Microsoft email attachment?

  • Thread starter Thread starter Erik Cominolli
  • Start date Start date
E

Erik Cominolli

Over the past week, I've been getting thousands of emails
claiming to be from microsoft telling me that there is a
patch attached to this email. I know this isn't true and
someone has a virus but how do I track them down? The
email headers are coming from dozens of places. Should I
just shut down my email account and start over or is
there a way to fix this. These are like 116kb attachments
and my pc is geting quite bogged down. I have 4678 of
them right now. I called Verio, who hosts my email server
and they said they can show me the email server that the
mail came from but that's it. How do I stop this madness?
 
Not easy, Erik. Just be sure to delete them.

You could download a filter app such as Mailwasher.

Ed
 
They are bogus e-mails that do have a virus attached.....you can try to
block the thru outlook........Click tools, message rules, and then set it up
to block, delete or to move it to a folder. I am not sure of all of this,
as I have not yet to get one of these e-mails....I hope this helps!
 
Erik said:
Over the past week, I've been getting thousands of emails
claiming to be from microsoft telling me that there is a
patch attached to this email. I know this isn't true and
someone has a virus but how do I track them down? The
email headers are coming from dozens of places. Should I
just shut down my email account and start over or is
there a way to fix this. These are like 116kb attachments
and my pc is geting quite bogged down. I have 4678 of
them right now. I called Verio, who hosts my email server
and they said they can show me the email server that the
mail came from but that's it. How do I stop this madness?
Click to expand...

This has been discussed hundreds of times previously on this forum. Go
back and read for advice.

Summary:
1. can't stop them
2. don't open them.
3. delete all 4678 of them you have ... NOW
4. consider dumping the email account if you don't have effective spam
filters.
5. consider getting effective spam filters
6. ask Verio why they don't provide spam filtering for you
 
Erik Cominolli said:
Over the past week, I've been getting thousands of emails
claiming to be from microsoft telling me that there is a
patch attached to this email. I know this isn't true and
someone has a virus but how do I track them down?
Click to expand...

It's not possible. The virus forges headers, so whoever it says it's
from pretty surely didn't actually send it. And whoever did actually
send it is probably unaware that his computer is spewing this garbage.
 
Tim Slattery said:
It's not possible. The virus forges headers, so whoever it says it's
from pretty surely didn't actually send it. And whoever did actually
send it is probably unaware that his computer is spewing this garbage.
Click to expand...

It's not possible? And you are a MVP? My impression of MVP's
just took a nose dive.....sheesh!

Of course it's possible - read the IP address from the originator
and do a /whois, then report the guilty party to the abuse dept
at his ISP. Here's what I got from your post:

Posting IP address 146.142.45.43

OrgName: Bureau of Labor Statistics
OrgID: BLS-1
Address: 2 Mass. Ave., NE
City: Washington
StateProv: DC
PostalCode: 20212
Country: US

NetRange: 146.142.0.0 - 146.142.255.255
CIDR: 146.142.0.0/16
NetName: BLS
NetHandle: NET-146-142-0-0-1
Parent: NET-146-0-0-0-0
NetType: Direct Assignment
NameServer: DCGATE.BLS.GOV
NameServer: AUTH111.NS.UU.NET
Comment:
RegDate: 1991-02-13
Updated: 2002-07-01

TechHandle: PB974-ARIN
TechName: Blahusch, Paul
TechPhone: +1-202-691-7561
TechEmail: (e-mail address removed)

......easy

Ken (not an MVP)
 
On Tue, 21 Oct 2003, Erik Cominolli wrote in
Over the past week, I've been getting thousands of emails
claiming to be from microsoft telling me that there is a
patch attached to this email. I know this isn't true and
someone has a virus but how do I track them down? The
email headers are coming from dozens of places. Should I
just shut down my email account and start over or is
there a way to fix this. These are like 116kb attachments
and my pc is geting quite bogged down. I have 4678 of
them right now. I called Verio, who hosts my email server
and they said they can show me the email server that the
mail came from but that's it. How do I stop this madness?
Click to expand...

These emails are coming from one or more computers that have your email
address and are infected with the Swen virus . The attachments _are_ the
virus.

http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
l

Some ISPs, like mine, remove the attachment but that still leaves a lot
of rubbish email to be downloaded so the answer is not to download it.
Most ISPs use POP3 for email delivery where the emails are stored in
your mailbox on the ISPs mail server and your email software initiates
download to your computer. The MailWasher app that's been mentioned sits
between you and the ISPs mail server and displays all the email (subject
lines) waiting for you so you can manually delete the rubbish and then
only download the genuine email. I found scanning and deleting a lot of
emails every time I wanted to collect mail rather tedious so I use a
different strategy as follows:

1. Most of the Swen mailings have the word 'SUBJECT' in the header
rather than the normal 'Subject' so setting my email reader to reject on
SUBJECT automatically removes more than 95% plus of the Swen email and
it's now a minor chore to delete the few that get downloaded.

2. I reject on email that isn't addressed to me. Don't ask :-)
apparently the intricacies of email headers is such that you can get
email that doesn't appear to be openly addressed to you.

By 'reject' I mean that my email software checks the email headers while
they are still on the ISPs server and then deletes them if they don't
pass the checks.

Of course, you have to have a proper email/news reader. Most people use
the horrible Outlook Express - otherwise known as Outlook Distress, or
the Virus Vector. I suggest you evaluate other email/newsreader
applications.
 
Just delete them, they really can't be tracked back by you
and they have zero value content.
There is nothing you can learn besides what you know, they
are not from MS, they do have a virus and they are sent by
an automated Trojan.
Just delete all 4678+


| On Tue, 21 Oct 2003, Erik Cominolli wrote in
| <<[email protected]>>
|
| >Over the past week, I've been getting thousands of emails
| >claiming to be from microsoft telling me that there is a
| >patch attached to this email. I know this isn't true and
| >someone has a virus but how do I track them down? The
| >email headers are coming from dozens of places. Should I
| >just shut down my email account and start over or is
| >there a way to fix this. These are like 116kb attachments
| >and my pc is geting quite bogged down. I have 4678 of
| >them right now. I called Verio, who hosts my email server
| >and they said they can show me the email server that the
| >mail came from but that's it. How do I stop this madness?
|
| These emails are coming from one or more computers that
have your email
| address and are infected with the Swen virus . The
attachments _are_ the
| virus.
|
|
http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen
|
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
| l
|
| Some ISPs, like mine, remove the attachment but that still
leaves a lot
| of rubbish email to be downloaded so the answer is not to
download it.
| Most ISPs use POP3 for email delivery where the emails are
stored in
| your mailbox on the ISPs mail server and your email
software initiates
| download to your computer. The MailWasher app that's been
mentioned sits
| between you and the ISPs mail server and displays all the
email (subject
| lines) waiting for you so you can manually delete the
rubbish and then
| only download the genuine email. I found scanning and
deleting a lot of
| emails every time I wanted to collect mail rather tedious
so I use a
| different strategy as follows:
|
| 1. Most of the Swen mailings have the word 'SUBJECT' in
the header
| rather than the normal 'Subject' so setting my email
reader to reject on
| SUBJECT automatically removes more than 95% plus of the
Swen email and
| it's now a minor chore to delete the few that get
downloaded.
|
| 2. I reject on email that isn't addressed to me. Don't ask
:-)
| apparently the intricacies of email headers is such that
you can get
| email that doesn't appear to be openly addressed to you.
|
| By 'reject' I mean that my email software checks the email
headers while
| they are still on the ISPs server and then deletes them if
they don't
| pass the checks.
|
| Of course, you have to have a proper email/news reader.
Most people use
| the horrible Outlook Express - otherwise known as Outlook
Distress, or
| the Virus Vector. I suggest you evaluate other
email/newsreader
| applications.
|
| --
| Richard Mason
 
On Wed, 22 Oct 2003, Jim Macklin wrote in
Just delete them, they really can't be tracked back by you and they
have zero value content. There is nothing you can learn besides what
you know, they are not from MS, they do have a virus and they are sent
by
an automated Trojan.
Just delete all 4678+
Click to expand...

There you are. Outlook Distress has struck again and followed up to me
rather than the OP :-)
 
Some people are very touchy, replies are intended to the
thread and for the benefit of all readers who seek an
answer. If it doesn't apply to you don't consider a reply
to be an assault on your macho image.


| On Wed, 22 Oct 2003, Jim Macklin wrote in
| <<eL#[email protected]>>
|
| >Just delete them, they really can't be tracked back by
you and they
| >have zero value content. There is nothing you can learn
besides what
| >you know, they are not from MS, they do have a virus and
they are sent
| >by
| >an automated Trojan.
| >Just delete all 4678+
|
| There you are. Outlook Distress has struck again and
followed up to me
| rather than the OP :-)
|
| --
| Richard Mason
 
On Wed, 22 Oct 2003, Jim Macklin wrote in
Some people are very touchy, replies are intended to the thread and for
the benefit of all readers who seek an answer. If it doesn't apply to
you don't consider a reply to be an assault on your macho image.
Click to expand...

I fear a sense of humour has passed you by :-)
 
Ken, Tim is correct, mass mailing worms and viruses DO forge headers and
the headers are what contain the ip address and routing information to
which you refer. They also have their own SMTP engine so the need for
going through an ISP's SMTP system is elininated.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft email attachment 1
email attachments 5
AOL email scam 2
Why does Outlook Express hide attachments from one Sender 5
Thunderbird problem 1
Email Attachments 7
Attach opening in OLE 1
In search of a new Obelisk 6

Back
Top