Virus flood.

[Adam A. Wanderer]

Someone or some group is _spewing_ out hundreds of virus spams in my
direction every hour or so. The virus is so wicked Norton AV didn't catch
it till I added a "beta patch" to the definitions. Is anyone else having
this trouble? The vast bulk of these virus e-mailings are _not_ from
infected computers! They're the "original source". Someone is using
spamming hardware to spew our virus attachments. This virus is so bad, my
Norton AV missed it! I sent Norton a sample and they sent me a "beta
patch". After that, my AV caught it just fine. This is one "wicked" virus
program. Hope they catch the little SOBs.

 

[Claire]

Someone or some group is _spewing_ out hundreds of virus spams in my
direction every hour or so. The virus is so wicked Norton AV didn't catch
it till I added a "beta patch" to the definitions. Is anyone else having
this trouble? The vast bulk of these virus e-mailings are _not_ from
infected computers! They're the "original source". Someone is using
spamming hardware to spew our virus attachments. This virus is so bad, my
Norton AV missed it! I sent Norton a sample and they sent me a "beta
patch". After that, my AV caught it just fine. This is one "wicked" virus
program. Hope they catch the little SOBs.

If theyre from Original Source then theyre probably traceable.
If they're traceable then they're probably coming from some very dumbass
people or deliberately from one or more people who feel very safe from
US/European policing.

 

[Jeffrey A. Setaro]

Someone or some group is _spewing_ out hundreds of virus spams in my
direction every hour or so.

Welcome to the club.

The virus is so wicked Norton AV didn't catch
it till I added a "beta patch" to the definitions. Is anyone else having
this trouble?

With NAV or W32/Swen.A@mm?

The vast bulk of these virus e-mailings are _not_ from
infected computers! They're the "original source". Someone is using
spamming hardware to spew our virus attachments. This virus is so bad, my
Norton AV missed it!

Not surprising... This is a new virus. Anti-virus software is by its very
nature reactionary and can only "protect" against what it already knows.
Relying on anti-virus software to protect you from viruses is a little
like hiring Willie Sutton to guard a bank. . . it looks good on the
surface but in reality all it does is offer a false sense of security.

That's not to say you shouldn't use anti-virus software. Anti-virus
software should be a part of your overall defense strategy, but it
should not be a replacement for the zealous practice of Safe Hex."

Take a look <http://www.claymania.com/safe-hex.html> &

I sent Norton a sample and they sent me a "beta
patch". After that, my AV caught it just fine. This is one "wicked" virus
program. Hope they catch the little SOBs.

They won't. :-(

--
Cheers-

Jeff Setaro
(e-mail address removed)
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Claire]

like hiring Willie Sutton to guard a bank. . . it looks good on the
surface but in reality all it does is offer a false sense of security.

Who's Willie Sutton?

 

[Jeffrey A. Setaro]

Willie Sutton

Willie Sutton was a bank robber. See
<www.fbi.gov/libref/historic/famcases/sutton/sutton.htm> for more.

--
Cheers-

Jeff Setaro
(e-mail address removed)
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[hop-head]

I just started getting hit with this overnite, my 1am automatic scan
found 3 copies, since then I've gotten at least half a dozen more.

 

[Troy]

Welcome to the club.




With NAV or W32/Swen.A@mm?




Not surprising... This is a new virus. Anti-virus software is by its very
nature reactionary and can only "protect" against what it already knows.
Relying on anti-virus software to protect you from viruses is a little
like hiring Willie Sutton to guard a bank. . . it looks good on the
surface but in reality all it does is offer a false sense of security.

That's not to say you shouldn't use anti-virus software. Anti-virus
software should be a part of your overall defense strategy, but it
should not be a replacement for the zealous practice of Safe Hex."

Take a look <http://www.claymania.com/safe-hex.html> &
<http://www.claymania.com/prevent.html> for a good primer on virus
prevention and Safe Hex.




They won't. :-(

500+ copys so far and counting...

Cheers

Troy

 

[Claire]

Thanks Jeff

 

[Trev]

12? Only? Lucky 'bastard' (no offense intended) ... 500> and counting ...

382 this morning and virus vault is asking for its own drive

 

[W.S. Blevins]

12? Only? Lucky 'bastard' (no offense intended) ... 500> and counting ...

One woul dthink that eventually in the days to come it will taper off
as people get their systems disinfected. I guess we'll see.

I average no less than about 800-1000 in the course of a day.

 

[John MArtin]

If theyre from Original Source then theyre probably traceable.
If they're traceable then they're probably coming from some very dumbass
people or deliberately from one or more people who feel very safe from
US/European policing.

Looks like they are tracable, but they are coming from all over the
world. They Virus is running a counter, when they Website went down
it was more than 1.500.000 infected PCs.
What worries me, is that prbably the next worm will try to beat this
number.

cheers Nigel

 

[Joep]

same here ...

 

[Joep]

12? Only? Lucky 'bastard' (no offense intended) ... 500> and counting ...

 

[FromTheRafters]

The vast bulk of these virus e-mailings are _not_ from
infected computers! They're the "original source". Someone is using
spamming hardware to spew our virus attachments.

How do you arrive at this conclusion?

I don't doubt that many recent worms are unleashed by
spamming methods, but wonder how you conclude this
with whatever facts you have at your disposal.

 

[YoKenny]

How do you arrive at this conclusion?

I don't doubt that many recent worms are unleashed by
spamming methods, but wonder how you conclude this
with whatever facts you have at your disposal.

One example is in news://msnews.microsoft.com/microsoft.public.netiquete in
the topic "Use critical package" that is cross posted to several newsgroups
there. The virus uses SMTP not NNTP. If it did then there would be many
of theses posted in many other newsgroups.

Interesting:
NNTP-Posting-Host: a11099.upc-a.chello.nl 62.163.11.99

 

[pennysworth]

I can tell you that while I have been bombed big time by this virus I have been getting it in dribs
and drabs for well over a year--to the same web-based email account, BTW.

 

[FromTheRafters]

I can tell you that while I have been bombed big time by this virus I have been getting it in dribs
and drabs for well over a year--to the same web-based email account, BTW.

Well *this* one is new.

I could see the OP concluding that the e-mails being received
were not generated by an infested computer if, in fact, they
were not coming in pairs. But aside from that, I don't see how
one can conclude that they are being sent from an "uninfected"
source.

Many people make the claim that any particular malware they
receive was sent to them puposefully, maybe a persecution
complex, but I just can't see how they can actually determine
this for a fact. This worm provides an interesting opportunity
to sort the automated replication sends from the distribution
spamming sends because of the pairing.

 

[FromTheRafters]

One example is in news://msnews.microsoft.com/microsoft.public.netiquete in
the topic "Use critical package" that is cross posted to several newsgroups
there. The virus uses SMTP not NNTP. If it did then there would be many
of theses posted in many other newsgroups.

Interesting:
NNTP-Posting-Host: a11099.upc-a.chello.nl 62.163.11.99

I couldn't retrieve that article, but I have since been given to believe
that it does indeed use usenet for spreading (posting) and the servers
for harvesting addresses.

If so,..at least it is doing something original.