On Mon, 22 Sep 2003 16:10:22 -0700, Jim Kelley
wrote:


I run a firewall on my desktop system so I can see what's happening on
both sides of the ethernet card. My system is not infected. FYI
there's a free utility called stinger that can be used to scan for these
worms. Nevertheless, the inbox on the unix system that handles my email
has accumulated about 100 of these kind of messages a day since last
Tuesday or so. I have my desktop system set to filter them.

http://grc.com/default.htm
has offered a port scanner for years. Also a Trojan Horse detector.

But if you are trying to say that the author(s) of the viruses are
specifically targeting users with a MS notation in their news header,
then you may be right. But you didn't say that.

73, Jim AC6XG

Hi Jim,

I find it somewhat beyond the bounds of belief that some one
individual, or consortium of individuals are sitting at home and
directing attacks at selected accounts. The only vector of success is
found in an OS that supports this for them.

Look at who's complaining of massive attacks, and with the exception
of Mike, whose posting activity is highly correlatable, and the rest,
who are not; then those who are not are highly correlatable to what
they commonly use. The evidence is overwhelmingly MS oriented, and
not through force of numbers simply because MS dominates the market.

For a simple example of that contradiction is my own situation. I run
Win2000 and I do not use MS internet software. For this entire day
I've gotten 5 emails from folks reading my comments and two that went
to the trash can for transgressing my filters. It is quite obvious to
me that suggestions that the newsgroups are being harvested is not
applicable to this one (rraa), nor the dozen odd others I participate
in. I can easily imagine it may be confined to a few newsgroups, and
through those few, the stream cascades by virtue of poor security
management by those naive enough to use MS software and just let
things ride.

This conflagration would die of lack of combustibles otherwise. This
is classic symptomatology.

73's
Richard Clark, KB7QHC

I can prove it.... gimme an email address to forward all the ones I am
getting!


--
Ryan, KC8PMX
FF1-FF2-MFR-(pending NREMT-B!)
--. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-.
... --. .... - . .-. ...
"Richard Clark" wrote in message
...
On Mon, 22 Sep 2003 17:52:22 +0000 (UTC), (Mike
Andrews) wrote:

My guess is, they're getting addresses from newgroups.

That has been confirmed.

Hi Mike

How?

I've been a participant here for years with my address freely
available. Not one hit from this virus, not even 30 emails during the
entire period and only one (1) at the peak. Other correspondents here
complain of 1000's in a single day, and 10MB mail storage being
saturated.

Do you have a link to an authoritative site that offers evidence of
your statement?

73's
Richard Clark, KB7QHC

Hey Mike,

In my case, the virus email bombing that I am getting has not affected my in
regards to being infected, but it definitely has slowed everything down. It
is taking forever to use my ISP's webmail email browser (in order to not
download the infected emails) to load up, when there is 200-1,000 messages
in the email box.

I am quite sure I am not the only one getting this happening to them as
well, that are on the same ISP. Must definitely be overloading the mail
server my guess would have to be.



--
Ryan, KC8PMX
FF1-FF2-MFR-(pending NREMT-B!)
--. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-.
... --. .... - . .-. ...
"Mike Andrews" wrote in message
...
Walter Maxwell wrote:
On Sat, 20 Sep 2003 19:01:51 +0000 (UTC), "Reg Edwards"
wrote:

Is anyone else being deluged with Virus/Worm email messages?
--
================================

Me too - 2000 per day.

Terrorist attack or just another up-and-coming Bill Gates?

G4FGQ, UK


Me too, 49 yesterday and 80 today.

So far today:

$ grep -i logging ljoe.txt | wc -l
1286
$ grep -i "\/dev\/null" ljoe.txt | wc -l
976

That's 976 worms out of 1286 mails accepted, total. That doesn't count
the 54 that I bounced because I don't accept mail from the sender's
domain, so it's 976 out of 1340 attempts. At about 150K per try. Rough
on the other people on my cablemodem segment.

--
Mike Andrews, working on his ticket again.

Tired old sysadmin since 1964
WN5EGO back in 1963

Cecil
At least with a Mac the viruses wouldn't be able to do anything were you
foolish enough to open one of the attachments!
It got to about 1000/day and I had to change my email addresses but they've
already found one of my new addresses.
Random number spam bots I tell ya.
Intentional QRM!!
73
H.
NQ5H

"Cecil Moore" wrote in message
...
Richard Clark wrote:
Look at who's complaining of massive attacks, and with the exception
of Mike, whose posting activity is highly correlatable, and the rest,
who are not; then those who are not are highly correlatable to what
they commonly use. The evidence is overwhelmingly MS oriented, and
not through force of numbers simply because MS dominates the market.

I suspect that if I were running an Apple, my inbox would be just as full.
--
73, Cecil http://www.qsl.net/w5dxp



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

H. Adam Stevens, NQ5H wrote:

Cecil
At least with a Mac the viruses wouldn't be able to do anything were you
foolish enough to open one of the attachments!

I'm running Netscape 7.1 with virus-scan/firewall. Most of my
email is routed through the IEEE forwarding server which removes
virtually all viruses and worms. Unfortunately, they send me what's
left of the message along with another message telling me what
they did. I would be happier if they didn't waste bandwidth
telling me about it.
--
73, Cecil http://www.qsl.net/w5dxp



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

My old email address was getting to be useless so I killed it and made up
two new ones.
Presumably this post shows the ARRL remailer which goes to one of the new
email addresses.
One of the addresses has not been used.
They found it.
Linux anyone?
73
H.
"Ryan, KC8PMX" wrote in message
...
Hey Mike,

In my case, the virus email bombing that I am getting has not affected my
in
regards to being infected, but it definitely has slowed everything down.
It
is taking forever to use my ISP's webmail email browser (in order to not
download the infected emails) to load up, when there is 200-1,000 messages
in the email box.

I am quite sure I am not the only one getting this happening to them as
well, that are on the same ISP. Must definitely be overloading the mail
server my guess would have to be.



--
Ryan, KC8PMX
FF1-FF2-MFR-(pending NREMT-B!)
--. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-.
.. --. .... - . .-. ...
"Mike Andrews" wrote in message
...
Walter Maxwell wrote:
On Sat, 20 Sep 2003 19:01:51 +0000 (UTC), "Reg Edwards"
wrote:

Is anyone else being deluged with Virus/Worm email messages?
--
================================

Me too - 2000 per day.

Terrorist attack or just another up-and-coming Bill Gates?

G4FGQ, UK


Me too, 49 yesterday and 80 today.

So far today:

$ grep -i logging ljoe.txt | wc -l
1286
$ grep -i "\/dev\/null" ljoe.txt | wc -l
976

That's 976 worms out of 1286 mails accepted, total. That doesn't count
the 54 that I bounced because I don't accept mail from the sender's
domain, so it's 976 out of 1340 attempts. At about 150K per try. Rough
on the other people on my cablemodem segment.

--
Mike Andrews, working on his ticket again.

Tired old sysadmin since 1964
WN5EGO back in 1963

H. Adam Stevens, NQ5H wrote:
Presumably this post shows the ARRL remailer which goes to one of the new
email addresses.

Does the ARRL remailer check for viruses/worms?
--
73, Cecil http://www.qsl.net/w5dxp



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

On Mon, 22 Sep 2003 16:36:51 GMT, Richard Clark
wrote:

I note that you post from a revolving IP, such that if you had not, I
could have connected to your machine to give you a demonstration of
how open you are to attack. It involves a command built into NT that
is designed EXPRESSLY to allow me to do this! I don't need hacker
tools, just a DOS session and the command line interpreter will do the
rest. If you ever consider moving up to townsqr's hi-speed
connectivity, you better get these on-ramps to your system controlled!

73's
Richard Clark, KB7QHC

I have a static IP address, would you care to prove how open to attack
my system is?

I don't know, it may pass 'em right through, like bad food,
but at least the email address at my ISP isn't being openly broadcast on
usenet.
73
H.
"Cecil Moore" wrote in message
...
H. Adam Stevens, NQ5H wrote:
Presumably this post shows the ARRL remailer which goes to one of the
new
email addresses.

Does the ARRL remailer check for viruses/worms?
--
73, Cecil http://www.qsl.net/w5dxp



-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote:
I have a static IP address, would you care to prove how open to attack
my system is?

Hi Roger,

It is not apparent in your headers.

73's
Richard Clark, KB7QHC