vision2020

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]
[Date Index]	[Thread Index]	[Author Index]	[Subject Index]

Re: Attack of the killer junk mail

To: vision2020@moscow.com, Tom Lamar <lamar@pcei.org>
Subject: Re: Attack of the killer junk mail
From: Andrew Morris <nyc@idaho.net>
Date: Fri, 20 Sep 2002 09:52:13 -0700
In-Reply-To: <l03130329b9b0f67b1069@[192.168.1.254]>
Resent-Date: Fri, 20 Sep 2002 09:55:04 -0700 (PDT)
Resent-From: vision2020@moscow.com
Resent-Message-ID: <lKoVsD.A.ogJ.lL1i9@whale2.fsr.net>
Resent-Sender: vision2020-request@moscow.com

Hello,

Tom is correct; he did not send that email. However, this was not spam this was actually a virus. But not to worry, the 
Vision2020 list will not allow attachments through (which is how the virus spreads). 

I believe this is the W32/Klez.h@mm worm, which sends itself automatically to people in your address book and places a random 
email address in the 'From:' field.  If you suspect that you may have this virus or would like more information on it the 
Symantec Corporation (makers of Norton Anti-Virus) have all the Information on this worm and a link to a free removal tool 
that can help you remove it from your system at their site:

http://www.sarc.com/avcenter/venc/data/w32.klez.removal.tool.html

If you have more questions please contact me via email: techsupport@fsr.net, visit our chat space: 

http://www.fsr.net/pages/chat.asp 

Or call us at 208.882.8869 (toll free at 1.888.676.6377). Techsupport hours are from 8:00 AM to 10:00 PM Monday through 
Saturday & 11:00 AM to 6:00 PM on Sunday.

Thanks!
Andrew P Morris
amorris@fsr.net
Technical Support Manager,
First Step Internet, www.fsr.com

Phone: 208.882.8869
Toll Free: 888.676.6377
Fax: 208.883.3733

PO Box 9587
1420 S. Blaine St. Suite 10
Moscow, Idaho 83843

9/20/2002 9:05:18 AM, Tom Lamar <lamar@pcei.org> wrote:

>Visionaries,
>
>Just wanted to let everyone know that the junk mail and attachment that
>came with my email address this morning was not sent by my computer.  It
>was a spoofed email sent by another computer somewhere.  Below is a
>description of what happened as described by Andrew Morris of First Step
>Internet <techsupport@fsr.net>.
>
>
>So when these individuals make an attack (such as the directory harvest
>attacks) they generate the usernames at the time of sending and tend to send
>from and to as the same name. If they are also spoofing the IP address they
>are sending from then they connect through a remote smtp server (illegally)
>and send email to other servers addressed to all_users@domain.com from
>all_users@domain.com. Their tracks are covered and it looks like the remote
>smtp is the home of the culprit when in fact they are the first victim.
>
>There is a lengthy write-up on this topic at:
>http://www.cert.org/tech_tips/email_spoofing.html
>
>hasta luego,
>
>Tom
>
>Thomas C. Lamar, Executive Director
>
>=================================================
>Palouse-Clearwater Environmental Institute
>P O Box 8596; 112 West 4th St; Suite #1
>Moscow ID 83843-1096
>Phone (208)882-1444; Fax (208)882-8029
>url:  http://www.pcei.org
>
>Celebrating sixteen years of "connecting people, place and community".
>=================================================
>
>
>

References:
- Attack of the killer junk mail
  - From: Tom Lamar <lamar@pcei.org>

Prev by Date: Re: Vandals
Next by Date: Re: On Hate Crimes in Moscow
Prev by thread: Attack of the killer junk mail
Next by thread: Re: Attack of the killer junk mail
Index(es):
- Date
- Thread

Back to TOC