

Posted: 5/29/2002 5:47:08 PM EDT
Any other team members been getting a virus mailed to them? I have been getting one a week,WTH is going on?Thanks god the server catches it!
|
|
I wonder if its an Anti-gunner trying to stur up trouble,
Wrong crowd to start a fuss with IMHO[(:)] |
|
No just the klez virus-I get about 4 a day-from the headers it looks like "lindan," or something like that, with an adelphi.net account is the latest infected account, I've gotten at least 3 from her/him in the past 2 days.
Here is one of them----- To: [email protected] via web14405.mail.yahoo.com; 28 May 2002 16:14:31 -0700 (PDT) Return-Path: Received: from smtprelay6.dc2.adelphia.net (64.8.50.38) by mta552.mail.yahoo.com with SMTP; 28 May 2002 16:14:29 -0700 (PDT) Received: from Fdhgkwza ([24.51.124.245]) by smtprelay6.dc2.adelphia.net (Netscape Messaging Server 4.15 smtprelay6 Dec 7 2001 09:58:59) with SMTP id GWUGJ600.NUT for From: "ARlady" To: [email protected] Subject: Eager to see you ________________________- Hopefully I'm not revealing anything here I shouldn't-anyway I e-mailed the person with this account and adelphia.net |
|
yeah, i've been getting 3 or 4 a week, they are all attachments and all different viruses, WTF??????????????????
|
|
It's the Klez virus. It fakes the return email, and finds emails from your browser cache
Do a web search and learn more. -Troy |
|
Just deleted it.. The subject was "Magazines" interestingly enough.. ("BAT" file in an Email? I don't think so..)
Same adelphi addy that aimless mentioned.. Meplat- |
|
troy, is there any way we can find where it came from on the site???
does this sound like an intentional thing? |
|
Hey! I finally got one from AR15. I am so jazzed.
From: [email protected] Subject: Complaints Virus: Suspicious I frame. I get this about 3 times a week from other places, but now I finally feel like one of the in crowd. Yahoo. |
|
I get 2-4 a day spoofed from the site. Latest was ten minutes ago "from" Cyrax777. Yes, yes I know he didn't send it. But something's amiss to get so many from this site and no other addresses.
|
|
While we are on the subject,I just got hammered HARD by one called Benjamin.
Its going around the file sharing circuit. Its supposed to be on Kazaa, but IMesh is loaded down with it now. You guys watch out! |
|
I just got a suspicious E-mail from "[email protected]," subject "Information." I opened the E-mail (dumbass that I am), and there was---nothing. I deleted the mail, but have I accidently infected my computer just by opening the mail?
|
|
Been getting three to four a day sent to my ICQ email account , earlier ones said they were from cyrax777 . Now I'm getting them from all over the place .
|
|
Me too.. Even I could have written a better piece of shit virus than the fag that wrote this one. Anyone want his server IP and his balls in a sack ? His codes suck!!!!!!!!!!!!
|
|
Quoted: troy, is there any way we can find where it came from on the site??? does this sound like an intentional thing? View Quote The person who is infected doesn't even have to be a member here. If they've browsed the site, any emails imbedded in any of the HTML for the web pages will be in their browser's cache, and Klez will go there (as well as in their Outlook address book) and grab all the email addresses. It will use one as the return address, and send the virus, with a randomly selected subject from the browser cache, to everyone on the list. So to figure out where it REALLY comes from, you have to be able to see ALL of the headers on your email. Then you've got to get that person to clean up their system. -Troy |
|
Here we go, entered U.S via Cupertino,CA 95014 from Taiwan, then did a reverse NODE NAME to an address 195.c210-58-184 checking IP now.
|
|
Just put one in quarantine. Take that you nasty klez virus!!!!
|
|
I get a sender "postmaster" that is constantly sending me "mail undeliverable re: HKishamo." It is really freakin' irritating. Do have the virus and am just getting a blocked address? Since I've never opened an email that has anything in it (although they say the message is like 100+ K, the page is just blank other than the address and the mail subject) I don't think I have the virus.
|
|
First, if you aren't running an antivirus program, you probably should receive 40 lashes. Install Norton AV 2002 immediately!
But, for those of you cheap bastards who refuse to be responsible for your machine, at LEAST go here and get the FREE Klez cleaner: [url]securityresponse.symantec.com[/url] -Troy |
|
From russia with love (ites;ro=3;rc=2000;pn=;to=;2009;po) This is the fag who started the trouble!!!!!!!!!!!!!!!Some one was lookig for Warez programs in Kalifornia at a Russian site and Bingo infected us all. I will find the user next.
|
|
This is REALLY going to take a while. Reversing DNS #s 167,485,285
|
|
oh thank god it was the cache that had my e-mail in it im not even a team member so if it said @ar15.com or was it @hotmail? just ran macafee says im clean thank god
|
|
Quoted: It's the Klez virus. It fakes the return email, and finds emails from your browser cache Do a web search and learn more. -Troy View Quote That's what I figured cuz I had it show up in my box from [b]YOU[/b]!!!! [:D] My firewall and Hotmail's antivirus software just delete the attachment anyway. |
|
Now im getting this crap sent to my AOL addy. I pay 30 bucks a month for aol and yet the AOL timewarner bastards cant have anykind of virus scan for my aol mail? AT least Ar15.com has that!
|
|
IS this being targetet at AR15com users or just coincidence? Im not a member but it seems kind of odd that so many of us are getting hit like this.
Is this doen by a bot or is someone handpicing members? What a little toad. Could it even be a black op by the gun grabbers? I think I hear helos outside! Seriously, I have NEVER had one before and this level of infestation seems kind of odd. Hell I dont even get much spam. |
|
I just got one for someone named hank. I have noticed that this virus changes the subject line and they are between 120kb to 135kb. Again, I am thankful that hotmail gets to it before I ever opened them.
|
|
Quoted: IS this being targetet at AR15com users or just coincidence? Im not a member but it seems kind of odd that so many of us are getting hit like this. Is this doen by a bot or is someone handpicing members? What a little toad. Could it even be a black op by the gun grabbers? I think I hear helos outside! Seriously, I have NEVER had one before and this level of infestation seems kind of odd. Hell I dont even get much spam. View Quote No, it's not an anti-gun plot. All it took was ONE member here to have gotten it. Once that happens, it starts getting spread. The one member could have gotten it from anywhere. Once it starts to spread, all the people with no anti-virus software that run the attachment get infected, and THEY start sending it out. Klez is just particularly nasty. Most of the other email viruses just search the Windows Address Book (Outlook Express address book) and use it. This one (Klez) searches all local files for email addresses, and gloms them all up. It then sends itself to whatever email addresses it has found. Just update your virus defs, and you'll be fine. -Gloftoe |
|
Yeh Dark I got one from [email protected]/com this morning,Norton nuked the message but still had header from troy.
I knew it wasn't really from troy,so double nuked it just to make sure. Stop This Now Troy, Bob [:D} |
|
I'm gettin' 1-4 a day.
Several with AR15 users names. So far anti virus has gotten them. If I get an email with no text in the message I delete them. Today I got one with some text"Sophos" or something like that,but deleted it anyway. I still think there is a good chance its anti gunners,but who knows. It seems to be running rampent. One thing a Bro told me is to set up your first address in your'addresses' is with a phoney addy. I used [email protected] aol.com. Then figuring maybe these guys would get smart I ran another fake using [email protected] He told me if the worm or virus doesn't get through on your first address it dies and can't infect any others on your address list. Hope this makes sense and also hope its true. |
|
[red][b]Yup definitly the "Klez" I just got this one a few minutes ago!:[/b][/red]
Prev | Next | Reply | Reply All | Forward | Delete | Print | Move to folder...MiscSalesSentTopic Files From: "System Administrator " To: CC: Date: Fri, 31 May 2002 20:00:35 -0400 Subject: WARNING: YOU WERE SENT A VIRUS -------------------------------------------------------------------------------- We Saved You Again !! ****************************************************************** The Anti-Virus software on AR15.com has reported that you were sent a virus from [email protected], with the subject "Information". The E-mail containing the virus has been quarantined to prevent further damage. ****************************************************************** Virus Name: : W32/[email protected] Attachment: Unknown File Message ID: <[email protected]> Number of Recipients: 1 Queue Name: D0ea109f402a84729.SMD Hostname of Sender: adelphia.net (c) 2002 WEB-Comm Technologies Corp. http://www.web-comm.com [email protected] (c) 2002 Network Security Group Inc. http://www.NetworkSecurityGroup.com |
|
As of today the [email protected] virus accounts to 17% of all the viruses reported to Symantec in the past 24hrs. It has been updated by McAfee to a Medium Risk Virus. Here are it's aliases W32/[email protected] (Norman), W32/[email protected], W32/Klez.I (Panda), W32/Klez.K-mm, WORM_KLEZ.G (Trend). BTW this virus has been known since 4/17/02. W32/[email protected] makes use of Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2).We need to update, goto windows update and check for updates,.
I will check to see if there are any other updates available. |
|
I have been getting 4 or 5 a week and apparently my computer is sending them out too, as I got a couple of 'undeliverable' e-mails where it apparently attempted to send to some ar15.com members. I thought Norton was quarantining this virus as I got each one, but somehow it got in anyway. I am going to run a scan tonight.
|
|
I'm getting something like 4-5 a day from this same [email protected] I even wasted my time e-mailing her/him and the host. Oh well Yahoo and the AR server catch it, at least I'm getting some mail...
|
|
Quoted: First, if you aren't running an antivirus program, you probably should receive 40 lashes. Install Norton AV 2002 immediately! But, for those of you cheap bastards who refuse to be responsible for your machine, at LEAST go here and get the FREE Klez cleaner: [url]securityresponse.symantec.com[/url] -Troy View Quote They both say I'm clean. Is this a really stealth virus? |
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2022 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.