Virus alert

Over the past 12 hours or so, I received 2 emails with infected attachment
and header "hello." I get this kind of stuff all the time, but this one
comes from an employee of Anacortes

I telephoned Anacortes and gave them a heads up, but anyone who could do
anything to correct was not available at the time. In the event that you
get an email like this, needless to say, don't open it.

Al

Al wrote:
Over the past 12 hours or so, I received 2 emails with infected attachment
and header "hello." I get this kind of stuff all the time, but this one
comes from an employee of Anacortes

I telephoned Anacortes and gave them a heads up, but anyone who could do
anything to correct was not available at the time. In the event that you
get an email like this, needless to say, don't open it.

Unfortunately, there's not much Anacortes can do about it at all. The
sender need not have any affiliation with Anacortes or the domain name
buytelescopes.com. All that is needed is the ability to forge the name
of the sender in the e-mail message.

Brian Tung
The Astronomy Corner at http://astro.isi.edu/
Unofficial C5+ Home Page at http://astro.isi.edu/c5plus/
The PleiadAtlas Home Page at http://astro.isi.edu/pleiadatlas/
My Own Personal FAQ (SAA) at http://astro.isi.edu/reference/faq.txt

Ï "Brian Tung" Ýãñáøå óôï ìÞíõìá
...
[snip]

Unfortunately, there's not much Anacortes can do about it at all. The
sender need not have any affiliation with Anacortes or the domain name
buytelescopes.com. All that is needed is the ability to forge the name
of the sender in the e-mail message.

Which is usually what happens by various viruses. The virus harvests email
addresses from the addressbook of some computer and sends infected messages
to all those addresses. Before doing so it forges the sender's address
putting one of the various addresses it has encountered as a return adress,
so it often becomes impossible to trace the original infected person, as
when the email bounces it returns to people =/= infected sender.

I've had infected emails bouncing back to me, although my computer is
completely clean. Also, you should all be aware that the latest mass email
worms harvest email addresses from newsgroups, so if your correct address
shows up in the newsgroup header, chances are you will be getting hundreds
of infected emails by Swen, at al.

Of course, when those worms try to send ME an infected email, it goes to
Mars :*)))

Brian Tung
The Astronomy Corner at http://astro.isi.edu/
Unofficial C5+ Home Page at http://astro.isi.edu/c5plus/
The PleiadAtlas Home Page at http://astro.isi.edu/pleiadatlas/
My Own Personal FAQ (SAA) at http://astro.isi.edu/reference/faq.txt
--
Ioannis Galidakis
http://users.forthnet.gr/ath/jgal/
------------------------------------------
Eventually, _everything_ is understandable

I already know that a third party can be the culprit, but I'm just giving
everyone a heads up.

Al


"Brian Tung" wrote in message
...
Al wrote:
Over the past 12 hours or so, I received 2 emails with infected
attachment
and header "hello." I get this kind of stuff all the time, but this one
comes from an employee of Anacortes

I telephoned Anacortes and gave them a heads up, but anyone who could do
anything to correct was not available at the time. In the event that
you
get an email like this, needless to say, don't open it.

Unfortunately, there's not much Anacortes can do about it at all. The
sender need not have any affiliation with Anacortes or the domain name
buytelescopes.com. All that is needed is the ability to forge the name
of the sender in the e-mail message.

Brian Tung
The Astronomy Corner at http://astro.isi.edu/
Unofficial C5+ Home Page at http://astro.isi.edu/c5plus/
The PleiadAtlas Home Page at http://astro.isi.edu/pleiadatlas/
My Own Personal FAQ (SAA) at http://astro.isi.edu/reference/faq.txt

I am scanning our machines too make sure we are clean right now but I am
pretty sure that those emails did not come from us. Most of the current
viruses use spoofed email addresses so that you cannot reply to the sender
letting them know that they are infected. You can check the header of the
email for the originating ip address which will tell you what server sent
the email. I hope this helps, thank you.



Ray York

Anacortes Telescope

http://www.BuyTelescopes.com





"Al" wrote in message
t...
Over the past 12 hours or so, I received 2 emails with infected attachment
and header "hello." I get this kind of stuff all the time, but this one
comes from an employee of Anacortes

I telephoned Anacortes and gave them a heads up, but anyone who could do
anything to correct was not available at the time. In the event that you
get an email like this, needless to say, don't open it.

Al

"Al" wrote in message
t...
Over the past 12 hours or so, I received 2 emails with infected attachment
and header "hello." I get this kind of stuff all the time, but this one
comes from an employee of Anacortes

I telephoned Anacortes and gave them a heads up, but anyone who could do
anything to correct was not available at the time. In the event that you
get an email like this, needless to say, don't open it.

Al
The 'odds' are that Tom.bond, may not even exist!.
I have received dozens of 'bounced' emails at the email server I use today,
which contain virii, and have been bounced by the recipients, each of which
'purports' to come from an address at the server, but none come from the
'real' address. There has been a marked 'pattern' of names that are made up
of two fairly 'popular' or famous names, cattenated together into a form
like 'Tom.bond'. It appears that one of the current virii, is taking 'known'
addresses, and adding 'semi random' names from a database of names, to make
up the apparent 'source address'.
If Tom.bond exists, his email address has probably simply been 'harvested',
and has been used as the return address by the 'real' source. This has been
common for quite a while with several viruses, it is the cattenation
approach that seems 'new'.
With viruses, the only good approach, is along the lines of "if it moves
shoot it, if it doesn't move, shoot it anyway"...
Hence, _any_ unsolicited mail (however 'legitimate seeming' the source is,
should be treated at all times as if it is contagious (it may well be).

Best Wishes

"Al" wrote in
t:

Over the past 12 hours or so, I received 2 emails with infected
attachment and header "hello." I get this kind of stuff all the time,
but this one comes from an employee of Anacortes


I telephoned Anacortes and gave them a heads up, but anyone who could
do anything to correct was not available at the time. In the event
that you get an email like this, needless to say, don't open it.

Al




That is probably one of the mydoom variants. It has a list of a number of
titles of which it selects one at random ('Hello' is just one of the
subjects it uses). It puts in a fake source email address so it wouldn't
have come from anacortes but probably someone who has both anacortes and
you in their address book.

L.

"Al" wrote in
t:

In the event that you
get an email like this, needless to say, don't open it.

If you don't use Outlook Express, there's absolutely nothing to worry about
unless you open the attachment.

donutbandit wrote:

"Al" wrote in
t:

In the event that you
get an email like this, needless to say, don't open it.

If you don't use Outlook Express, there's absolutely nothing to worry about
unless you open the attachment.

If you looked at Al's headers, you'd see that he uses Outlook Express.
Now you got him worried g.

Well, Al - if you disable the preview pane you're a little safer.