Is there a new virus (or virus spammer) out there today?

D

David W.E. Roberts

Hi,

last couple of hours I have recevied 8 SPAM emails with attachments of
around 100KB claiming to be from various unlikely places including
(e-mail address removed) and (e-mail address removed)

The attachments are mainly '.pif' files although there is at least one
'.scr' file.

I thought that when a virus infected a machine it normally used the infected
machine's email identity to send out further copies of itself.

In this case nobody on the originator list is likely to have my email
address via legitimate means so it looks as though someone is using a SPAM
mailing list to send out the virus.

This assumes it is a virus - I have just deleted the messages because NAV
doesn't seem to find the virus whilst the file is an OE attachment and just
picks it up when you try to open or save the attachment.

Anyone else having problems?

Cheers
Dave R

--
 
G

Gerhard Beulke

Hi,

last couple of hours I have recevied 8 SPAM emails with attachments of
around 100KB claiming to be from various unlikely places including
(e-mail address removed) and (e-mail address removed)

The attachments are mainly '.pif' files although there is at least one
'.scr' file.

I thought that when a virus infected a machine it normally used the infected
machine's email identity to send out further copies of itself.

In this case nobody on the originator list is likely to have my email
address via legitimate means so it looks as though someone is using a SPAM
mailing list to send out the virus.

This assumes it is a virus - I have just deleted the messages because NAV
doesn't seem to find the virus whilst the file is an OE attachment and just
picks it up when you try to open or save the attachment.

Anyone else having problems?

Cheers
Dave R

I get the same crap from an Austrian Uni and from Switzerland.pif and
scr
These emails rolling in in bundles all from the same guys.
72KB attachments...
 
D

David W.E. Roberts

David W.E. Roberts said:
Hi,

last couple of hours I have recevied 8 SPAM emails with attachments of
around 100KB claiming to be from various unlikely places including
(e-mail address removed) and (e-mail address removed)

The attachments are mainly '.pif' files although there is at least one
'.scr' file.

I thought that when a virus infected a machine it normally used the infected
machine's email identity to send out further copies of itself.

In this case nobody on the originator list is likely to have my email
address via legitimate means so it looks as though someone is using a SPAM
mailing list to send out the virus.

Most of the mail claims to come from

"Received: from [193.195.200.151] (helo=D6BN140J)"

Search results for: 193.195.200.151

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL

NetRange: 193.0.0.0 - 193.255.255.255
CIDR: 193.0.0.0/8
NetName: RIPE-CBLK
NetHandle: NET-193-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS.RIPE.NET
NameServer: NS2.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH03.NS.UU.NET
NameServer: MUNNARI.OZ.AU
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1992-08-12
Updated: 2003-04-25

OrgTechHandle: RIPE-NCC-ARIN
OrgTechName: RIPE NCC Hostmaster
OrgTechPhone: +31 20 535 4444
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2003-08-18 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
RIPE database gives% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 193.195.192.0 - 193.195.207.255
netname: LEWNET
descr: London Borough of Lewisham
descr: Local Government
country: GB
admin-c: MA74-RIPE
tech-c: MA74-RIPE
tech-c: IF293-RIPE
rev-srv: redtape.lewisham.gov.uk
rev-srv: DNS.idiscover.co.uk
status: ASSIGNED PI
mnt-by: AS2529-MNT
changed: (e-mail address removed) 19990123
source: RIPE
route: 193.195.192.0/20
descr: Lewisham
origin: AS20762
mnt-by: EQUINOX-MNT
changed: (e-mail address removed) 20020903
source: RIPE
person: Mark Alexander
address: Lewisham Computing
address: Room 203, Lewisham Town Hall
address: Catford, London
address: SE6 4RU UK
phone: +44 81 695 6000 x3253
phone: +44 81 695 6000 x3188
fax-no: +44 81 690 9489
nic-hdl: MA74-RIPE
changed: (e-mail address removed) 19960401
source: RIPE
person: Ian Fowler
address: Lewisham Computing
address: Room 203, Lewisham Town Hall
address: Catford, London
address: SE6 4RU UK
phone: +44 81 695 6000
phone: +44 81 695 6000
fax-no: +44 81 690 9489
nic-hdl: IF293-RIPE
changed: (e-mail address removed) 19990120
source: RIPE
So Gawd bless Catford and all who sail in her!Dave R
 
D

David W.E. Roberts

Talked to the IT Helpdesk at Lewisham.
They have an infection but think they have cured it.
Also told them their RIPE entry was out of date :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top