Forum Settings
       
Reply To Thread

URGENT, PLEASE READ!Follow

#1 Jan 19 2004 at 4:07 PM Rating: Excellent
****
7,070 posts
There is a virus being sent around to premium members. I received one from Kaolian@allakhazam.com and Angua@allakhazam.com , and Flea got one from taredoru@allakhazam.com.

How this is happening? Not sure. But let's kill whatever it is.

Queen Skeet Smiley: king
____________________________
Muted
#2 Jan 19 2004 at 4:15 PM Rating: Excellent
Avatar
******
29,707 posts
Working on it. Got one from Flea and Darkflame. It's either someone that has our addresses in their outlook inbox, or it's stripping premium member addresses from the search archives in Google. (yes, you can search the forum that way by the way...) I haven't had a chance to trace the IP to someone, but given the addresses that it is sending to, and the ones that are not, I'm guessing it's som,eone in Oot.

It's the bagel virus by the way...
#3 Jan 19 2004 at 4:21 PM Rating: Excellent
****
7,070 posts
My E-mail from Kaolian@allakhazam.com has the virus attachment intact, the other ones got blocked by my filter.

Here, play with this, see if it helps:

X-Message-Info: 6sSXyD95QpUQi7clptvYSN3pKiBLyxAx
Received: from www1.allakhazam.com ([216.155.41.199]) by mc10-f1.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Mon, 19 Jan 2004 09:47:06 -0800
Received: from DRGRAY (c-67-163-22-205.client.comcast.net [67.163.22.205])
by www1.allakhazam.com (8.12.8/8.12.2) with SMTP id i0JHhlkr041473
for <Skeeter@allakhazam.com>; Mon, 19 Jan 2004 12:43:47 -0500 (EST)
Date: Mon, 19 Jan 2004 11:46:57 -0600
To: Skeeter@allakhazam.com
Subject: Hi
From: Kaolian@allakhazam.com
Message-ID: <yncwcryqvdvkcqgvebi@allakhazam.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------317482002658808"
Return-Path: Kaolian@allakhazam.com
X-OriginalArrivalTime: 19 Jan 2004 17:47:06.0557 (UTC) FILETIME=[412EC6D0:01C3DEB4]

Queen Skeet Smiley: king
____________________________
Muted
#4 Jan 19 2004 at 4:23 PM Rating: Excellent
Sniping Sweetpea
*****
18,459 posts
Should we disable email for now?
____________________________
That's the kind of dude
I was lookin' for
And yes you'll get slapped
if you're lookin', ho

#5 Jan 19 2004 at 4:36 PM Rating: Excellent
****
7,070 posts
Nah, as long as you don't open the attachment you'll be fine.

Plus, the more e-mail they send, the more chances we have to find the source.

Queen Skeet Smiley: king
____________________________
Muted
#6 Jan 19 2004 at 4:38 PM Rating: Excellent
Avatar
******
29,707 posts
Edit, NM, misunderstanding. still looking for the sender...

Edited, Mon Jan 19 16:39:44 2004 by Kaolian
#7 Jan 19 2004 at 4:48 PM Rating: Excellent
****
7,070 posts
This is what stands out to me:

Received: from DRGRAY (c-67-163-22-205.client.comcast.net [67.163.22.205])

The info for that Pum @#%^ kept on tracing back to a Doctor's office.

Of course, you'll have to take into consideration that I'm one paranoid Mofo, I could step on a pile of sh*t right now and blame it on Pum.

Queen Skeet Smiley: king
____________________________
Muted
#8 Jan 19 2004 at 4:53 PM Rating: Good
**
815 posts
How annoying. I was wondering why in the hell Skeet sent me a message from his Allakhazam email that said "this is a test". Luckily hotmail was on the ball and caught the exe (not that I would have opened it anyway).

If you're going to send out email to everyone with a virus, at least have the decency to write an interesting email. Sheesh.

#9 Jan 19 2004 at 4:54 PM Rating: Excellent
YAY! Canaduhian
*****
10,277 posts
I am getting this virus from "outsiders" now too, not just Premium members. Stupid viruses.../grumble. LOL..that sounds bad. Really, I do use protection.

What?? Change my name and now my avatar is screwed?





Edited, Mon Jan 19 16:55:42 2004 by Tare
____________________________
What's bred in the bone will not out of the flesh.
#10 Jan 19 2004 at 6:23 PM Rating: Excellent
***
1,635 posts
This is the one I'm getting the most lately with allakhazam addresses on it.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.a@mm.html
____________________________
[wowsig]1855[/wowsig]
#11 Jan 20 2004 at 12:52 AM Rating: Excellent
****
7,070 posts
Yep, that's the one that Kao sent me. I promise to stop making sock puppets Kao, you don't have to infect my computer! Geez.

Queen Skeet Smiley: king

/RIP Judge Judy
____________________________
Muted
#12 Jan 20 2004 at 6:23 AM Rating: Excellent
Avatar
******
29,707 posts
It's not Pum. Pum has been delt with. I haven't had one come through in a while now, so someone may have got it in a virus scan, or they may just be on dial up.

housecall.trendmicro.com will pick it up, so if you are one of those people that doesn't have a virus scanner (and probably has a router with the password "admin" too) go there and scan your computer.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 56 All times are in CDT