LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-18-2004, 02:04 AM   #1
jong357
Senior Member
 
Registered: May 2003
Location: Columbus, OH
Distribution: DIYSlackware
Posts: 1,914

Rep: Reputation: 52
Question A virus from Linuxquestions?


This is kind of strange... I got this in the mail... What is the purpose of this and what exactally is it supposed to do on Slackware anyway, even IF sbc would let me download it?

Linuxquestions.net takes me to linuxquestions.org in my browser so I thought I would let everyone know about it... Cheers!



Code:
"Your SBC Yahoo! Mail Virus Protection detected the virus 
'"W32.Beagle@mm!zip"' in the file '"Attach.zip"', attached to the enclosed email 
message. We scanned the file using Norton AntiVirus but were unable to 
clean it. Therefore, we removed the content of the attachment from the 
message. Please contact the message sender if you want to receive the 
attachment. They must clean the file and resend it before we can deliver it 
to you safely."

"SBC Yahoo! Mail successfully cleans most infected attachments, which 
protects you from viruses."


------------------------------------------------------------------------


Authentication-Results: mta826.mail.sc5.yahoo.com

  from=linuxquestions.net; domainkeys=neutral (no sig)

X-Originating-IP: [209.212.118.139]

Return-Path: <114398@linuxquestions.net>

Received: from 207.115.63.49  (EHLO vml-ext.prodigy.net) 
(207.115.63.49)
  by mta826.mail.sc5.yahoo.com with SMTP; Thu, 16 Dec 2004 12:56:47 
-0800
X-Header-NoReverseIP: IP.name.lookup.failed[209.212.118.139]
X-Originating-IP: [209.212.118.139]
Received: from Eugenework ([209.212.118.139])
	by vml-ext.prodigy.net (8.12.10 083104/8.12.10) with SMTP id 
iBGKtuja344732
	for <jongrosshart@sbcglobal.net>; Thu, 16 Dec 2004 15:55:58 -0500
Date: Thu, 16 Dec 2004 22:55:59 +0200
To: jongrosshart@sbcglobal.net
Subject: ^_^ mew-mew (-:
From: 114398@linuxquestions.net
Message-ID: <clrrwmiwcjukusryaux@linuxquestions.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------ijtnwihrddkhloucxojx"

----------ijtnwihrddkhloucxojx
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 I don't bite, weah!

password: 35321

----------ijtnwihrddkhloucxojx
Content-Type: application/octet-stream; name="Attach.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attach.zip"


----------ijtnwihrddkhloucxojx--
 
Old 12-18-2004, 05:19 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
this is presumably using a spoofed address. there is no LQ.org user with that name, and being webmail only an address on lq.net (our free email service) couldn't send somethign like that through.
 
Old 12-18-2004, 09:15 AM   #3
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,259

Rep: Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920
Chris is correct, the address is being spoofed (ie. this is in no way associated with LQ). Unfortunately, this is all too common place these days.

--jeremy
 
Old 12-18-2004, 10:21 AM   #4
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 256Reputation: 256Reputation: 256
Hehe.. its like a few weeks ago a guy at work said I couldn't send him an email and make it look like it was sent by G. Bush at whitehouse.gov.. well, he was wrong and it was a damn funny email I sent him to prove him wrong..
 
Old 12-18-2004, 04:35 PM   #5
jong357
Senior Member
 
Registered: May 2003
Location: Columbus, OH
Distribution: DIYSlackware
Posts: 1,914

Original Poster
Rep: Reputation: 52
Yea, Thats what I figured. Obviously it was more than likely someone here on the forums but why would a linux user send another linux user a windows virus?
Funny stuff.... Thanks...
 
Old 12-19-2004, 08:46 PM   #6
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,259

Rep: Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920Reputation: 3920
jong357, it more than likely wasn't a user here on the forums. It was likely a spambot or virus randomly spoofing the from address.

--jeremy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linuxquestions.org bullium LQ Suggestions & Feedback 6 01-03-2005 03:18 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 02:35 PM
trend chipway virus detected boot virus rafc Linux - Security 1 05-13-2004 01:44 AM
Hi,everyone! My first [LinuxQuestions]! icyice LinuxQuestions.org Member Intro 8 02-24-2004 06:59 AM
LinuxQuestions is Brilliant ! onurb LinuxQuestions.org Member Success Stories 18 03-20-2003 11:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration