Geoff Posted January 26, 2004 Share Posted January 26, 2004 [Original post removed] See ncrossland's post below which was in reply to my initial reports of receiving a spoof e-mail from someone pretending to be Sheffield Forum. Link to comment Share on other sites More sharing options...
ncrossland Posted January 26, 2004 Share Posted January 26, 2004 Sounds like a virus? What was the attachment's filename? Sounds a bit like: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.torvel.b@mm.html Doesn't sound like someone (with much intelligence) doing it maliciously - why would they send it to the forum owner, who would know better than anyone his password WASN'T about to expire! Link to comment Share on other sites More sharing options...
Geoff Posted January 27, 2004 Author Share Posted January 27, 2004 Hmm, I've been contacted by someone who I share an office with and he has a similar problem. However, they both appear to be slightly more than just a trojan/virus - but I guess that could still be an option. Thanks for the link Nick, I took a look at the extensions list and also in my virus vault, but I couldn't see any file names that match. I will let you know what I discover. I'm guessing that no-one else has received it? Link to comment Share on other sites More sharing options...
Martin_s Posted January 27, 2004 Share Posted January 27, 2004 If it's any consolation there's a spate of viruses and spam emails that are related that are doing the rounds.. At one point I had 3 of my domains being spammed from various diffferent sources making it difficult to trace and stop. Link to comment Share on other sites More sharing options...
Geoff Posted January 27, 2004 Author Share Posted January 27, 2004 I have the feeling this is the start of something big. Tonight I've been getting 10s of e-mails coming in to my various different e-mail boxes (across different ISPs etc). A lot of them seem to have virus infected attachments which are luckily being zapped by a combination of SpamAssassin and my virus e-mail scanner. Link to comment Share on other sites More sharing options...
Martin_s Posted January 27, 2004 Share Posted January 27, 2004 You're describing what I've had in the past... not a lot you can do... it sounds like the forum/your email address has been pulled out of an address book or at random from the web then used as a spoofed sender... I've had about 400 of these on various domains for 2 weeks up until about a week ago... It's a pain but until people practice safe PC and email policy it's a problem that won't go away... you'll probably see if stop in about a week if that. Link to comment Share on other sites More sharing options...
Phanerothyme Posted January 27, 2004 Share Posted January 27, 2004 I am getting this one a lot now: http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html w32.novarg.@mm.html its gone from less than a hundred sites to over a thousand in under an hour. And thats just those desktops using Symantec Anti Virus. Link to comment Share on other sites More sharing options...
Martin_s Posted January 27, 2004 Share Posted January 27, 2004 Hmm.. glad you mentioned this... I've just run a manual liveupdate on my Norton and there was an update waiting for me.. So much for autoupdate features... Link to comment Share on other sites More sharing options...
Phanerothyme Posted January 27, 2004 Share Posted January 27, 2004 This can got infected but is ok now. Suspect hh.exe may be infected but NAV not flagging anything yet. I also had autoupdate enabled. If they were able to able to send an emergency ping for running copies to update, they could nip these things in the bud. of course its all a conspiracy of antivirus companies having viruses written on the sly to outwit their competitors products. Score one for the sophos virus engineers (ok ok its a worm not a virus). Link to comment Share on other sites More sharing options...
Geoff Posted January 27, 2004 Author Share Posted January 27, 2004 Ack... 53 minutes ago this story went online: Just when you thought it was safe to open email again, the first serious computer virus outbreak of 2004 is ripping through the Internet at record pace. The new worm is called both Mydoom and Novarg. It's a variant of a familiar foe, the Mimail worm that wreaked havoc in 2003. Already, Central Command's Emergency Virus Response Team confirms more than 3,800 infections of Worm/Mydoom less than 45 minutes after the worm's initial discovery. Network Associates reports 19,500 email messages bearing the virus from 3,400 unique Internet addresses. Emphasizing the seriousness of the virus, Symantec has rated Mydoom as a 4 out of 5, or "Severe" - more Update... Having read a few "breaking" articles about this virus, the strange e-mail I received seems smarter than what this virus is capable of. For example, it not only appeared to be from Sheffield Forum, but it also includes the web-site address in a few places and seems well targeted towards a forum type of site - i.e. warning people their usernames were due to expire. Hmm... all very confusing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.