Virus. WTF?
 

Some bot is using my email address to send viruses to people.

I get a shitload of them sent to me with a return address of [email protected] as well.

I also get all these "Undeliverable mail" messages saying this email has a virus and cannot be delivered to recipiant.

Fuck! somethingis sending out these things using my email address as the sender info. WTF?

I know my email isnt sending this shit out, cause I dont use outlook, and al my domain email is forwarded to a yahoo account. So the emial addresses these viruses say they are from dont really exist. They only exist on my websites as contact emails, so some bot must have spidered my email address off my site and is fucking using my address to send viruses.
WTF?

I have been getting that also, for the past week! It fucking SUCKS

Or some malicious fuck it out to tarnish your name. Sad really. Lame fuckers

are they from your own domain? As if they are sent to people with your email address?

Heres one i got just 3 seconds ago:

Note: This is an automated message sent from the Canwest Interactive
mail
system.

We rejected an email message because it either contained a virus or
contained a file attachment with a "dangerous" extension.

Unknown infected with HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet))
virus. The file is currently Removed. The message, "Japanese girl VS
playboy", was sent from admin .

Due to a dramatic increase in email viruses, Canwest Interactive now
blocks
email that has attachments with any one of the following file
extensions:

Most people would know any email addy acquired through a virus share would be bogus man... anyone who knows ya wouldnt think this.

a lot of these emails are just blank. Noting in em.
Just a subject heading to me, from me.

looks like its even trying to send it to my buddies.

The following mail can't be sent to [email protected]:

From: [email protected]
To: [email protected]
Subject: ismap alt
The attachment is the original mail

Post the message headers

yeah four of my domains, I have also gotten the same email from other "webmasters" I know

The retuen email addresses involved here are ALL emials ive used on my website for contact info.
I dont give or use these addresses for anything else, so it has to be a spider.

Emial addresses like: courtney at boneprone.com
and rates at boneprone.com arent used for anything else. In fact the emails dont exist, like i siad i have the forwarded to a yahoo account, so email can never really be sent from this address.

this is also a common one:


This is a nice game
This game is my first work.
You're the first player.
I wish you would like it.

yep, Bone, I get the same thing
I cant post it, because I delete it as they come in.

one was a iframe exploit

I got it too "mail undeliverable"...they had to have got the email addresses from here because I'm getting them at my @aol mailbox and this is the only place that email address would exist...

Sounds like it might be W32.Klez.E@mm or a varient of it, it runs its own small SMTP engine and spoofs headers. Believe me this little worm is fucking smart. It had ME offline for a few days tracking the little shits footprints around my machines. not a good thing ;-)

Yep that's Klez :D

I've been getting a crapload of emaisl like that actually.. blank, no attatchemnts, but they're over 100k in size! WTF!!

The engine works like this, lets say Lensman is infected with Klez, but boneprone isnt, it scans lensmans address book and finds boneprones and my e-mail addreses, it will then send spoofed e-mail from boneprone to me (from lensmans machine) ill go to bone and say, hey you sent me a virus, but when bone scans his machine he isnt infected, lensman is.. see.. sneaky little fucker, huh?

alot of them have been mutated to run completely off IRC now. Almost impossible to track down.

The security industry has turned commercial and the bad guys are gaining a very big head start. CERT has had an "incident report" submission for a while but CERT sucks ass. They solve nothing and are always waaaaaaay behind. Securityfocus is dead but BUGTRAQ is still alive. All unusual incidents should be sent to [email protected]

It is a mailing list for nothing but security specialists. They eat this stuff for breakfast. But they have to know it is there to eat it.

well its here.
This sucks.
People's email boxes are getting full!

Whats BUGTRAQ? J/K

And CERT still kicks ass, you just dont know who's ass they are kicking.

Yeah i sent in white papers yesterday on all the movements, footprints, and evolvs that i saw on my machine.

good deal. The internet kicks ass. Let's keep it that away :thumbsup

However, I have to disagree about CERT. I have found CERT to be totally inadequate. Typical Gov. workers.:disgust

We will have to agree to disagree on CERT, i know they have always take the time to go over my papers and send comments back.. it had been a year before these sent i had contact with them, but i think they are still solid.

I've been dealing with it too. I see emails from me to me or from one of my email addys to another one, but the header shows it comes from somewhere else completely. I also get notices that "I have sent someone a virus that wasn't delivered" but I run Nortons AV several times a week and it's always clean.

I've figured it's some virus or trojan that not only collects email addys from cache to send out to, but also uses those cached addys as fake senders.

After Sircam it's a total pain to have an email addy on a website. Since last summer I've had to resort to scanning headers only and deleting everything but emails I know should be clean.

I received about a half dozen of them yesterday; it being 2:06 AM my time. Norton antivirus caught all of them. Yesterday was the first day I received them, saying E-mail I had sent was undeliverable, because it contained a virus, but I did not send the E-mails. Norton identifies those E-mails as being a virus; I didn't write down the name of the virus.

Question:

Are these E-mail viruses ever traced down by anyone, anywhere, and if so, what is done to these people?

The attached file isn't visible, but still there, if you open the email you open the file [virus] too....real shitty !!
At http:www.majorgeeks.com u can download a little free program called Ad-Aware , that program deletes all your Spy-ware, i even found 47 spyware files in kazaa, and 182 in my entire PC. All SpyWare, and run to the store for a good AV !!
Run a scan, delete the infected files, and your ready to go again !
Sorry for my shitty english im 14 yrs old :P and skipping every class i have :D

My dad runs a couple of website's and sometimes he gets an email from a website visitor with a virus in it. Last time he traced down the guy's IP, and send the whole package to the Police, and the guy's internet provider. The guy's internet immediatly shut down, and he got picked up by the cops.
He had to stay in jail for 3 months and [i dunno a proper word] got a 'ticket' to pay ?5000 to the cops.
And...he's on some black list or something, he never gets an internet connectian again in the whole country of The Netherlands. :evil-laug

Norton AV and McAfee are the best AV around !
I have Norton AV 2002 , with all the updates.
In 3 yrs i never had a virus on my PC, all tnx to norton :)

I took all my email address off my site's that refer to any of my domain's some time ago..
And use a Yahoo one...
There is a file you can download to check just for this virus, worm, or Trojan.

http://securityresponse.symantec.com...oval.tool.html

Virus are not why I took my email address's off my site's... It's because some ass hole spammer used one as there return address and I was getting 500+ bounced email per day...

Boneprone read this man:

"Because this worm does use a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers receive complaints that they have sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using a antivirus program or does not have current virus definitions. When W32.Klez.E@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From:" line of an infected email that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her infected email, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

If you are using a current version of Norton AntiVirus, have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.

There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your email address is [email protected], you could receive a message that appears to be from [email protected], indicating that you attempted to send email and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened"

Read more here: http://[email protected]

Yah, me too. Klez is one nasty little piece of shit.

:ak47: Klez....

Here is all the info you need about the virus to avoid confusion

http://[email protected]

You would think someone with the knowledge to program a virus like that would use their knowledge for something constructive and legal.