Re: Watch this critical update from the M$

Clive Skingle wrote:

-snip posting with .exe file attached, "from Microsoft"-

So, are you stupid, or do you think we are?

--
Els

Mente humana é como pára-quedas; funciona melhor aberta.

zola@invalid.org wrote:

> Els wrote:
>
>
>>Clive Skingle wrote:
>>
>>-snip posting with .exe file attached, "from Microsoft"-
>>
>>So, are you stupid, or do you think we are?
>
> He's fishing for idiots. And, sadly, he'll find quite a few

And another fisherman (woman) is doing the same in alt.html :-(

--
Els

Mente humana é como pára-quedas; funciona melhor aberta.

In news:bkhg7v$r9t$8@reader1.tiscali.nl, Els deftly typed:
> zola@invalid.org wrote:
>
>> Els wrote:
>>
>>
>>> Clive Skingle wrote:
>>>
>>> -snip posting with .exe file attached, "from Microsoft"-
>>>
>>> So, are you stupid, or do you think we are?
>>
>> He's fishing for idiots. And, sadly, he'll find quite a few
>
> And another fisherman (woman) is doing the same in alt.html :-(

Theses peoples might not even be aware that their machine is sending
this.

--
Martin.
"The known is finite, The unknown infinite"
T.H.Huxley

This post is from the worm. Worm.Automat.AGH has an SMPT engine and is
going after usenet newsgroups. This is a bad one. It only takes about 90
of these infected e-mails to fill up a 10 MByte mailbox... if you start
getting these infected e-mails you'll have to empty your mailbox hourly or
even more often just to keep legitimate e-mail from bouncing.

Phil Weldon, pweldon@mindspring.com

<zola@invalid.org> wrote in message
news:1ufomv8neh8a278tkru0da7eikkavfk3rk@4ax.com...
> Els wrote:
>
> >Clive Skingle wrote:
> >
> >-snip posting with .exe file attached, "from Microsoft"-
> >
> >So, are you stupid, or do you think we are?
>
>
> He's fishing for idiots. And, sadly, he'll find quite a few

"Els" <els.aNOSPAM@PLEASEtiscali.nl.invalid> wrote in message
news:bkhg7v$r9t$8@reader1.tiscali.nl...
> zola@invalid.org wrote:
>
> > Els wrote:
> >
> >
> >>Clive Skingle wrote:
> >>
> >>-snip posting with .exe file attached, "from Microsoft"-
> >>
> >>So, are you stupid, or do you think we are?
> >
> > He's fishing for idiots. And, sadly, he'll find quite a few
>
> And another fisherman (woman) is doing the same in alt.html :-(


They are all over the place.... the fucking scumbags.


> Mente humana é como pára-quedas; funciona melhor aberta.
>

yeah i have had about 80 in the last 24 hours

"Phil Weldon" <pweldon@mindspring.com> wrote in message
news:e9Yab.45248$Aq2.25331@newsread1.news.atl.eart hlink.net...
> This post is from the worm. Worm.Automat.AGH has an SMPT engine and is
> going after usenet newsgroups. This is a bad one. It only takes about 90
> of these infected e-mails to fill up a 10 MByte mailbox... if you start
> getting these infected e-mails you'll have to empty your mailbox hourly or
> even more often just to keep legitimate e-mail from bouncing.
>
> Phil Weldon, pweldon@mindspring.com
>
> <zola@invalid.org> wrote in message
> news:1ufomv8neh8a278tkru0da7eikkavfk3rk@4ax.com...
> > Els wrote:
> >
> > >Clive Skingle wrote:
> > >
> > >-snip posting with .exe file attached, "from Microsoft"-
> > >
> > >So, are you stupid, or do you think we are?
> >
> >
> > He's fishing for idiots. And, sadly, he'll find quite a few
>
>

MCL wrote:

> In news:bkhg7v$r9t$8@reader1.tiscali.nl, Els deftly typed:
>
>>zola@invalid.org wrote:
>>
>>>Els wrote:
>>>
>>>>Clive Skingle wrote:
>>>>
>>>>-snip posting with .exe file attached, "from Microsoft"-
>>>>
>>>>So, are you stupid, or do you think we are?
>>>
>>>He's fishing for idiots. And, sadly, he'll find quite a few
>>
>>And another fisherman (woman) is doing the same in alt.html :-(
>
> Theses peoples might not even be aware that their machine is sending
> this.

It probably isn't even their machine that's sending it, some
machine somewhere is using their address as the from address.

--
Els

Mente humana é como pára-quedas; funciona melhor aberta.

On Sat, 20 Sep 2003 21:45:07 +0100, "Peter McDonald"
<filth@blueyonder.co.uk> waffled on about something:

>yeah i have had about 80 in the last 24 hours

Best way to avoid it is to never quote your true email address in a
usenet post... I never have... If anyone wants it they can have it,
but I'd scatter "removethis" and "skipthis" all the way through it.

Probably why I have never received this worm, or seen sobig-f come to
think of it....

D0d6y.
--
MUSHROOMS ARE THE OPIATE OF THE MOOSES

That's no protection. This worm is harvesting email address from address
books. If anyone has an infected system and has your email address on their
system you will eventually be flooded with these bogus and infected emails.
PtoP filesharing networks are also being harvested for email addresses.
Prior to this week I got an average of 5 infected e-mails per week. From
midnight to midnight EDT (USA Eastern Daylight savings Time) 20SEP03 I
received 1382 infected e-mails generated by this worm.

Fill Weldon, fweldon@mindspring.com
[Changed my sig from the obvious and set up a new mailbox to see if it
attracts anything.

"Dodgy" <Dodgy@earth.planet.universe> wrote in message
news:rkvpmv0qiem631divgg4v8k1b51qcnkg90@4ax.com...
> On Sat, 20 Sep 2003 21:45:07 +0100, "Peter McDonald"
> <filth@blueyonder.co.uk> waffled on about something:
>
> >yeah i have had about 80 in the last 24 hours
>
> Best way to avoid it is to never quote your true email address in a
> usenet post... I never have... If anyone wants it they can have it,
> but I'd scatter "removethis" and "skipthis" all the way through it.
>
> Probably why I have never received this worm, or seen sobig-f come to
> think of it....
>
> D0d6y.
> --
> MUSHROOMS ARE THE OPIATE OF THE MOOSES

>>>>> "Phil" == Phil Weldon <pweldon@mindspring.com> writes:

> This post is from the worm. Worm.Automat.AGH has an SMPT engine and
> is going after usenet newsgroups. This is a bad one. It only takes
> about 90 of these infected e-mails to fill up a 10 MByte
> mailbox... if you start getting these infected e-mails you'll have
> to empty your mailbox hourly or even more often just to keep
> legitimate e-mail from bouncing.

I recently set up a qmail server and am very much a newbie to qmail as
well as running a mail server in general. I'm trying to get a handle
on what is happening and why. Here is what I've been seeing, I got
everything (qmail-smtp (open), qmail-send, qmail-popd (blocked))
working the started to get mysterious messages something to the effect
of:



MQ == Mail Quoted
MQ> X-From-Line: emailroutine@aol.net Mon Sep 22 15:44:49 2003
MQ> Return-Path: <wingatesigns@btinternet.com>
MQ> Delivered-To: mnichols@mojosoft.org
MQ> Received: (qmail 5932 invoked from network); 22 Sep 2003 15:45:37 -0000
MQ> Received: from unknown (HELO zinc.btinternet.com) (194.73.73.148)
MQ> by 192.168.1.4 with SMTP; 22 Sep 2003 15:45:37 -0000
MQ> Received: from host213-122-212-48.in-addr.btopenworld.com ([213.122.212.48] helo=kvkmp)
MQ> by zinc.btinternet.com with smtp (Exim 3.22 #23)
MQ> id 1A1Rvj-0003xf-00; Mon, 22 Sep 2003 15:44:49 +0100
MQ> FROM: "Net Message Storage System" <emailroutine@aol.net>
MQ> TO: "Net Recipient" <recipient@smtpdomain.net>
MQ> SUBJECT: undeliverable mail: user unknown
MQ> Mime-Version: 1.0
MQ> Content-Type: multipart/alternative; boundary="nxgoheqoeh"
MQ> X-Gnus-Mail-Source: pop:mnichols@192.168.1.4
MQ> Message-Id: <E1A1Rvj-0003xf-00@zinc.btinternet.com>
MQ> Date: Mon, 22 Sep 2003 15:44:49 +0100
MQ> X-Content-Length: 144308
MQ> Lines: 1892
MQ> Xref: mymachine spam:429
MQ>
MQ>
MQ>
MQ> Hi.
MQ>
MQ>
MQ> Undeliverable mail to azdateb@aol.net
MQ>
MQ>
MQ> Message follows:


Then I started getting a lot of the messages referenced in here. MS
patch etc. My first concern was that I had an open relay, that
spammer where using, and hence the reason for the above message
showing up on my doorstep. I looked into it and it doesn't appear
that it is an open relay, rcphosts includes my host and my laptops
IP. (Although wouldn't it be possible to spoof this I'll leave that
for another thread).

My conclusion is that my email address was picked up and is now being
used as a reply to for the spam. Likewise I'm recieving the spam as
well. Is this close to correct? I appreciate any help or wisdom in
this. Is this normal when a M$ worm/virus surfaces. I don't run M$
anywhere.


Thanks in advance