General NOTE: The general forum has been closed to new posts while we evaluate moderator availability.
This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
01-29-2004, 06:43 AM
|
#1
|
Member
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232
Rep:
|
Norton AntiVirus detected and quarantined a virus in a message you sent.
This is the contents of an email that arrived in my "bulk mail", with the message title the same as my thread title.
"Recipient of the infected attachment: PKSERVER01, First Storage
Group\Mailbox Store (PKSERVER01), Lyn Plant/Inbox
Subject of the message: HELLO
One or more attachments were quarantined.
Attachment document.zip was Quarantined for the following reasons:
Virus W32.Novarg.A@mm was found in document.scr."
Interesting. I have been treated to three MyDoom infected emails so far, but I have only opened these fellows under linux. I did not do anything with the attachments in any case, and certainly not under windows. I use a web based email system and browse with java and javascript enabled - and I believe this PKSERVER01 is my buddy Pat Keegan. Have I fallen for a script trap and propogated this virus ? I read nothing about this behaviour when I was reading up on it.
Edit : I have read the description again and I now believe that my email address has been used as a spoof address .... I think that both Pat's address and mine were in an address book and my address was used against him. One of my bungling windows friends has put me in the frame !! How will I explain this to Pat ?
Last edited by Pres; 01-29-2004 at 06:50 AM.
|
|
|
01-29-2004, 07:28 AM
|
#2
|
Member
Registered: May 2003
Location: Canada, TO.
Distribution: Slackware: in progress, Mandrake 9.2, Libranet, Vector
Posts: 373
Rep:
|
You are so lucky you keep getting the virus. I havent get it so far, at least to take a look at it. Can you please forward it to me? ".com"
Last edited by Nukem; 01-31-2004 at 05:01 PM.
|
|
|
01-29-2004, 07:39 AM
|
#3
|
Member
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232
Original Poster
Rep:
|
Sent.
|
|
|
01-29-2004, 04:54 PM
|
#4
|
Member
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239
Rep:
|
Quote:
Originally posted by Nukem
You are so lucky you keep getting the virus. I havent get it so far, at least to take a look at it. Can you please forward it to me? "ruwan32@hotmail.com"
|
What the heck are you talking about? Do you WANT the virus? And to the original poster: What is the point of this post? It isn't LQ's fault that a virus was on THEIR email.
|
|
|
01-29-2004, 07:01 PM
|
#5
|
Member
Registered: Jun 2002
Location: Australia
Distribution: Slack 9.1
Posts: 232
Original Poster
Rep:
|
Quote:
Originally posted by Squall
And to the original poster: What is the point of this post? It isn't LQ's fault that a virus was on THEIR email.
|
I wanted people in the know to confirm or otherwise clarify my suspicions. I wasn't accusing LQ of being at fault in any way.
|
|
|
01-30-2004, 02:29 AM
|
#6
|
Member
Registered: Oct 2003
Location: New Zealand, Wellington
Distribution: Red Hat 9, Gentoo 1.4, Vector 4.0
Posts: 74
Rep:
|
With SMTP protocol you can set sender's address to anything you like.
I think mail was send from someone else's computer who has you in their contacts.
|
|
|
01-30-2004, 02:37 PM
|
#7
|
Member
Registered: May 2003
Location: Canada, TO.
Distribution: Slackware: in progress, Mandrake 9.2, Libranet, Vector
Posts: 373
Rep:
|
Quote:
Originally posted by Squall
What the heck are you talking about? Do you WANT the virus? And to the original poster: What is the point of this post? It isn't LQ's fault that a virus was on THEIR email.
|
Do you at least understand what he is talking about?
|
|
|
01-30-2004, 04:35 PM
|
#8
|
Member
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239
Rep:
|
Is that above statement referring to me? If it is, I am just stating that there is no reason to post that information on this site, because it has nothing to do with LQ. All it does is create unnecessary confusion and worry. If not, ignore everything I just said.
|
|
|
01-30-2004, 05:19 PM
|
#9
|
Member
Registered: Sep 2002
Location: Haarlem , the Netherlands
Distribution: VectorLinux SOHO 5.1
Posts: 470
Rep:
|
Ignoring is NOT the best policy in most cases.
Like with this virus : There IS a quite legitimate reason , why one would want to recieve a certain virus ;
Namely , to figure out what makes it tick and thus be able to come up with a defense for it.
Knowledge will always be the best weapon against malicious acts like this.
Knowledge is NEVER to be considered as "wasted time".
Knowledge is power.
|
|
|
01-31-2004, 12:03 AM
|
#10
|
Member
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239
Rep:
|
Whatever. We already have professionals doing it
|
|
|
01-31-2004, 01:50 AM
|
#11
|
Member
Registered: Sep 2002
Location: Haarlem , the Netherlands
Distribution: VectorLinux SOHO 5.1
Posts: 470
Rep:
|
And we already have professionals for administrating computer-systems.
Do you imply , we shouldn't try to figure it out for ourselves either?
If so : WHAT THE *(Insert your favorite verb , noun or other derogatory term here) are you doing here?
|
|
|
01-31-2004, 10:34 AM
|
#12
|
Member
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239
Rep:
|
Okay, fine, there is no way out of this. I retract my statement.
|
|
|
01-31-2004, 10:46 AM
|
#13
|
Member
Registered: Feb 2003
Location: San Antonio
Distribution: Suse 9.0 Professional
Posts: 843
Rep:
|
Yes, you are correct. Your address was spoofed. I have been getting 4 or 5 emails like that a day, stating that the mail I sent was not delivered. Proviously, with the sobig, my ISP, or some bonehead there, emailed me threatening to suspend my account due to the volume of virus emails my computer was sending. I copied their main IT in a reply with the following questions.
1) Which version of Linux is vulnerable to this virus, I don't have or run Windows?
2) Do you know how easy it is to spoof an email address?
Never heard a peep.
R.O.
|
|
|
01-31-2004, 03:01 PM
|
#14
|
Member
Registered: Oct 2003
Location: New Zealand, Wellington
Distribution: Red Hat 9, Gentoo 1.4, Vector 4.0
Posts: 74
Rep:
|
You can still see the original IP of sender. I think it's possible to fake IP as well but virus
can't do that(I think).
|
|
|
01-31-2004, 04:57 PM
|
#15
|
Member
Registered: Jan 2004
Location: The land of the free and the home of the brave
Distribution: Slack 10
Posts: 239
Rep:
|
Also, don't think anything bad about your friend yet. It's extremely likely that he got the worm, and the worm emailed itself to his contacts.
|
|
|
All times are GMT -5. The time now is 02:44 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|