Virus Warnings Thread.

[Driftwood]

It could be me....... I doubt it though

I'm not sure but think my email account may have been hacked - nice eh? The reason I say this is that on my webserver I found

</span>

Quote:

Originally Posted by [b

Quote[/b] ]This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its recipients.
This is a permanent error. The following address(es) failed:cdman_1@hotmail.com

For further assistance, please contact &lt; postmaster@bitsmart.com &gt;
If you do so, please include this problem report. You can
delete your own text from the message returned below.

Copy of your message, including all the headers is attached

<span =''>

Now I've not sent that email.... Also it has a .bat (batch) file and .eml (possible email worm) which I've not opened or downloaded - if anyone wants to be nice enough to check them I'll foward it ;) as downloading to home I don't fancy nor to a corporate server (midden hitting the windmill comes to mind)

Please note - if you have received anything from my driftwood@bitsmart.com Netfoward account in the last 10 days please let me know as I've not sent it!

Enquires are continuing as if this has gone to you guys then it is likely to have been a deliberate attack by someone with our email addresses.

[peter k]

I have had that as well Driftwood, though mine came from an E-mail I did try to send. If memory serves me right it was from the guy on D-Net who was selling off a load of dive gear from a shop. It took a couple of weeks to come back to me though. I thought it meant his mailbox was full and would not recieve my message. I think that It was a genuine mail from some software that lets you know when you're mail didn't get through.
  Then again we could all just blame Matt, after all, we need someone to blame.;)

[Driftwood]

Possible Peter but I don't recognise the cdman_1@hotmail.com addie.....

Besides, the attachments were entitled &quot;~&#36rench coursework&quot; which I'm useless at....

Wanna see?

[Andy Winterburn]

Drifty
Send it to me at andrew@kasian.force9.co.uk, I'll have a look at the servers its been through and see if we can't find who's account sent it out!

[Driftwood]

Cheers Andy,

It's on it's way so look out for a Fwd: Undeliverable Mail Returned to sender........

Should have 2 attachments.

Ta

[Driftwood]

Sorry all but I'm fairly sure the source of the recent outbreak although I'm yet to trace the virus on my home computer.

If you have received anything from me recently either from

driftwood@bitsmart.com or
driftwood@bitsmart4.freeserve.co.uk

Delete it! (Bill you're safe as I've emailled you about the DR from the webmail server direct, hence the funny email addie)

Then either go to Symantec or NAI and look up the W32/Yaha.g@MM worm.

Apologies to all hit by this, I'm buggered as to know where it came from or how it got around McAfee as I'm normally fairly good at spotting the rogues. I may be wrong though as I've only seen it on the webserver prior to downloading so it may only be one I've been sent but better safe than sorry.....

Cheers to Andy W for the analysis.

[John Holmes]

Hi Drift!
Sorry to hear about the virus problem mate - hope its all sorted now.

Reading your posts and the other posts below concerning viruses made me think -

Yahoo was involved, French course work??

Now this may mean nothing at all, but, on 6 November a French student, named Julie, with the screen name ladybirdho@yahoo.fr posted a request on the site,
asking members to go to www.bondihotel****** and complete the questionnaire.

John Gulliver was unable to access the site, and Hobby was denied access to the site by (as he aptly put it) the college web nanny on the grounds that the site was BLOCKED.

Steve W also could not access the site.

Don't know if this is any use to you, but the mention of Yahoo and french coursework got the grey matter stirring!
Cheers
John

[peter k]

Might be right. I filled that form in and was one of the people who recieved one of the bugged mails.

Peter

[Paul Oliver]

Ahh,Ladybird, i had one of those as well, French coursework, although several letters were changed. Maybe i'll have to stop being helpfull on questionares.

Got me in some trouble with our IT Dragon Lady, she has been breathing flames down my neck all day following that. But then again i'm used to being in the c**p for things i've done wrong on my PC. Sofos picked it up.

Regards

Paul

[Andy Winterburn]

Sorry but the questionaire on the &nbsp;http://www.bondihotel****** link is not responsible for this. The virus works out of an outlook/outlook express type of address book. Having looked at the page and completed the questionaire, you are never asked for your email address.
Drifty will have had an infected email sent at some stage, the virus mutates in that it changes the header in the message when it is re-sent.
Sorry