1. Welcome to Verizon Forums - the unofficial Verizon community! Have a question about Verizon? Click HERE to get started.
  2. Expecting Cell Phone Forums? We recently moved Verizon specific content to VerizonForums.com. If you previously had an account on CPF, it has been transferred!

Notice to everyone! Don't open attachments!

Discussion in 'alt.cellular.verizon' started by N9WOS, Sep 18, 2003.

  1. On Sat, 20 Sep 2003 00:32:13 GMT, Scott Stephenson
    <scott.stephensonson@adelphia.net> wrote:

    >An update for all of you reciving this crap from n Adelphia server- I
    >just spent over a half hour on the phone with one of their techs. I was
    >calling to see if they were planning on doing anything, as I have
    >received in excess of 300 emails today, all of which were this virus. I
    >spent the first twenty minutes getting the guy to understand that there
    >was a virus going around- he didn't show anything in his system about
    >it. I literally had to direct him to this morning's article on cnn.com
    >before he knew what I was talking about. Of course, during this whole
    >time he kept asking me which virus I had on my computer. The answer is
    >none, because I run a linux system (the virus targets Microsoft, not
    >linux). He then told me that the problem was my mail reader (Mozilla)
    >or my address book (which is empty) and had nothing to do with their
    >mail server. When I finally got him to understand that I wasn't
    >infected (just getting deluged with crap email), he told me that they
    >have no control over it, and they have no plans at this time to do
    >anything to filter or block this garbage.


    Nothing beats the last support call I made to BellSouth when I was
    still on dialup. Their modems weren't answering, the line would just
    ring and ring. I tried to call their access number using the
    telephone, and it never answered either. I called CS, told them what
    was going on, even turned my modem speaker on and let him hear it ring
    and ring, but he insisted the problem was with my computer and wanted
    to go checking all sorts of Windows settings. I just hung up on him.

    Funny how this guy didn't even know of the virus problem, but when you
    finally showed him enough evidence to support your claim, all of the
    sudden he's the expert on it and knows everything the company is (or
    is not) doing about it. He was just telling you whatever he had to to
    get you off the phone.



    › See More: Notice to everyone! Don't open attachments!
  2. Steve Crow

    Steve Crow Guest

    Bennett,

    I started getting bombarded with these Wednesday night, roughly 8pm local
    time, the same time I lost power thanks to Isabel. When I arrived at the
    emergency shelter around 11:00 (the normal 20-minute drive took nearly two
    hours) I signed in using Soda Pop Mail and had 70 e-mails. Couldn't delete
    them, as Soda Pop is practically useless when it comes to message
    management (waiting for something better).

    Anyhow, luckily, I operate my own mail server and have about 10 gigs of
    disk space I can use for e-mail. Last night I moved my computer equipment
    to one of the few sources of power in the area and SSH'd in to my server.
    I reconfigured my /etc/mail/cf/sendmail.cf file and set the MaxMessageSize
    parameter to 100000 (I had it configured to allow attachments up to 15MB).
    So now, messages with those large attachments are being rejected and I
    haven't received the first one since I restarted Sendmail around midnight
    last night.

    Anyone who's operating their own mail server can take that action... just
    be sure to let other users know you're doing it, as it could significantly
    impair their ability to receive e-mail.

    Steve


    On Fri, 19 Sep 2003, N9WOS wrote:

    > Notice to everyone! Don't open attachments!
    >
    > I am posting this on all the news groups I have posted on.
    > Because...
    > There is evidently people reading these messages that is
    > Infected and don't realize it.
    > And these news groups is the only obvious place that
    > The viruses could be getting my email address with such
    > Repetition.
    >
    > I have been inundated with virus laden emails to the
    > Tune of 3MB worth in the last fifteen minutes.
    > It has started this morning and is getting worse.
    >
    > I have a ten meg email limit but it gets close to maxing it
    > Unless I clean out the in box every hour or so.
    >
    > The viruses has two fronts to it.
    > And the infected computer evidently sends both forms
    > To the available emails.
    >
    > One front has a snazzy logo and graphics.
    > It tells you that includes a security patch, and
    > for you to install it.
    > THE SECURITY PATCH IS THE VIRUS!!!!!!!!
    > It looks genuine Microsoft, but it isn't!!!!!!!!!!!.
    >
    > The other tells you that your email wasn't deliverable.
    > And was sent back to you as an attachment with the return email.
    >
    > DON'T LOOK AT IT, IT'S THE VIRUS!!!!!!!!!!!!!
    > The original email wasn't sent by you, it is just trying
    > to get you to look at the attachment.
    > It isn't actually a return email, it's a bogus return email.
    >
    > The people I have been getting the emails from have these
    > Service providers.
    > I can't tell the real sending email addresses, because they may be faked.
    > But the service providers are certain.
    >
    > COX.NET
    > Bellsouth.net
    > Worldnet.att.net (my own provider)
    > adelphia.net
    > comcast.net
    > charter.net
    > pacbell.net
    > wanadoo.nl
    > insightbb.com
    > telusplanet.net
    > winfirst.net
    > mchsi.com
    > ionex.net
    >
    > Plus others that I can't make sense of.
    > So, if you are in doubt, please check your computer for the sake
    > Of my in box!
    >
    >
    >



    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
  3. David S

    David S Guest

    On Fri, 19 Sep 2003 04:09:49 GMT, Scott Stephenson
    <scott.stephensonson@adelphia.net> chose to add this to the great equation
    of life, the universe, and everything:

    >N9WOS wrote:
    >>>Shitload here too- I've set filters that seem to be catching all of the
    >>>nasty ones (attachments). They get deleted immediately. But what a pain
    >>>in the ass.


    Oh, so this is where it came from.

    >> ya ya ya..... ATT's internal security systems have finally caught up.
    >> all I am getting now is emails with this on it.
    >>
    >> "update2586.exe was infected with the malicious virus Worm.Automat.AHB
    >> and has been deleted because the file cannot be cleaned."


    I'm still getting a lot of them coming through.

    >It appears that they are getting the email addresses from fairly current
    >posts- after I noticed the volume, and that all I was doing tonight was
    >posting to a few groups, I altered the mailto email address on my NG
    >account. Within a half hour, the volume went down tremendously, and I
    >haven't had a new one in about the last 45 minutes.


    I was gone all day yesterday, but when I checked this morning, I had 175
    new emails, of which ONE was legit. I've gotten about 20 more in 2-3 hours
    online.

    David Streeter, "an internet god" -- Dave Barry
    --
    http://home.att.net/~dwstreeter
    Expect a train on ANY track at ANY time.
    "My parents never got divorced. I would have done much better coming from a
    broken home." - Maj. Frank Burns
  4. Brad

    Brad Guest

    Well first off, you should NEVER use a real email address anywhere on
    Usenet.
    That's begging for spam to be sent to you.

    "N9WOS" <n9wos@worldnet.att.net> wrote in message
    news:XZuab.144776$0v4.10678947@bgtnsc04-news.ops.worldnet.att.net...
    > Notice to everyone! Don't open attachments!
    >
    > I am posting this on all the news groups I have posted on.
    > Because...
    > There is evidently people reading these messages that is
    > Infected and don't realize it.
    > And these news groups is the only obvious place that
    > The viruses could be getting my email address with such
    > Repetition.
    >
    > I have been inundated with virus laden emails to the
    > Tune of 3MB worth in the last fifteen minutes.
    > It has started this morning and is getting worse.
    >
    > I have a ten meg email limit but it gets close to maxing it
    > Unless I clean out the in box every hour or so.
    >
    > The viruses has two fronts to it.
    > And the infected computer evidently sends both forms
    > To the available emails.
    >
    > One front has a snazzy logo and graphics.
    > It tells you that includes a security patch, and
    > for you to install it.
    > THE SECURITY PATCH IS THE VIRUS!!!!!!!!
    > It looks genuine Microsoft, but it isn't!!!!!!!!!!!.
    >
    > The other tells you that your email wasn't deliverable.
    > And was sent back to you as an attachment with the return email.
    >
    > DON'T LOOK AT IT, IT'S THE VIRUS!!!!!!!!!!!!!
    > The original email wasn't sent by you, it is just trying
    > to get you to look at the attachment.
    > It isn't actually a return email, it's a bogus return email.
    >
    > The people I have been getting the emails from have these
    > Service providers.
    > I can't tell the real sending email addresses, because they may be faked.
    > But the service providers are certain.
    >
    > COX.NET
    > Bellsouth.net
    > Worldnet.att.net (my own provider)
    > adelphia.net
    > comcast.net
    > charter.net
    > pacbell.net
    > wanadoo.nl
    > insightbb.com
    > telusplanet.net
    > winfirst.net
    > mchsi.com
    > ionex.net
    >
    > Plus others that I can't make sense of.
    > So, if you are in doubt, please check your computer for the sake
    > Of my in box!
    >
    >
  5. David S

    David S Guest

    On Fri, 19 Sep 2003 17:00:39 GMT, Rich <root@127.0.0.1> chose to add this
    to the great equation of life, the universe, and everything:

    >Path: bgtnsc04-news.ops.worldnet.att.net!wnmaster12!wn11feed!worldnet.att.net!128.230.129.106!news.maxwell.syr.edu!newshub.sdsu.edu!elnk-nf2-pas!newsfeed.earthlink.net!stamper.news.pas.earthlink.net!stamper.news.atl.earthlink.net!newsread2.news.atl.earth

    link.net.POSTED!not-for-mail
    >Newsgroups: alt.cellular.verizon
    >Subject: Re: Notice to everyone! Don't open attachments!
    >From: Rich <root@127.0.0.1>


    Your valid-but-useless address, right?

    >References: <XZuab.144776$0v4.10678947@bgtnsc04-news.ops.worldnet.att.net> <i6vab.639$qK1.656149@news2.news.adelphia.net> <rfvab.144795$0v4.10681308@bgtnsc04-news.ops.worldnet.att.net> <hkvab.641$qK1.658621@news2.news.adelphia.net> <VVvab.118101$7G2.7362

    9@twister.nyroc.rr.com> <lFDab.3593$0c1.3263@twister.southeast.rr.com>
    >Organization: Dis


    Cute, but not likely original.

    >Message-ID: <Xns93FB845A761A6rah1420yahoocom@207.69.154.204>
    >User-Agent: Xnews/5.04.25
    >Mail-Copies-To: never


    Oooooo-kay.

    >X-No-Ahbou: Yes


    Aaaw.

    >Approved: Looks good to me!
    >X-Tea: Earl Grey, hot
    >X-Header-Virus: Hi! I'm a header virus! Copy me into yours and join the fun!


    Ha ha.

    >Lines: 23
    >Date: Fri, 19 Sep 2003 17:00:39 GMT
    >NNTP-Posting-Host: 67.100.121.219
    >X-Complaints-To: abuse@earthlink.net


    Noted.

    >X-Trace: newsread2.news.atl.earthlink.net 1063990839 67.100.121.219 (Fri, 19 Sep 2003 13:00:39 EDT)
    >NNTP-Posting-Date: Fri, 19 Sep 2003 13:00:39 EDT
    >Xref: wnmaster12 alt.cellular.verizon:124463
    >X-Received-Date: Fri, 19 Sep 2003 17:00:40 GMT (bgtnsc04-news.ops.worldnet.att.net)
    >
    >Seriously, you need to find the setting in Outhouse where you can set a
    >reply-to or mail-to address. Make this your real address and make the From
    >address something bogus.
    >
    >Like mine. If you view the headers on my messages you'll see that I did
    >that; my mail-to address is a valid Yahoo address and my public from
    >address is, while technically correct and it would pass any filter in the
    >world, does absolutely nothing with the message.


    So where's the Yahoo? I added (smart-assed) comments, but I didn't remove
    any headers.

    David Streeter, "an internet god" -- Dave Barry
    --
    http://home.att.net/~dwstreeter
    Expect a train on ANY track at ANY time.
    "Practice." - John Kelly to Pierre LaMarck, Without Remorse
  6. David S

    David S Guest

    On Fri, 19 Sep 2003 14:55:32 -0500, "Thomas T. Veldhouse"
    <veldy71@yahoo.com> chose to add this to the great equation of life, the
    universe, and everything:

    >I tend to doubt it is from newgroup postings at all. I don't use my real
    >email address here (I use a /dev/null Yahoo address) and yet I am suddenly
    >getting hundreds of these things. Perhaps some archive somewhere, or DNS
    >records are where the harvest is occurring.


    I must disagree.

    I have a total of 6 addresses on my account: my standard one; one I use
    when I sign up for things or enter contests online; one I don't use for
    anything; two on web pages; and one I used to post to usenet 2 or 3 times
    last spring, but nothing else. Of the 6, the standard one has gotten
    hundreds of these pieces of crap and the one from last spring has gotten a
    few; none of the others has gotten any.

    David Streeter, "an internet god" -- Dave Barry
    --
    http://home.att.net/~dwstreeter
    Expect a train on ANY track at ANY time.
    "Any person who shall in the city of Wichita use or carry concealed or
    unconcealed any bean snapper or like article shall, upon conviction, be
    fined." - City ordinance 349 of Wichita, Kansas
  7. Rich

    Rich Guest

    David S <dwstreeter@att.net> wrote in
    news:dtg1nvk7pq7ie4ltg5boqqpdv33vama4ab@4ax.com:
    > So where's the Yahoo? I added (smart-assed) comments, but I didn't
    > remove any headers.


    Damn, isn't reply-to on there??
    I am beginning to hate XNews. A few more faux pas like this and it's back
    to slrn for me.

    Apologies.
    In Xnews, it's listed as my "private email." Generally speaking spam
    harvesters don't bother with the reply-to because it's not part of the
    headers when doing a header list. It would take them a lot longer to
    download the list of likely addresses.

    Time to crawl away and stop showing off.
  8. Rich

    Rich Guest

    David S <dwstreeter@att.net> wrote in
    news:dtg1nvk7pq7ie4ltg5boqqpdv33vama4ab@4ax.com:

    >
    > So where's the Yahoo? I added (smart-assed) comments, but I didn't
    > remove any headers.


    In Xnews.ini, the [Compose] section, I had SetReplyToInPosts set to '0'.
    So much for showing off. :-{)

Welcome to VerizonForums!

Unfortunately you can't reply until you log in or sign up.


Forgot your password?