I am surrounded and they are coming through the wire.
Need immediate tactical air support!

email, that is.

I've been targeted, accurately, and I do believe that
they finally got me.

Something got through my filters a few weeks ago and took
my computer back to the stone age.

Rock = 0, Stick = 1
(Edit that, Bill Gates)

It was indeed a boot sector virus.
That ":obnoxious: boot sector warning" saved my butt.
Or YOUR butt, since the thing got caught there before it
could go on an email rampage of it's own.

I got the system back up, clean, but my email address is now known
and the vandals have a real target. Me!

My email inbox on Prodigy is filling up in less than an
hour with Microsoft patch offerings. They all have the boot
sector virus attached.
(Except one message that claims larger penis have more fun)

Prodigy keeps the trash for SEVEN days.

But it's coming in at about 10 meg per hour...
That's the limit of my inbox, anyway.
I suspect any valid email is bouncing back to the senders.
But no way I can really tell.

So.

RIP

Almost - but not quite - ten years old.
February '94 to September 2003.
He was a good man (well, my opinion anyway)

From the ashes will arises...



I hope.

"Richard Lamb" > wrote in message
...
>
> I am surrounded and they are coming through the wire.
> Need immediate tactical air support!
>
> email, that is.
>
> I've been targeted, accurately, and I do believe that
> they finally got me.
>
> Something got through my filters a few weeks ago and took
> my computer back to the stone age.
>
> Rock = 0, Stick = 1
> (Edit that, Bill Gates)
>
> It was indeed a boot sector virus.
> That ":obnoxious: boot sector warning" saved my butt.
> Or YOUR butt, since the thing got caught there before it
> could go on an email rampage of it's own.
>
> I got the system back up, clean, but my email address is now known
> and the vandals have a real target. Me!
>
> My email inbox on Prodigy is filling up in less than an
> hour with Microsoft patch offerings. They all have the boot
> sector virus attached.

I just solved the same problem. During the last week, I was getting 200-300
virus containing e-mails a day. There seemed to be 15-20 spurious
"sender's" for all of the messages. I used filters to ID and delete any
messages from those senders. The fix is working.

KB

Jerry Springer wrote:
>
> That MS patch and the worms and virus that are attached to it have been
> going around and hitting a lot of people hard. Last week I was getting
> about 300 a day. I thought that it was going to burn up my anti virus
> program. :) I check my system several times a day to make sure none of
> them are getting through so far so good.
>
> Jerry
>

Yeah. That's where I was about 2 months ago!

Best of luck, Jerry.


I think I have to turn off the Prodigy filters and go back to
the netscape filters. At least that way, when the filter deletes
something it doesn't hang around for another week before dying.

What a mess.

Richard (one of them, anyway)...

I just received a test message from Jim C. via the Tailwind list
at yahoo groups.

Jim said he hasn't heard a mumblin' word from ANYBODY on the list
in 5 or 6 days.

Richard

I got hit hard by the same email attack a few days ago. Just got tons and
tons of emails, all containing a 150K attachment that Norton said had a
virus. Was out of town a couple of days, and the mailbox on my ISP filled
up. Agent does a wonderful job of weeding things out, but if I don't
download the emails, they just stay on the server until it's plugged.

Read that the virus was different from the standard variety...it didn't
access the address book of the infected party, it went for some Spammer's
mailing list that was accessible via the net. That's why we got tons of
repeats.

Put in about 20 different filters, and things are a lot calmer now. I'll
probably gradually subtract a filter or two as things go along here, and
see if the flood comes back.

Ron Wanttaja

You arent the only one....

I have been recieving over 100/day... since Thursday.. I literally have
to clean my mailbox several times a day (on the "webmail" page that I
have since reconfigured to stop and hold ALL mail... and then I pick the
real ones out and send em to Netscrape)

At first I thought I was infected (undeliverable email stuff bouncing
back that I didnt send), but I have been found to be unadulterated in
the eyes of Symantec Corp, and I have been leaving my machines offline
when I leave..

Oh well... I can only hope all the others out there clean their machines
someday so the incoming barrage will stop..

Dave

Richard Lamb wrote:
> I am surrounded and they are coming through the wire.
> Need immediate tactical air support!
>
> email, that is.
>
> I've been targeted, accurately, and I do believe that
> they finally got me.
>
> Something got through my filters a few weeks ago and took
> my computer back to the stone age.
>
> Rock = 0, Stick = 1
> (Edit that, Bill Gates)
>
> It was indeed a boot sector virus.
> That ":obnoxious: boot sector warning" saved my butt.
> Or YOUR butt, since the thing got caught there before it
> could go on an email rampage of it's own.
>
> I got the system back up, clean, but my email address is now known
> and the vandals have a real target. Me!
>
> My email inbox on Prodigy is filling up in less than an
> hour with Microsoft patch offerings. They all have the boot
> sector virus attached.
> (Except one message that claims larger penis have more fun)
>
> Prodigy keeps the trash for SEVEN days.
>
> But it's coming in at about 10 meg per hour...
> That's the limit of my inbox, anyway.
> I suspect any valid email is bouncing back to the senders.
> But no way I can really tell.
>
> So.
>
> RIP
>
> Almost - but not quite - ten years old.
> February '94 to September 2003.
> He was a good man (well, my opinion anyway)
>
> From the ashes will arises...
>
>
>
> I hope.

>
>Jerry Springer wrote:
>>
>> That MS patch and the worms and virus that are attached to it have been
>> going around and hitting a lot of people hard. Last week I was getting
>> about 300 a day. I thought that it was going to burn up my anti virus
>> program. :) I check my system several times a day to make sure none of
>> them are getting through so far so good.
>>

Why are u downloading the attachments. I havent had a single problem casue i
dont download stuff unless i know who it is from.

CHris

"CW9371" > wrote in message
...
> >
> >Jerry Springer wrote:
> >>
> >> That MS patch and the worms and virus that are attached to it have been
> >> going around and hitting a lot of people hard. Last week I was getting
> >> about 300 a day. I thought that it was going to burn up my anti virus
> >> program. :) I check my system several times a day to make sure none of
> >> them are getting through so far so good.
> >>
>
> Why are u downloading the attachments. I havent had a single problem
casue i
> dont download stuff unless i know who it is from.
>
> CHris

You could still have this problem if someone you know gets infected and your
in their email address book.

I understand that folks may have need of sending executable files, but I
can't think of a good reason to send them without zipping or renaming them
so that they can't be executed just by clicking on the attachments. I know
that many corporations are protecting their smtp servers by not passing
executables, they are either compressed or at least have the extentions
renamed. Sure, now you could unzip the file, or rename the extention back
to the original executable extention and still run it, but if someone does
all that to run a file that they received in email that they were not
expecting.....well I am not sure you can really help that person, and they
should be keep away from pointy objects too.


"CW9371" > wrote in message
...
> > But I run my own mail server
> >at home with pretty agreesive SPAM filtering and anti-virus protection
> >scanning all incoming and out going SMTP traffic, and any attachment that
> >can be executed it stripped.
>
> That wouldnt work for me that any attachment ths is executable is
stripped.
> Wont work for a lot of people.

"Jerry Springer" > wrote in message
t...
> That MS patch and the worms and virus that are attached to it have been
> going around and hitting a lot of people hard. Last week I was getting
> about 300 a day. I thought that it was going to burn up my anti virus
> program. :) I check my system several times a day to make sure none of
> them are getting through so far so good.
>
> Jerry
>

It's hit me, too. It started with about 25 or 30 a day last week and it has
jumped up to the 250-300 a day range since Sunday. Roadrunner's scan
catches most of the viruses, but they deliver the scrubbed copy anyway in
the theory that it might be something you were expecting. That would let
you know to contact the sender. Norton has caught the few that made it past
Roadrunner's scan.

Found a good filter while working thru the Outlook Rules Wizard:
where my name is not in the To box
delete it
except where my name is in the Cc box

Since I set up that rule, 99% are going straight to the wastebasket.

Gerry

> >
>
> It's hit me, too. It started with about 25 or 30 a day last week and it
has
> jumped up to the 250-300 a day range since Sunday. Roadrunner's scan
> catches most of the viruses, but they deliver the scrubbed copy anyway in
> the theory that it might be something you were expecting. That would let
> you know to contact the sender. Norton has caught the few that made it
past
> Roadrunner's scan.
>
> Found a good filter while working thru the Outlook Rules Wizard:
> where my name is not in the To box
> delete it
> except where my name is in the Cc box
>
> Since I set up that rule, 99% are going straight to the wastebasket.
>
> Gerry
>
>
Where is this, or how do you get to this? What version of Outlook, is it
Outlet Express, or Outlook, and what # version?

It sounds like exactly what I need.
--
Jim in NC

(CW9371) wrote:

>Why are u downloading the attachments. I havent had a single problem casue i
>dont download stuff unless i know who it is from.
>
>CHris
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++

Apparently you havn't met up with the address thieves, yet.
You cannot trust mail from any address anymore.


Barnyard BOb --

"Morgans" > wrote in message
...
> > Found a good filter while working thru the Outlook Rules Wizard:
> > where my name is not in the To box
> > delete it
> > except where my name is in the Cc box
> >
> > Since I set up that rule, 99% are going straight to the wastebasket.
> >
> > Gerry
> >
> >
> Where is this, or how do you get to this? What version of Outlook, is it
> Outlet Express, or Outlook, and what # version?
>
> It sounds like exactly what I need.
> --
> Jim in NC
>
It's in Outlook. I have Outlook 2000, so I expect it's in Outlook 2002/XP
as well.

I primarily use Outlook for mail instead of OE because of it's added
features. The down side is it supports only one email address. Other, low
use email addresses I have I set up in OE.

OE has a very limited rules function. It doesn't have the "not in" type
filter. You might be able to do something similar by having it move mail
with you in the to and cc boxes to a separate folder and then deleting what
is left.

This works because the majority of spam doesn't actually have your email
address in the To box.

Gerry

Been getting 50 to 60 per hour since Friday.
--
Gene Seibel
Hangar 131 - http://pad39a.com/gene/plane.html


> That MS patch and the worms and virus that are attached to it have been
> going around and hitting a lot of people hard. Last week I was getting
> about 300 a day. I thought that it was going to burn up my anti virus
> program. :) I check my system several times a day to make sure none of
> them are getting through so far so good.
>
> Jerry
>
> Richard Lamb wrote:
> > I am surrounded and they are coming through the wire.
> > Need immediate tactical air support!
> >
> > email, that is.
> >
> > I've been targeted, accurately, and I do believe that
> > they finally got me.
> >
> > Something got through my filters a few weeks ago and took
> > my computer back to the stone age.
> >
> > Rock = 0, Stick = 1
> > (Edit that, Bill Gates)
> >
> > It was indeed a boot sector virus.
> > That ":obnoxious: boot sector warning" saved my butt.
> > Or YOUR butt, since the thing got caught there before it
> > could go on an email rampage of it's own.
> >
> > I got the system back up, clean, but my email address is now known
> > and the vandals have a real target. Me!
> >
> > My email inbox on Prodigy is filling up in less than an
> > hour with Microsoft patch offerings. They all have the boot
> > sector virus attached.
> > (Except one message that claims larger penis have more fun)
> >
> > Prodigy keeps the trash for SEVEN days.
> >
> > But it's coming in at about 10 meg per hour...
> > That's the limit of my inbox, anyway.
> > I suspect any valid email is bouncing back to the senders.
> > But no way I can really tell.
> >
> > So.
> >
> > RIP
> >
> > Almost - but not quite - ten years old.
> > February '94 to September 2003.
> > He was a good man (well, my opinion anyway)
> >
> > From the ashes will arises...
> >
> >
> >
> > I hope.

I use Outlook for all my email addresses. I have 4 email address and my
rules work for all of them not just 1. Just set up as many email accounts
as you want and make rules for any of them it will work. Mine does!
--
Mitchell Wing
http://www.mitchellwing.com

Have a good day and stay out of the trees!
See ya on Sport Aircraft group
http://groups.yahoo.com/group/Sport_Aircraft/

On Tue, 23 Sep 2003 18:47:37 -0500, Barnyard BOb -- >
wrote:

>
>(CW9371) wrote:
>
>>Why are u downloading the attachments. I havent had a single problem casue i
>>dont download stuff unless i know who it is from.

I knew there would be someone who said this.<:-))
That approach has been one of the main reason earlier viruses spread
so fast.
Up till recently opening attachments from some one you know was one of
the surest ways to catch a virus. You needed to verify that they
actually sent the attachment and the address is not sufficient.
The worms and viruses took the addresses out of the infected computers
address book and sent copies of itself to those addresses.

>>
>>CHris
>++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++
>
>Apparently you havn't met up with the address thieves, yet.
>You cannot trust mail from any address anymore.

And as Bob points out we now have address spoofing where you think you
are going to one address and it takes you some where else. Or you
receive mail from fake addresses.

Mail and URLs can be redirected (hijacked) Verisign hijacked unused
dot coms, dot orgs and some others. They promptly got sued. There
for a while if you mistyped a URL you ended up at verisign. It
happened to me.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)

>
>
>Barnyard BOb --
>
>
>
>

My problem was that when this first onslaught began Norton was not
catching them, that is, the ones making it through my ISP's filter.
Norton did not start to catch them until, though I had updated several
times that morning, I went to the Symantec site and downloaded their
"Intelligent" version of virus definitions. I am having to update daily
and still there are viruses going un detected.

Jerry Springer wrote:
>
> That MS patch and the worms and virus that are attached to it have been
> going around and hitting a lot of people hard. Last week I was getting
> about 300 a day. I thought that it was going to burn up my anti virus
> program. :) I check my system several times a day to make sure none of
> them are getting through so far so good.
>
> Jerry
>
> Richard Lamb wrote:
> > I am surrounded and they are coming through the wire.
> > Need immediate tactical air support!
> >
> > email, that is.
> >
> > I've been targeted, accurately, and I do believe that
> > they finally got me.
> >
> > Something got through my filters a few weeks ago and took
> > my computer back to the stone age.
> >
> > Rock = 0, Stick = 1
> > (Edit that, Bill Gates)
> >
> > It was indeed a boot sector virus.
> > That ":obnoxious: boot sector warning" saved my butt.
> > Or YOUR butt, since the thing got caught there before it
> > could go on an email rampage of it's own.
> >
> > I got the system back up, clean, but my email address is now known
> > and the vandals have a real target. Me!
> >
> > My email inbox on Prodigy is filling up in less than an
> > hour with Microsoft patch offerings. They all have the boot
> > sector virus attached.
> > (Except one message that claims larger penis have more fun)
> >
> > Prodigy keeps the trash for SEVEN days.
> >
> > But it's coming in at about 10 meg per hour...
> > That's the limit of my inbox, anyway.
> > I suspect any valid email is bouncing back to the senders.
> > But no way I can really tell.
> >
> > So.
> >
> > RIP
> >
> > Almost - but not quite - ten years old.
> > February '94 to September 2003.
> > He was a good man (well, my opinion anyway)
> >
> > From the ashes will arises...
> >
> >
> >
> > I hope.

--
Bruce A. Frank, Editor "Ford 3.8/4.2L Engine and V-6 STOL
Homebuilt Aircraft Newsletter"
| Publishing interesting material|
| on all aspects of alternative |
| engines and homebuilt aircraft.|

Isn't there any simple way of determining who is the actual sender of the
virus?

Rich S.

Rich S. > wrote:

> Isn't there any simple way of determining who is the actual sender of the
> virus?


Well Rich..... With the combined intelligence, experience, and
knowledge of everyone on usenet, I would think that there are
possibly hundreds of thousands of people working on that
exact problem right now.

On Sun, 28 Sep 2003 13:34:04 -0700, Rich S. wrote:

> Isn't there any simple way of determining who is the actual sender of the
> virus?

Sort of. But it requires cooperation of the other ISP and most of the
time they won't do it without a court order. I have tracked down some of
the users that had a virus that kept sending me lots of them and had the
ISP inform that user, but they never told me who it was.

"Matthew P. Cummings" > wrote in message
ray.net...
> On Sun, 28 Sep 2003 13:34:04 -0700, Rich S. wrote:
>
> > Isn't there any simple way of determining who is the actual sender of
the
> > virus?
>
> Sort of. But it requires cooperation of the other ISP and most of the
> time they won't do it without a court order. I have tracked down some of
> the users that had a virus that kept sending me lots of them and had the
> ISP inform that user, but they never told me who it was.

Damn shame, that. Kinda surpasses the definition of simple. Too bad we can't
rethink this science and require a DNA on signatures. Yeah, that's it. And
then we can give John Ashcroft the authority to hunt them down and kill
them!

On second thought. . .

Rich "Better the devil we know.." S.

In article >,
Rich S. > wrote:
>Isn't there any simple way of determining who is the actual sender of the
>virus?

For those knowledgable in deciphering the information in the message 'headers',
one can _usually_ make a "well-informed guess" as to the _network_ on which
the *machine* that sent the message lives. Identifying the actual machine
frequently requires access to information that _only_ the party that manages
and operates that network has. The _only_ "potentially reliable" data you
have to work with are the IP addresses -- and when they are 'dynamically'
assigned, you have to coordinate the address _with_ the timestamp, to figure
out "who was using that address *then*". Obviously, you can't do that, if
you _don'_ have access to the records of 'who was assigned which address,
when".