Special Stage Forums banner

1 - 14 of 14 Posts

·
Registered
Joined
·
1,027 Posts
Discussion Starter · #1 ·
My work e-mail never gets junk mail, and the system was smart enough to delete the attachment with virus. I sent a note to the scca. The address is send address was jack at sccapro.com


html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>HotRod HotLine Newsletter May 6, 2003</title>
</head>
<body bgcolor="#ffffff" link="#0066ff" vlink="#6633cc" text="#000000" topmargin=0 leftmargin=0>
<a name=top></a>

<table border=0 cellpadding=0 cellspacing=0>
<tr>
<td>
</t

------------DRHTBNDJ4CYCPCContent-Type: text/plain; charset="us-ascii"
Content-Disposition: attachment; filename="WARNING0.txt"

Network Associates WebShield SMTP V4.5 MR1a on nycsmtpfilter detected virus
W32/[email protected] in attachment 2003 JULY FasTrack.pdf.exe from <[email protected]> and it was
Deleted.
 

·
don't cut
Joined
·
4,075 Posts
I received that also this morning. When I saw the file attached was an exe extension, I deleted it. Is this forum the only one we are common on?
Richard Miller
 

·
Administrator Emeritus
Joined
·
1,253 Posts
This worm emails itself to addresses found on the infected local system (in files and email messages). This goes for both the TO and FROM fields. Thus the sender address is usually spoofed, or forged, and not a direct indication of an infected user.

If you think you may have been infected, run Stinger to get rid of it:

http://vil.nai.com/vil/stinger/
 

·
Registered
Joined
·
483 Posts
I also received it this morning (and my server removed the attachment)... I think it must have gotten our address off this forum or from the SCCA.

Given its attachment name, I have to think that it was originated within the SCCA "system" (I dont know who else would have July 2003 fastrack PDF in their "My Documents" folder, which is where the virus gets the filename). The virus "spoofs" the FROM address, so I doubt it was actually sent from Jack's computer.
 

·
Registered
Joined
·
1,998 Posts
Since my email address is all over the place online, I get dozens of these things. I also get bounces from messages I allegedly sent. It came full circle last week when I got one from MYSELF. The virus spoofs the subject line, too, so it may even look legitimate.

Someone at least remotely related to the rally community has the virus, and he has all of us - not surprisingly - in his address book. We'll keep receiving these things from each other until whoever it is gets rid of the virus.

BTW, I've received one supposedly from Richard and one from an old address of Mike's. There are several varieties. Don't get mad at the "sender" - he's probably innocent.

Bruce
 

·
Administrator Emeritus
Joined
·
1,253 Posts
>I also received it this morning (and my server removed the
>attachment)... I think it must have gotten our address off
>this forum or from the SCCA.

It is *not* getting email addresses from this forum. Where do you see any email addresses listed on this forum? In fact, my address is listed in several threads on purpose and I have not gotten any infected email to that address.

It is not likely getting addresses from SCCA either. It is coming from all sorts of places. If anyone that has your email address listed in their address book and they get infected, you will most likely get an infected email too. This is how they normally work.

Side note: I wrote *not* above but the truth is anything could happen. I can't guarantee you won't get harvested from this forum. I do, however, try to keep things like that from happening to you all. Hopefully, my efforts will keep paying off.
 

·
don't cut
Joined
·
4,075 Posts
>>I also received it this morning (and my server removed the
>>attachment)... I think it must have gotten our address off
>>this forum or from the SCCA.
>
>It is *not* getting email addresses from this forum. Where
>do you see any email addresses listed on this forum? In
>fact, my address is listed in several threads on purpose and
>I have not gotten any infected email to that address.

And thanks for controlling that Jim. We inadvertantly had our addresses listed in the rallytexas.org site and managed to get a lot of spam that way. That has since been corrected.

As to the commonality, it may be from sending e-mails to the PRB or BoD concerning the present ClubRally lockdown. Would anyone be mad enough to send any of those people a virus? Not that a deliberate sending of the virus would be needed these days.

And Bruce, I don't think I sent you a virus. I just updated my protection Sunday.

Richard
 

·
Registered
Joined
·
1,998 Posts
>And Bruce, I don't think I sent you a virus. I just updated
>my protection Sunday.
>

Of course, you didn't. All that's necessary for me to get an infected message thet LOOKS like it's from you is for you and I to be in some third person's address book. I can think of several people off the top of my head who might fit that category, and there are probably hundreds of others.

Bruce
 

·
don't cut
Joined
·
4,075 Posts
I do have a technical question concerning protection though, are you supposed to put it over the CPU and the screen or just the CPU?
Richard:+
 

·
Registered
Joined
·
483 Posts
no offence ment, Jim...

I am not familiar with CGI, so I'm not exactly sure how the little link to e-mail a user works. It's obviously not a simple "mailto:" link, but simply following the href does result in my browser going to a mailto: URL with an valid email address. How are spiders prevented from obtaining this mailto response? Really, I'd like to know as I have a few websites that I have to try to allow users to email from, but prevent harvesting. I'm not completely happy with the way I am currently attempting to do this.

I do think that we all received the e-mail from the same user this morning due to the fact that we all got the same subject line and attachment name, which was collected from the infected users "My Documents" folder( according to Symentec). The fact that the attachemnt name was "July 2003 fastrack" leads me to believe the infected user is probably someone inside the SCCA organization since I dont believe this document has been released to the general public yet...
 

·
Administrator Emeritus
Joined
·
1,253 Posts
If it is not in the source code of the page, it is pretty well protected. I've not seen any bot that can harvest email addresses via clicking on one of a few hundred links on a forum.

It may happen, but there are easier ways to get a bunch of email addresses.

In the meantime, feel free to go to the "User Menu" and then "Edit Your Preference" and use "Allow other registered users to send you emails?" and such to your benefit. There are a few options there that allow you to hide your email address and inbox.
 

·
Four tree two remember Andrew
Joined
·
1,633 Posts
Ah, the joys of Macintosh!

Wilson
 
1 - 14 of 14 Posts
Top