Forum Settings
       
Reply To Thread

URGENT, PLEASE READ!Follow

#1 Jan 19 2004 at 4:07 PM Rating: Excellent
There is a virus being sent around to premium members. I received one from Kaolian@allakhazam.com and Angua@allakhazam.com , and Flea got one from taredoru@allakhazam.com.

How this is happening? Not sure. But let's kill whatever it is.

Queen Skeet Smiley: king
#2 Jan 19 2004 at 4:15 PM Rating: Excellent
Avatar
******
29,919 posts
Working on it. Got one from Flea and Darkflame. It's either someone that has our addresses in their outlook inbox, or it's stripping premium member addresses from the search archives in Google. (yes, you can search the forum that way by the way...) I haven't had a chance to trace the IP to someone, but given the addresses that it is sending to, and the ones that are not, I'm guessing it's som,eone in Oot.

It's the bagel virus by the way...
#3 Jan 19 2004 at 4:21 PM Rating: Excellent
My E-mail from Kaolian@allakhazam.com has the virus attachment intact, the other ones got blocked by my filter.

Here, play with this, see if it helps:

X-Message-Info: 6sSXyD95QpUQi7clptvYSN3pKiBLyxAx
Received: from www1.allakhazam.com ([216.155.41.199]) by mc10-f1.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Mon, 19 Jan 2004 09:47:06 -0800
Received: from DRGRAY (c-67-163-22-205.client.comcast.net [67.163.22.205])
by www1.allakhazam.com (8.12.8/8.12.2) with SMTP id i0JHhlkr041473
for <Skeeter@allakhazam.com>; Mon, 19 Jan 2004 12:43:47 -0500 (EST)
Date: Mon, 19 Jan 2004 11:46:57 -0600
To: Skeeter@allakhazam.com
Subject: Hi
From: Kaolian@allakhazam.com
Message-ID: <yncwcryqvdvkcqgvebi@allakhazam.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------317482002658808"
Return-Path: Kaolian@allakhazam.com
X-OriginalArrivalTime: 19 Jan 2004 17:47:06.0557 (UTC) FILETIME=[412EC6D0:01C3DEB4]

Queen Skeet Smiley: king
#4 Jan 19 2004 at 4:23 PM Rating: Excellent
*****
18,463 posts
Should we disable email for now?
#5 Jan 19 2004 at 4:36 PM Rating: Excellent
Nah, as long as you don't open the attachment you'll be fine.

Plus, the more e-mail they send, the more chances we have to find the source.

Queen Skeet Smiley: king
#6 Jan 19 2004 at 4:38 PM Rating: Excellent
Avatar
******
29,919 posts
Edit, NM, misunderstanding. still looking for the sender...

Edited, Mon Jan 19 16:39:44 2004 by Kaolian
#7 Jan 19 2004 at 4:48 PM Rating: Excellent
This is what stands out to me:

Received: from DRGRAY (c-67-163-22-205.client.comcast.net [67.163.22.205])

The info for that Pum ******* kept on tracing back to a Doctor's office.

Of course, you'll have to take into consideration that I'm one paranoid ****, I could step on a pile of **** right now and blame it on Pum.

Queen Skeet Smiley: king
#8 Jan 19 2004 at 4:53 PM Rating: Good
How annoying. I was wondering why in the hell Skeet sent me a message from his Allakhazam email that said "this is a test". Luckily hotmail was on the ball and caught the exe (not that I would have opened it anyway).

If you're going to send out email to everyone with a virus, at least have the decency to write an interesting email. Sheesh.

#9 Jan 19 2004 at 4:54 PM Rating: Excellent
YAY! Canaduhian
*****
10,291 posts
I am getting this virus from "outsiders" now too, not just Premium members. Stupid viruses.../grumble. LOL..that sounds bad. Really, I do use protection.

What?? Change my name and now my avatar is screwed?





Edited, Mon Jan 19 16:55:42 2004 by Tare
____________________________
What's bred in the bone will not out of the flesh.
#10 Jan 19 2004 at 6:23 PM Rating: Excellent
The man who started it all!
***
1,635 posts
This is the one I'm getting the most lately with allakhazam addresses on it.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html
____________________________
[wowsig]1855[/wowsig]
#11 Jan 20 2004 at 12:52 AM Rating: Excellent
Yep, that's the one that Kao sent me. I promise to stop making sock puppets Kao, you don't have to infect my computer! Geez.

Queen Skeet Smiley: king

/RIP Judge Judy
#12 Jan 20 2004 at 6:23 AM Rating: Excellent
Avatar
******
29,919 posts
It's not Pum. Pum has been delt with. I haven't had one come through in a while now, so someone may have got it in a virus scan, or they may just be on dial up.

housecall.trendmicro.com will pick it up, so if you are one of those people that doesn't have a virus scanner (and probably has a router with the password "admin" too) go there and scan your computer.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 296 All times are in CST
Anonymous Guests (296)