Thread: virus warning

virus warning

From
Tomasz Myrta
Date:
Hi
Recently I receive massive mail attack. This attack comes from some 
postgresql mailing list users. All send-to adresses are taken from users 
mailboxes which contain postgresql posts. Currently I found two kinds of 
viruses:
1. Empty post with "Undelivered message to..." body
2. Microsoft "Dear Customer... " based on www.microsoft.com design.
Both mails contains some .exe attachement.

Regards,
Tomasz Myrta



Re: virus warning

From
Richard Huxton
Date:
On Friday 19 September 2003 07:17, Tomasz Myrta wrote:
> Hi
> Recently I receive massive mail attack. This attack comes from some
> postgresql mailing list users. All send-to adresses are taken from users
> mailboxes which contain postgresql posts. Currently I found two kinds of
> viruses:
> 1. Empty post with "Undelivered message to..." body
> 2. Microsoft "Dear Customer... " based on www.microsoft.com design.
> Both mails contains some .exe attachement.

I've been getting something similar myself. Roughly 100 per day.

--  Richard Huxton Archonet Ltd


Re: virus warning

From
Paul Thomas
Date:
On 19/09/2003 07:17 Tomasz Myrta wrote:
> Hi
> Recently I receive massive mail attack. This attack comes from some 
> postgresql mailing list users. All send-to adresses are taken from users 
> mailboxes which contain postgresql posts. Currently I found two kinds of 
> viruses:
> 1. Empty post with "Undelivered message to..." body
> 2. Microsoft "Dear Customer... " based on www.microsoft.com design.
> Both mails contains some .exe attachement.
> 
> Regards,
> Tomasz Myrta

So far I've had nearly 150 of these in the last 12 hours or so. Somebody 
on these lists has a lot of explaining to do! Fortunately my spam filters 
are up to scratch and I run Linux :) Others may not be so lucky.


-- 
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller 
Business |
| Computer Consultants         | 
http://www.thomas-micro-systems-ltd.co.uk   |
+------------------------------+---------------------------------------------+


Re: virus warning

From
Tomasz Myrta
Date:
> So far I've had nearly 150 of these in the last 12 hours or so. Somebody 
> on these lists has a lot of explaining to do! Fortunately my spam 
> filters are up to scratch and I run Linux :) Others may not be so lucky.

Currently I've found 45 different Return-Path values in these posts and 
it's growing :-(

Regards,
Tomasz Myrta



Re: virus warning

From
Christopher Browne
Date:
The world rejoiced as dev@archonet.com (Richard Huxton) wrote:
> I've been getting something similar myself. Roughly 100 per day.

Only 100, eh?  I have been seeing that many per hour, give or take...
-- 
"aa454","@","freenet.carleton.ca"
http://cbbrowne.com/info/x.html
People can be set wondering by loading obscure personal patchable
systems, and sending bug reports.  Who would not stop and wonder upon
seeing "Experimental TD80-TAPE 1.17, MegaDeath 2.5..."?  The same for
provocatively-named functions and variables in stack traces.
-- from the Symbolics Guidelines for Sending Mail


Re: virus warning

From
"Rudi Starcevic"
Date:
Hi,

Yeah me too - about 150 so far today.
I was thinking it's from my Debian mailing lists not PostgreSQL.

Strange people these stoooopid virus spammers.

Good luck with it all.
Regards
Rudi.


Re: virus warning

From
Tomasz Myrta
Date:
> The world rejoiced as dev@archonet.com (Richard Huxton) wrote:
> 
>>I've been getting something similar myself. Roughly 100 per day.
> 
> 
> Only 100, eh?  I have been seeing that many per hour, give or take...

If it will help someone, I found that The Microsoft Virus is called 
"Swen" or "Gibe". It attacks (as usual) Internet Explorer without proper 
patches.

Regards,
Tomasz Myrta



Re: virus warning

From
"scott.marlowe"
Date:
On Fri, 19 Sep 2003, Paul Thomas wrote:

> 
> On 19/09/2003 07:17 Tomasz Myrta wrote:
> > Hi
> > Recently I receive massive mail attack. This attack comes from some 
> > postgresql mailing list users. All send-to adresses are taken from users 
> > mailboxes which contain postgresql posts. Currently I found two kinds of 
> > viruses:
> > 1. Empty post with "Undelivered message to..." body
> > 2. Microsoft "Dear Customer... " based on www.microsoft.com design.
> > Both mails contains some .exe attachement.
> > 
> > Regards,
> > Tomasz Myrta
> 
> So far I've had nearly 150 of these in the last 12 hours or so. Somebody 
> on these lists has a lot of explaining to do! Fortunately my spam filters 
> are up to scratch and I run Linux :) Others may not be so lucky.

Keep in mind, if you check the headers on the emails you'll see that they 
are forged.  I've been getting about 20 emails a day telling me a message 
I know I didn't send was infected with a virus.

I got 432 last night inbound, some with names forged from this list, 
others from names unknown.

But I don't think it's not the folks on this list, I think it's a 
windows worm that looks in people's email, harvests names at random, and 
forged email based on it.



Re: virus warning

From
Paul Thomas
Date:
On 19/09/2003 16:37 scott.marlowe wrote:
> 
> Keep in mind, if you check the headers on the emails you'll see that they
> 
> are forged.  I've been getting about 20 emails a day telling me a message
> 
> I know I didn't send was infected with a virus.
> 
> I got 432 last night inbound, some with names forged from this list,
> others from names unknown.
> 
> But I don't think it's not the folks on this list, I think it's a
> windows worm that looks in people's email, harvests names at random, and
> forged email based on it.

Does seem to be. Just download another 200+. Mildly anoying for me with a 
DSL line. I really feel for those on dial-up :(

-- 
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller 
Business |
| Computer Consultants         | 
http://www.thomas-micro-systems-ltd.co.uk   |
+------------------------------+---------------------------------------------+


Re: virus warning

From
Yasir Malik
Date:
Thank god that I use Pine.
Yasir

On Fri, 19 Sep 2003, Paul Thomas wrote:

> Date: Fri, 19 Sep 2003 23:14:54 +0100
> From: Paul Thomas <paul@tmsl.demon.co.uk>
> To: "pgsql-sql @ postgresql . org" <pgsql-sql@postgresql.org>
> Subject: Re: [SQL] virus warning
>
> On 19/09/2003 16:37 scott.marlowe wrote:
> >
> > Keep in mind, if you check the headers on the emails you'll see that they
> >
> > are forged.  I've been getting about 20 emails a day telling me a message
> >
> > I know I didn't send was infected with a virus.
> >
> > I got 432 last night inbound, some with names forged from this list,
> > others from names unknown.
> >
> > But I don't think it's not the folks on this list, I think it's a
> > windows worm that looks in people's email, harvests names at random, and
> > forged email based on it.
>
> Does seem to be. Just download another 200+. Mildly anoying for me with a
> DSL line. I really feel for those on dial-up :(
>
> --
> Paul Thomas
> +------------------------------+---------------------------------------------+
> | Thomas Micro Systems Limited | Software Solutions for the Smaller
> Business |
> | Computer Consultants         |
> http://www.thomas-micro-systems-ltd.co.uk   |
> +------------------------------+---------------------------------------------+
>
> ---------------------------(end of broadcast)---------------------------
> TIP 8: explain analyze is your friend
>