Virus/Worm :: Free Realms

Quote Reply

#1 May 17 2004 at 4:49 AM Rating: Decent

Cobra101

Scholar

3,166 posts

This morning I have large (12 or so) emails from addresses at this board with viral payloads (at least they are things with names like picture.jpg.zip)

Since I doubt that the likes of Smasharoo@Allakhazam.com would be mailing me I can only assume you have a problem there.

My machine just tested clean on Housecall and has updated Sophos running anyway.

Please advise if any remedial action indicated.

Example from Josettee@Allakhazam.com

Quote:

###

+-+-+ Mail-Attachment: No Virus found
+-+-+ ALLAKHAZAM- AntiVirus Service
+-+-+ http://www.allakhazam.com

attachment More_infos-1833.zip

Details:

Return-Path: <Josettee@allakhazam.com>
X-Original-To: clive@kmss.co.uk
Delivered-To: clive.kmss@mistral.co.uk
Received: from www1.allakhazam.com (www.allakhazam.com [216.155.41.199])
by mailhost3.mistral.co.uk (Postfix) with ESMTP id EF9C628D72F
for <clive@kmss.co.uk>; Sun, 16 May 2004 16:05:23 +0100 (BST)
Received: from josettee.com (pD9EE1195.dip0.t-ipconnect.de [217.238.17.149])
by www1.allakhazam.com (8.12.8/8.12.2) with SMTP id i4GF4tkq087696;
Sun, 16 May 2004 11:05:00 -0400 (EDT)
From: Josettee@allakhazam.com
To: Sender295@allakhazam.com
Date: Sun, 16 May 2004 14:03:47 UTC
Subject: Life's a *****
Importance: Normal
X-Mailer: Master-SMTP V8.36
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <91c6c962a02615.11bd2.qmail@allakhazam.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="====aeb1fc75aa.67d4ca7b12e2c4c"
Content-Transfer-Encoding: 7bit

---------------------------------

Hope you can throw some light, Kao.

____________________________

Wherever I go - there I am.

▲ Page top

Quote Reply

#2 May 17 2004 at 8:05 AM Rating: Good

__DEL__1591796198636

View User Forum

Sage

1,657 posts

I had the exact same problem last week. It started when someone e-mailed me, so I just assumed that someone grabbed my address off of their computer.

But now I see it may be part of a larger problem.

Most of the files were infected with Beagle.X. A few had some variant of Netsky as well though.

▲ Page top

Quote Reply

#3 May 17 2004 at 8:24 AM Rating: Decent

__DEL__1593966547692

Scholar

514 posts

I can't think of a reason why I would personally email anyone on the board unless emailed first. Then it would be responded with my personal email account which is not josettee@allakhazam.com. I use the message board to communicate with you all so please delete anything from me as I never sent it.

▲ Page top

Quote Reply

#4 May 17 2004 at 3:15 PM Rating: Excellent

Kaolian

View User Forum

Leet Haxör

29,919 posts

It pulls the e-mail addresses from the cached websites. someone that has visited the site recently that saw a forum page with those e-mails is to blame, not smasharoo or most likely any of the names you have gotten them from. Trace the IP to see who it is coming from. most of mine seem to be coming from Germany at the moment.

____________________________

Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules

▲ Page top

Quote Reply

#5 May 17 2004 at 3:30 PM Rating: Excellent

Danalog

Code Monkey

7,476 posts

I get about 1 of those a minute by now. As Kao said, it's because the virus is picking our site out from webcaches as the place it wants to pretend to be from.

____________________________

Do what now?

▲ Page top

Quote Reply

#6 May 17 2004 at 3:48 PM Rating: Good

__DEL__1591796198636

View User Forum

Sage

1,657 posts

Webcaches! interesting.

All of mine came from Comcast, so I assumed it was something off with one of the users. Either way, I usually delete what I don't recognize anyway :)

Thanks for the info!

▲ Page top

Virus/WormFollow