weeks ago a different email account of mine was
getting returned / failed to send messages bounced back to me that I never
sent. Guess someone I knew was spewing out a virus and they used my email
address to do it. Oh well, although its a hassle, they eventually get it
fixed. Like you I have other accounts so I can continue to do my business.
Although this is the only account I use for the newsgroup, its easier than
using the google site.

 

I think it is 'worm-spybot.gen'. A sure sign you're infected is that
regedit shuts itself down about 2 seconds after you start it. I had to go
to a backup I had made (Norton Ghost) in August to get rid of it. I kept
getting 'undeliverable mail' messages for about a week afterward but has
stopped now. None of the online advice helped, especially since regedit
wouldn't run.

Why is bottom posting such a tradition on usenet? I occasionally need to
refer to the thread's history but not often.
C. J. Klingman
Austin, TX

 

Someone else on here who is knowledgeable about these types of things
made mention of a certain type of "attack" which you may have fallen
victim of.

It happens when someone else's computer is actually infected with a
virus (mine for instance) and I happen to have YOUR email address in
my address book.

The virus / worm replicates itself by emailing itself out to all the
people in the address book. But, the crappy thing is that it uses one
of the addresses in the book to fill in the "from" field of the email
(your address for instance). Thus, it looks like they are coming from
you, even though they are really being emailed from my computer.

The virus will continue to do this as long as the email client is up
(and some of the newer ones do it by installing their own mail engine,
isn't that clever?) and the person never knows it's happening.

The end result to someone such as yourself is that you get flooded
with returned emails saying you have such-and-such virus even though
you have NO idea who the original email was sent to. Why? Because
you didn't send it....someone else did with your return address in the
field.

What can you do about? Not much to be honest. You have to look in
the headers (not just the from and to field) of the original email (if
attached) and figure out where it's coming from. Then, contact YOUR
ISP and the ISP of the offending originator and try to get them block
that email account until that person fixes it. Like I said, they
probably aren't even aware of it.

This happened to my folks not too long ago. The downside is that it
took me forever to get them to understand it wasn't their computer,
wasn't their email, wasn't their ISP. I lodged multiple complaints
against the ISP of the originator and it finally stopped.....right
before my folks changed ISPs. (joke on me?).

Good luck!

--Fullstate

 

Top Post for *grins*...

Perfect weather.. Wanna ride Saturday ?? Let's do it..

Your friend in Irving
Bill Walker

 

Yes!

 

Joe's Coffee Shop.. In Irving at Irving Blvd, between O'Connor and
MacArthur.. Is that OK.. It is right next to a car wash...???

Your friend in Irving
Bill Walker

 

i am also getting the same emails on the account which i use to post here.

Hmm...

He and I are both getting swarms of emails containing viruses (not any
in particular). I use multiple email accounts from different services
as does my wife. The only email account getting these virus emails is
the one which posts here. The email account my Dad is getting them
from is used to post here. The only commonality the two accounts have
is they post to tx.motorcycles. My wife isn't getting them and my
other many accounts aren't getting them. I don't know of anyone else
here who's getting them.

We're not talking 1 or two...we're talking several hundred a day.
Would you care to wager that a certain someone here signed us up for a
"I'm pissed at you so I'll sign your email up to a mail bomb scheme"?

The way the emails are set up is quite clever. They're official
looking "Here's a patch" emails that are large attachments. They come
in and flood the size of the box. If you open them out of frustration,
then it's hard to get cleaned up. If you don't, you continue getting
the enormous emails. That's ok though, I've got enough bandwidth and
don't use the email they're being sent to anyway. These little things
work both ways![/QUOTE]

 

Time?