LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 01-29-2004, 07:43 AM   #1
Pres
Member
 
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232

Rep: Reputation: 30
Norton AntiVirus detected and quarantined a virus in a message you sent.


This is the contents of an email that arrived in my "bulk mail", with the message title the same as my thread title.

"Recipient of the infected attachment: PKSERVER01, First Storage
Group\Mailbox Store (PKSERVER01), Lyn Plant/Inbox
Subject of the message: HELLO
One or more attachments were quarantined.
Attachment document.zip was Quarantined for the following reasons:
Virus W32.Novarg.A@mm was found in document.scr."

Interesting. I have been treated to three MyDoom infected emails so far, but I have only opened these fellows under linux. I did not do anything with the attachments in any case, and certainly not under windows. I use a web based email system and browse with java and javascript enabled - and I believe this PKSERVER01 is my buddy Pat Keegan. Have I fallen for a script trap and propogated this virus ? I read nothing about this behaviour when I was reading up on it.

Edit : I have read the description again and I now believe that my email address has been used as a spoof address .... I think that both Pat's address and mine were in an address book and my address was used against him. One of my bungling windows friends has put me in the frame !! How will I explain this to Pat ?

Last edited by Pres; 01-29-2004 at 07:50 AM.
 
Old 01-29-2004, 08:28 AM   #2
Nukem
Member
 
Registered: May 2003
Location: Canada, TO.
Distribution: Slackware: in progress, Mandrake 9.2, Libranet, Vector
Posts: 373

Rep: Reputation: 30
You are so lucky you keep getting the virus. I havent get it so far, at least to take a look at it. Can you please forward it to me? ".com"

Last edited by Nukem; 01-31-2004 at 06:01 PM.
 
Old 01-29-2004, 08:39 AM   #3
Pres
Member
 
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232

Original Poster
Rep: Reputation: 30
Sent.
 
Old 01-29-2004, 05:54 PM   #4
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
Quote:
Originally posted by Nukem
You are so lucky you keep getting the virus. I havent get it so far, at least to take a look at it. Can you please forward it to me? "ruwan32@hotmail.com"
What the heck are you talking about? Do you WANT the virus? And to the original poster: What is the point of this post? It isn't LQ's fault that a virus was on THEIR email.
 
Old 01-29-2004, 08:01 PM   #5
Pres
Member
 
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Squall
And to the original poster: What is the point of this post? It isn't LQ's fault that a virus was on THEIR email.
I wanted people in the know to confirm or otherwise clarify my suspicions. I wasn't accusing LQ of being at fault in any way.
 
Old 01-30-2004, 03:29 AM   #6
CatSC
Member
 
Registered: Oct 2003
Location: New Zealand, Wellington
Distribution: Red Hat 9, Gentoo 1.4, Vector 4.0
Posts: 74

Rep: Reputation: 15
With SMTP protocol you can set sender's address to anything you like.
I think mail was send from someone else's computer who has you in their contacts.
 
Old 01-30-2004, 03:37 PM   #7
Nukem
Member
 
Registered: May 2003
Location: Canada, TO.
Distribution: Slackware: in progress, Mandrake 9.2, Libranet, Vector
Posts: 373

Rep: Reputation: 30
Quote:
Originally posted by Squall
What the heck are you talking about? Do you WANT the virus? And to the original poster: What is the point of this post? It isn't LQ's fault that a virus was on THEIR email.
Do you at least understand what he is talking about?
 
Old 01-30-2004, 05:35 PM   #8
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
Is that above statement referring to me? If it is, I am just stating that there is no reason to post that information on this site, because it has nothing to do with LQ. All it does is create unnecessary confusion and worry. If not, ignore everything I just said.
 
Old 01-30-2004, 06:19 PM   #9
Megamieuwsel
Member
 
Registered: Sep 2002
Location: Haarlem , the Netherlands
Distribution: VectorLinux SOHO 5.1
Posts: 465

Rep: Reputation: 35
Ignoring is NOT the best policy in most cases.
Like with this virus : There IS a quite legitimate reason , why one would want to recieve a certain virus ;
Namely , to figure out what makes it tick and thus be able to come up with a defense for it.
Knowledge will always be the best weapon against malicious acts like this.
Knowledge is NEVER to be considered as "wasted time".
Knowledge is power.
 
Old 01-31-2004, 01:03 AM   #10
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
Whatever. We already have professionals doing it
 
Old 01-31-2004, 02:50 AM   #11
Megamieuwsel
Member
 
Registered: Sep 2002
Location: Haarlem , the Netherlands
Distribution: VectorLinux SOHO 5.1
Posts: 465

Rep: Reputation: 35
And we already have professionals for administrating computer-systems.
Do you imply , we shouldn't try to figure it out for ourselves either?
If so : WHAT THE *(Insert your favorite verb , noun or other derogatory term here) are you doing here?
 
Old 01-31-2004, 11:34 AM   #12
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
Okay, fine, there is no way out of this. I retract my statement.
 
Old 01-31-2004, 11:46 AM   #13
RolledOat
Member
 
Registered: Feb 2003
Location: San Antonio
Distribution: Suse 9.0 Professional
Posts: 843

Rep: Reputation: 30
Yes, you are correct. Your address was spoofed. I have been getting 4 or 5 emails like that a day, stating that the mail I sent was not delivered. Proviously, with the sobig, my ISP, or some bonehead there, emailed me threatening to suspend my account due to the volume of virus emails my computer was sending. I copied their main IT in a reply with the following questions.

1) Which version of Linux is vulnerable to this virus, I don't have or run Windows?
2) Do you know how easy it is to spoof an email address?

Never heard a peep.

R.O.
 
Old 01-31-2004, 04:01 PM   #14
CatSC
Member
 
Registered: Oct 2003
Location: New Zealand, Wellington
Distribution: Red Hat 9, Gentoo 1.4, Vector 4.0
Posts: 74

Rep: Reputation: 15
You can still see the original IP of sender. I think it's possible to fake IP as well but virus
can't do that(I think).
 
Old 01-31-2004, 05:57 PM   #15
Squall
Member
 
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239

Rep: Reputation: 30
Also, don't think anything bad about your friend yet. It's extremely likely that he got the worm, and the worm emailed itself to his contacts.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there something like Norton Antivirus for Linux.? asahlot Linux - Security 3 10-20-2005 12:51 AM
Motherboard in-built AV detected Virus!!! duffmckagan Mandriva 10 04-29-2005 10:40 PM
Antivirus for Lunix similar Norton Antivirus for Windows Chivozertsev Linux - Software 1 03-31-2005 08:56 AM
Norton anti virus 2005 and debain linux server ? james2005 Linux - Security 3 03-17-2005 03:44 AM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 02:44 AM


All times are GMT -5. The time now is 01:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration