|I got an e-mail from email@example.com titled "Fake". Looks fishy, has an attachment. |
|goto show all headers, it will list the original mail server it came from. email me the ip and i can let you know what ISP it came from|
|that is, if it was a fake with a virus. you can change in your mail client what email address it comes from and to reply to. you could make it "firstname.lastname@example.org"|
|It is fishy. It's a virus that didn't come from me. It's very easy for somebody to put a different email address into the Reply To header of an email and make it look like it's coming from somebody other than who sent it. This is basically what a lot of these viruses do. It grabs all the email addresses from you mailbox and then sends random crap out all over the place with all those email addresses used in the "Reply To" header. |
As Bennett said, open the message (not the attachment) and choose View and Options from the menu. This will show you where it really came from.
F-Secure Warns on the outbreaks caused by a "Virus Weekend"
Two new versions of Netsky and five new versions of Bagle found since Friday
Helsinki, Finland - March 1, 2004
Virus writers have been busy over the last days, with two new variants of the Netsky worm and five new variants of the Bagle worm found since Friday the 27th of February. Out of these worms, Netsky.D - found on Monday the 1st of March - is the most widespread.
The Netsky virus family consists of fairly simple Windows worms, which spread over email. Apart from spreading aggressively by sending infected PIF attachments around they do very little. The only unusual feature is that Netsky.D will start to play a loop of random beeps from the PC speaker on the morning of Tuesday the 2nd of March.
"We believe the reason for Netsky.D spreading so fast is because it was apparently spammed to a large amount of email addresses during Monday", says Mikko Hypponen, Director of Anti-Virus Research at F-Secure. "If it continues spreading at these levels it might go on to break the previous records set by Mydoom.A and Sobig.F", he continues.
F-Secure raised Netsky.D to F-Secure Radar Level 1 Alert during Monday. Level 1 is the highest alert level.
All the new Bagle variants known as Bagle.C, .D, .E, .F and .G were found during the weekend. The original Bagle.A (also known as Beagle) is a Windows email worm that was first discovered on January 18th, 2004, and became globally widespread in just 24 hours.
All the five new versions of Bagle seem to be written by the same virus author. "It seems the writer is waging a virus war", says Hypponen. "Apparently he has been monitoring closely how quickly the antivirus vendors have released detections, then made the necessary alterations to avoid detection and released new versions immediately", he continues.
F-Secure raised Bagles to F-Secure Radar Level 2 Alert during the weekend.
Bagle.F and .G have an interesting feature in them. Both of them send infected files inside ZIP archives encrypted with a password that is mentioned in the email message. The ZIP itself is variable, as the EXE inside has a random part in it. Most probably the virus this way tries to bypass detection of gateway and server scanners, which might not be able to decrypt such archives.
In addition to this feature, Bagle.F uses deceiving icons for the infected attachments that look like folders, and thus may seem harmless to the end user.
Pictures of the Bagle folder icons can be seen in the F-Secure Weblog, which follows developments on these new viruses. Also a recording of the beep sound loop played by Netsky.D can be downloaded from the weblog which is available at: http://www.f-secure.com/weblog/.
F-Secure Anti-Virus can detect and remove all the new Netsky and Bagle variants. F-Secure Anti-Virus can be downloaded from http://www.f-secure.com .
F-Secure has also released free tools, which can be used to remove Bagle or Netsky from infected systems. The tools can be downloaded through the F-Secure Virus Information Center at http://www.f-secure.com/v-descs/
|I caught the netsky....it's nasty. Gets ahold of your address book, starts sending e-mails and attaches itself to it. My anti-virus wouldn't let it out, but it sure did slip in.|
|Quick update here - I ran full system scan after I updated and it fixed everything up. I don't believe it got out from me. At one point I had over 60 pop-ups on my screen saying that the "outgoing message" contained a virus and wouldn't let it go out. |
|you guys are wishing you had a mac|
We are getting slammed by this today.
|I have a couple freinds who have a Mac and swear by it. I have probs with my comp all the time and they laugh it off. |
I'm not super comp intelligent. My work entails a ton of Excel, pics, doc attachments. Won't this be a headache due to no-one else in my company having Mac, or is it a non-issue.
|I haven't rebooted my computer or turned it off in over four years. It's never had a virus. Gotta love Solaris. |
|It's not the pc, its Outlook and its unencrypted address book. Use lotus notes or GroupWise for e-mail and take the target off your computer. Almost all viruses are written to kill outlook and outlook express.|