Home page logo
/

basics logo Security Basics mailing list archives

RE: Returned Mails
From: "Jason Haith" <jhaith () genesissys com>
Date: Tue, 27 Apr 2004 07:22:55 -0500

There are a couple ways to check if it is you with the virus.

1. Download one of Symantecs Virus Removal Tools for the W32.Netsky.C () mm
virus. They seem to work pretty good at catching a virus if you've been
infected.
2. Or you can open a sniffer on your computer and watch and look for any
emails/data mysteriously being sent from your computer. I've had more luck
with this method. Sniphere is a simple and small download that will do this
(www.securesphere.net).

Jason Haith
Systems Administrator
Genesis Systems
5712 S. 77th St
Omaha, NE 68127
Email: jhaith () genesissys com



-----Original Message-----
From: Guru4u Support [mailto:support () guru4u co uk]
Sent: Monday, April 26, 2004 12:56 PM
To: security-basics () securityfocus com
Subject: Returned Mails


Hi,

This is probably a stupid question but I could do with some confirmation
of what I think is happening. I've been receiving a lot of 'return' emails
claiming
they have been returned as I have a virus. Example below:


A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: W32.Netsky.C () mm
File Attachment: posting.txt.com
Attachment Status: deleted

--- Original message information follows ---

From: ************* () guru4u co uk
To: ********.com
Date: Fri, 23 Apr 2004 23:32:12 +0100
Subject: SPAM: the truth?
Received: from netcel.com ([80.42.154.232])
 by nospam.netcel.com (SAVSMTP 3.1.0.29) with SMTP id M2004042323185126674
 for ********.com>; Fri, 23 Apr 2004 23:18:52 +0100



I have up to now guessed these were down to 'someone' else's pc infected
with netsky or mydoom but after a lull I have been bombarded with loads
of such mails over the course of the day.

I would just like some reassurance that this is indeed due to other
people infected boxes rather mine. I have of course run several full
system scans with Norton av with the latest definitions etc and do use a
firewall, Spybot etc.

I've googled and this starts to confirm my suspicions but isn't authorative.

Thanks in advance,

Guru



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault