[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Viruses

Peter

9/19/2003 12:10:00 PM

6 Answers

Peter Hickman

9/19/2003 1:48:00 PM

0

Peter wrote:
> I''m getting incredibly many virus warnings because of mails I get from
> people I''ve never heard of. I''m pretty sure the reason is my recent
> postings on this ruby mailing list. Could everyone with a windows pc
> please check whether his or hers pc is infected with this virus. You''re
> not just disturbing me, but many others (basically everyone who has posted
> on the mailing list and whose mails are in your mailbox). The following
> page gives you information about the virus you''re trying to send me
> unwillingly and tells you how to get rid of it:
>
> http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&h...
>
> Thanks,
> Peter
>
>

If you do a google for your email address you will see that it generates four
entries:

1) www.student.kuleuven.ac.be/~m9716348/mop/assignment-part2.pdf
2) www.demuynck.org/feature/mop/task2.html
3) www.demuynck.org/feature/mop/task1.html
4) www.eng.kuleuven.ac.be/phd-symposium/book_of_abstracts.pdf

This mailing list also appears in the comp.lang.ruby newsgroup as does your
email address on the messages you posted.

Then again it might be one of us - just not neccessarily so.

Rasputin

9/19/2003 3:07:00 PM

0

* Peter Hickman <peter@semantico.com> [0949 14:49]:
> Peter wrote:
> >I''m getting incredibly many virus warnings because of mails I get from
> >people I''ve never heard of. I''m pretty sure the reason is my recent
> >postings on this ruby mailing list. Could everyone with a windows pc
> >please check whether his or hers pc is infected with this virus. You''re
> >not just disturbing me, but many others (basically everyone who has posted
> >on the mailing list and whose mails are in your mailbox). The following
> >page gives you information about the virus you''re trying to send me
> >unwillingly and tells you how to get rid of it:
> >
> > http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&h...

I''ve been getting around 1 a minute for the last twenty-four hours.
It''s not specific to this list.

Next one liner contest is to send mails to all these users saying
''try not to click on every attachment you get sent, stupid!''

--
Corrupt, adj.:
In politics, holding an office of trust or profit.
Rasputin :: Jack of All Trades - Master of Nuns

mgarriss

9/19/2003 3:19:00 PM

0

Rasputin wrote:

>* Peter Hickman <peter@semantico.com> [0949 14:49]:
>
>
>>Peter wrote:
>>
>>
>>>I''m getting incredibly many virus warnings because of mails I get from
>>>people I''ve never heard of. I''m pretty sure the reason is my recent
>>>postings on this ruby mailing list. Could everyone with a windows pc
>>>please check whether his or hers pc is infected with this virus. You''re
>>>not just disturbing me, but many others (basically everyone who has posted
>>>on the mailing list and whose mails are in your mailbox). The following
>>>page gives you information about the virus you''re trying to send me
>>>unwillingly and tells you how to get rid of it:
>>>
>>> http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&h...
>>>
>>>
>
>I''ve been getting around 1 a minute for the last twenty-four hours.
>It''s not specific to this list.
>
>Next one liner contest is to send mails to all these users saying
>''try not to click on every attachment you get sent, stupid!''
>
>

From Microsoft''s web site:

"Because HTML e-mails are simply web pages, IE can render them and open
binary attachments in a way that is appropriate to their MIME types.
However, a flaw exists in the type of processing that is specified for
certain unusual MIME types. If an attacker created an HTML e-mail
containing an executable attachment, then modified the MIME header
information to specify that the attachment was one of the unusual MIME
types that IE handles incorrectly, IE would launch the attachment
automatically when it rendered the e-mail."


"An attacker could use this vulnerability in either of two scenarios.
She could host an affected HTML e-mail on a web site and try to persuade
another user to visit it, at which point script on a web page could open
the mail and initiate the executable. Alternatively, she could send the
HTML mail directly to the user. In either case, the executable
attachment, if it ran, would be limited only by user?s permissions on
the system."

No clicky needed! Gotta love IE5

Michael

Rasputin

9/19/2003 3:34:00 PM

0

* ahoward <ahoward@fsl.noaa.gov> [0922 16:22]:
> On Sat, 20 Sep 2003, Rasputin wrote:
>
> > * Peter Hickman <peter@semantico.com> [0949 14:49]:
> > > Peter wrote:
> > > >I''m getting incredibly many virus warnings because of mails I get from
> > > >people I''ve never heard of. I''m pretty sure the reason is my recent
> > > >postings on this ruby mailing list. Could everyone with a windows pc
> > > >please check whether his or hers pc is infected with this virus.

> > > > http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&h...

> > I''ve been getting around 1 a minute for the last twenty-four hours.
> > It''s not specific to this list.

> me too. any idea how to stop it? i''ve just got filters in pine set up for
> now. how anoying...

I think it depends how you get your mail.

I run a local mail server, because I enjoy that kind of thing. So
I''m installing exiscan with clamav to do content filtering.

That''ll
(spamlevel.isnt_too_high? "fix it once and for all" | "grind my server to death" )

While it''s building, I''m doing simple filtering of all the mails with
''critical'' or ''microsoft'' using procmail.

Saturday I''m off to VanFest in Malvern to buy a new VolksWagen bus.

On Monday I''m going to mail all the users in that folder and tell them
I am their bank manager, and can they send me their credit card
details for verification.

Then I''m off to Cuba!

> > Next one liner contest is to send mails to all these users saying
> > ''try not to click on every attachment you get sent, stupid!''

--
The best thing about growing older is that it takes such a long time.
Rasputin :: Jack of All Trades - Master of Nuns

Ben Giddings

9/19/2003 3:46:00 PM

0

Rasputin wrote:
>>>I''ve been getting around 1 a minute for the last twenty-four hours.
>>>It''s not specific to this list.
>
>
>>me too. any idea how to stop it? i''ve just got filters in pine set up for
>>now. how anoying...
>
> I think it depends how you get your mail.
>
> I run a local mail server, because I enjoy that kind of thing. So
> I''m installing exiscan with clamav to do content filtering.

For what it''s worth, I run SpamAssassin and spent a few hours last night
writing filters for this particular worm. I can share my filters with
anybody that''s interested.

Ben

Ben Giddings

9/19/2003 5:26:00 PM

0

David Corbin wrote:
>>For what it''s worth, I run SpamAssassin and spent a few hours last night
>>writing filters for this particular worm. I can share my filters with
>>anybody that''s interested.
>>
>>Ben
>
>
> please.

http://infofiend.com/log/index.ph...

For some reason I''m having trouble with the body/rawbody/full rules, but
the subject and sender ones seem pretty good.

Ben