|
On Mon, 22 Sep 2003 16:10:22 -0700, Jim Kelley
wrote: I run a firewall on my desktop system so I can see what's happening on both sides of the ethernet card. My system is not infected. FYI there's a free utility called stinger that can be used to scan for these worms. Nevertheless, the inbox on the unix system that handles my email has accumulated about 100 of these kind of messages a day since last Tuesday or so. I have my desktop system set to filter them. http://grc.com/default.htm has offered a port scanner for years. Also a Trojan Horse detector. But if you are trying to say that the author(s) of the viruses are specifically targeting users with a MS notation in their news header, then you may be right. But you didn't say that. 73, Jim AC6XG Hi Jim, I find it somewhat beyond the bounds of belief that some one individual, or consortium of individuals are sitting at home and directing attacks at selected accounts. The only vector of success is found in an OS that supports this for them. Look at who's complaining of massive attacks, and with the exception of Mike, whose posting activity is highly correlatable, and the rest, who are not; then those who are not are highly correlatable to what they commonly use. The evidence is overwhelmingly MS oriented, and not through force of numbers simply because MS dominates the market. For a simple example of that contradiction is my own situation. I run Win2000 and I do not use MS internet software. For this entire day I've gotten 5 emails from folks reading my comments and two that went to the trash can for transgressing my filters. It is quite obvious to me that suggestions that the newsgroups are being harvested is not applicable to this one (rraa), nor the dozen odd others I participate in. I can easily imagine it may be confined to a few newsgroups, and through those few, the stream cascades by virtue of poor security management by those naive enough to use MS software and just let things ride. This conflagration would die of lack of combustibles otherwise. This is classic symptomatology. 73's Richard Clark, KB7QHC |
I can prove it.... gimme an email address to forward all the ones I am
getting! -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. ... --. .... - . .-. ... "Richard Clark" wrote in message ... On Mon, 22 Sep 2003 17:52:22 +0000 (UTC), (Mike Andrews) wrote: My guess is, they're getting addresses from newgroups. That has been confirmed. Hi Mike How? I've been a participant here for years with my address freely available. Not one hit from this virus, not even 30 emails during the entire period and only one (1) at the peak. Other correspondents here complain of 1000's in a single day, and 10MB mail storage being saturated. Do you have a link to an authoritative site that offers evidence of your statement? 73's Richard Clark, KB7QHC |
Hey Mike,
In my case, the virus email bombing that I am getting has not affected my in regards to being infected, but it definitely has slowed everything down. It is taking forever to use my ISP's webmail email browser (in order to not download the infected emails) to load up, when there is 200-1,000 messages in the email box. I am quite sure I am not the only one getting this happening to them as well, that are on the same ISP. Must definitely be overloading the mail server my guess would have to be. -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. ... --. .... - . .-. ... "Mike Andrews" wrote in message ... Walter Maxwell wrote: On Sat, 20 Sep 2003 19:01:51 +0000 (UTC), "Reg Edwards" wrote: Is anyone else being deluged with Virus/Worm email messages? -- ================================ Me too - 2000 per day. Terrorist attack or just another up-and-coming Bill Gates? G4FGQ, UK Me too, 49 yesterday and 80 today. So far today: $ grep -i logging ljoe.txt | wc -l 1286 $ grep -i "\/dev\/null" ljoe.txt | wc -l 976 That's 976 worms out of 1286 mails accepted, total. That doesn't count the 54 that I bounced because I don't accept mail from the sender's domain, so it's 976 out of 1340 attempts. At about 150K per try. Rough on the other people on my cablemodem segment. -- Mike Andrews, working on his ticket again. Tired old sysadmin since 1964 WN5EGO back in 1963 |
Cecil
At least with a Mac the viruses wouldn't be able to do anything were you foolish enough to open one of the attachments! It got to about 1000/day and I had to change my email addresses but they've already found one of my new addresses. Random number spam bots I tell ya. Intentional QRM!! 73 H. NQ5H "Cecil Moore" wrote in message ... Richard Clark wrote: Look at who's complaining of massive attacks, and with the exception of Mike, whose posting activity is highly correlatable, and the rest, who are not; then those who are not are highly correlatable to what they commonly use. The evidence is overwhelmingly MS oriented, and not through force of numbers simply because MS dominates the market. I suspect that if I were running an Apple, my inbox would be just as full. -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
H. Adam Stevens, NQ5H wrote:
Cecil At least with a Mac the viruses wouldn't be able to do anything were you foolish enough to open one of the attachments! I'm running Netscape 7.1 with virus-scan/firewall. Most of my email is routed through the IEEE forwarding server which removes virtually all viruses and worms. Unfortunately, they send me what's left of the message along with another message telling me what they did. I would be happier if they didn't waste bandwidth telling me about it. -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
My old email address was getting to be useless so I killed it and made up
two new ones. Presumably this post shows the ARRL remailer which goes to one of the new email addresses. One of the addresses has not been used. They found it. Linux anyone? 73 H. "Ryan, KC8PMX" wrote in message ... Hey Mike, In my case, the virus email bombing that I am getting has not affected my in regards to being infected, but it definitely has slowed everything down. It is taking forever to use my ISP's webmail email browser (in order to not download the infected emails) to load up, when there is 200-1,000 messages in the email box. I am quite sure I am not the only one getting this happening to them as well, that are on the same ISP. Must definitely be overloading the mail server my guess would have to be. -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. .. --. .... - . .-. ... "Mike Andrews" wrote in message ... Walter Maxwell wrote: On Sat, 20 Sep 2003 19:01:51 +0000 (UTC), "Reg Edwards" wrote: Is anyone else being deluged with Virus/Worm email messages? -- ================================ Me too - 2000 per day. Terrorist attack or just another up-and-coming Bill Gates? G4FGQ, UK Me too, 49 yesterday and 80 today. So far today: $ grep -i logging ljoe.txt | wc -l 1286 $ grep -i "\/dev\/null" ljoe.txt | wc -l 976 That's 976 worms out of 1286 mails accepted, total. That doesn't count the 54 that I bounced because I don't accept mail from the sender's domain, so it's 976 out of 1340 attempts. At about 150K per try. Rough on the other people on my cablemodem segment. -- Mike Andrews, working on his ticket again. Tired old sysadmin since 1964 WN5EGO back in 1963 |
H. Adam Stevens, NQ5H wrote:
Presumably this post shows the ARRL remailer which goes to one of the new email addresses. Does the ARRL remailer check for viruses/worms? -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
On Mon, 22 Sep 2003 16:36:51 GMT, Richard Clark
wrote: I note that you post from a revolving IP, such that if you had not, I could have connected to your machine to give you a demonstration of how open you are to attack. It involves a command built into NT that is designed EXPRESSLY to allow me to do this! I don't need hacker tools, just a DOS session and the command line interpreter will do the rest. If you ever consider moving up to townsqr's hi-speed connectivity, you better get these on-ramps to your system controlled! 73's Richard Clark, KB7QHC I have a static IP address, would you care to prove how open to attack my system is? |
I don't know, it may pass 'em right through, like bad food,
but at least the email address at my ISP isn't being openly broadcast on usenet. 73 H. "Cecil Moore" wrote in message ... H. Adam Stevens, NQ5H wrote: Presumably this post shows the ARRL remailer which goes to one of the new email addresses. Does the ARRL remailer check for viruses/worms? -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote:
I have a static IP address, would you care to prove how open to attack my system is? Hi Roger, It is not apparent in your headers. 73's Richard Clark, KB7QHC |
| All times are GMT +1. The time now is 01:48 PM. |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
RadioBanter.com