Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 4/25/2002 3:23:25 PM EDT
from "wa3key"...with topic headers such as "begging part 2" or "begiining and end"? they may also show up as coming from other folks..but a properties check tracks back to "wa3key". hell, i even got onr fron the ak-47admin entitled "let's be friends"!!! now, if THAT isn't a tip-off that something is rotten in denmark, i don't know what is! over the past 3-4 weeks, i must have received over 100 of the "wa3key" emails with dozens of different titles. anyone else getting this crap? is it related to the klez virus. so far, udated scans show my box as not being infected...but how do you block this kind of thing?
Link Posted: 4/25/2002 3:26:30 PM EDT
Bob, (And everyone else) Do not download anything supposedly sent by me. I have just been told that some of the virus e-mails are sliding in using my MyNRA address.... Scott
Link Posted: 4/25/2002 3:37:26 PM EDT
dsh, i read the post in which your box was infected..sorry to hear. last summer, i got the w32sircam virus and suffered a meltdown...but not before jewbroni's puter got a tainted email from me (and lord knows who else! good luck! norton and macaffee say i'm clean...i'm just wondering if this wa3key shit is harmless, an aimed attack on my box or just another generic hacker at work.
Link Posted: 4/25/2002 3:41:45 PM EDT
I need to get a virus scan program. Especially since I am on cable modem now... I wonder if this could be what knocked my cable connection out. Scott
Link Posted: 4/25/2002 3:43:47 PM EDT
I know on AOL, we often get e-mail when we are in a chat room that is supposedly from someone in the room, but the address has "@aol.com" on the end, so it is NOT from AOL... What is odd, is the jerk stole my MyNRA apparently, because I got a "reply" from Mike (Beekeeper) Scott
Link Posted: 4/25/2002 4:25:41 PM EDT
here is another "wa3key" mail i just rec'd. wtf?!?! it is from "postmaster" The following mail can't be sent to wa3key@fast.net: From: campybob@voyager.net To: wa3key@fast.net Subject: japanese lass' sexy pictures The attachment is the original mail here are the "properties"... Received: by pop7.mx.voyager.net (mbox campybob@voyager.net) (with voyager.net's vgrpop Thu, 25 Apr 2002 19:44:57) Received: from rly-ip02.mx.aol.com (rly-ip02.mx.aol.com [152.163.225.160]) by mx5.mx.voyager.net (8.11.6/8.10.2) with ESMTP id g3P37j305651 for ; Wed, 24 Apr 2002 23:07:45 -0400 (EDT) Received: from logs-ti.proxy.aol.com (logs-ti.proxy.aol.com [152.163.194.135]) by rly-ip02.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0) with ESMTP id UAB10558 for ; Wed, 24 Apr 2002 20:56:51 -0400 (EDT) Received: from Bclnccygw (AC901075.ipt.aol.com [172.144.16.117]) by logs-ti.proxy.aol.com (8.10.0/8.10.0) with SMTP id g3ONghh250536 for ; Wed, 24 Apr 2002 19:42:44 -0400 (EDT) Date: Wed, 24 Apr 2002 19:42:44 -0400 (EDT) Message-Id: <200204242342.g3ONghh250536@logs-ti.proxy.aol.com> From: postmaster To: campybob@voyager.net Subject: Undeliverable mail--"japanese lass' sexy pictures" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=S54901w83cao4W0z80Y3712b5KVor7c X-Apparently-From: JRodri9847@aol.com Status: U
Link Posted: 4/25/2002 4:28:04 PM EDT
Originally Posted By DScottHewitt: I need to get a virus scan program. Especially since I am on cable modem now... I wonder if this could be what knocked my cable connection out. Scott
View Quote
You need to be sure you have some type of firewall hardware or software as well. If you're on broadband without a firewall, they can walk right in. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img]
Link Posted: 4/25/2002 4:59:02 PM EDT
Has nobody else noticed anything? I got what looked to be an auto-letter from AR15.com that said I may have been infected with something... I know nothing about this stuff, but I scanned with mcaffe and found nothing. Shortly before I recieved that mail I got one from Satcong@AR15.com and Green18@AR15.com, as well as one from someone on the FalFiles. They all had attachments, but were just empty emails. I deleted them, but because I know those screen names, I was tempted to open the attachments. No one else has gotten anything like this?
Link Posted: 4/25/2002 5:02:52 PM EDT
Gunbert - I got the e-mail from AR15.com last night too about the possible virus infecting my system. I just deleted it so I don't know the details. All I know is that since yesterday, I've been getting inundated by spam e-mails. I haven't opened any but I've never been spammed like this before. Is anybody else experiencing this?
Link Posted: 4/25/2002 5:03:52 PM EDT
Over the past 3 days I have probably gotten 8-10 infected emails. I wish I could get my hands on the little bastard that is sending them...
Link Posted: 4/25/2002 5:06:39 PM EDT
Link Posted: 4/25/2002 5:09:35 PM EDT
My guess is that it is no accident that these mails are being sent to AR15.com members, and are supposedly from AR15.com members. The method involves "spoofing" through an open mail relay. It is possible to make an email appear from anyone, even if no such E-mail address exists. My hunch is that this is intentionally directed at gun owners that have their E-mail addresses on the web. I'm betting it is a semi-computer-literate anti-gun wannabe-hacker. [(:|)]
Link Posted: 4/25/2002 5:31:22 PM EDT
Link Posted: 4/25/2002 5:38:50 PM EDT
Originally Posted By thebeekeeper1: Um, not to sound like I would follow up by carving his freaking heart out, but is there a way to track this to its source? [pissed]
View Quote
Not likely. You'd have to analyze the mail headers for the sender's IP address, and if he's using an open relay server, the chances are 50/50 that there will be the IP address of the sender included in the header. To make matters worse, the offender could be going through proxy servers before connecting to the relay. So tracking this lamer would be unlikely. The best thing to do is just delete the stuff, and get a good virus scanner. [(:|)]
Link Posted: 4/25/2002 6:12:16 PM EDT
[Last Edit: 4/25/2002 6:14:21 PM EDT by AZCOP]
I don't think this is directed at ar15.com members specificly. These viruses are designed to get into people's email address books, and simply send the virus to everyone in the address book when ever you send out an email. All it takes is one email, and everyone in the book gets sent the virus email. More than likely, these people don't even know their computer/address book are infected until they get an email from someone unlucky enough to have recieved the virus, but was lucky enough to have good anti-virus software. These are the people who wait until disaster strikes (a virus or worm that really screws up their computer) before they go get Norton. Not intended to offend anyone: It's just what I see from experence when people call the 800 Jay Tech Support line. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img] edited to add, I've been getting hammered by klez, but Norton Anti Virus is saving my ass !!!
Link Posted: 4/25/2002 6:23:59 PM EDT
[Last Edit: 4/25/2002 6:30:43 PM EDT by Aimless]
Link Posted: 4/25/2002 6:32:19 PM EDT
Link Posted: 4/25/2002 7:27:26 PM EDT
[Last Edit: 4/25/2002 7:34:59 PM EDT by Aimless]
Link Posted: 4/25/2002 7:30:03 PM EDT
Originally Posted By AZCOP:
Originally Posted By DScottHewitt: I need to get a virus scan program. Especially since I am on cable modem now... I wonder if this could be what knocked my cable connection out. Scott
View Quote
You need to be sure you have some type of firewall hardware or software as well. If you're on broadband without a firewall, they can walk right in. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img]
View Quote
Windoze XP has a built-in firewall. Anyone know how I turn it on? Scott
Link Posted: 4/25/2002 7:31:37 PM EDT
[Last Edit: 4/25/2002 7:38:24 PM EDT by Aimless]
Link Posted: 4/25/2002 7:44:43 PM EDT
well, as reported, i received one of the tainted emails "from" beekeeper. ar15.com mail caught it though, so i'm safe, right? also, [b]Aimless[/b], i noticed that my updates, well...aren't and that my "subscription" to them has expired. can i just pay to renew and start up again from this point? (using Norton if you need to know). i generally don't worry about these things cuz i just delete emails from addys i don't recognize, but this is kinda freakin' me out. i hate sleazeballs that do this!!!!!!!!
Link Posted: 4/25/2002 7:53:27 PM EDT
Link Posted: 4/25/2002 7:54:26 PM EDT
Gunbert, I am truly sorry if my computer has been infected with a virus -- had oour Lan Nazi check out my computer at work today and he is pretty good, if he finds anything will let me know tommorrow....I haven't used the computer at home for two weeks because we moved into the new house...I dont think the home laptop is infected, but he will check that one for me tommorrow.... My wife knows nothing about attachments and everytime I try to educate her, she looks at me like a highschool girl who doesn't care about anything you say....all she wants to do is send her emails. I tried. Hope I am not infecting anyone. I have Norton CORP edition at home!
Link Posted: 4/25/2002 8:05:40 PM EDT
Link Posted: 4/25/2002 8:08:43 PM EDT
Link Posted: 4/25/2002 8:11:50 PM EDT
Link Posted: 4/25/2002 8:24:19 PM EDT
I got one from "webmaster@snipercountry.com" with subject "comp order" WTF, over?
Link Posted: 4/26/2002 12:00:22 AM EDT
Link Posted: 4/26/2002 12:53:25 AM EDT
Originally Posted By Aimless:
Originally Posted By 10112002: also, [b]Aimless[/b], i noticed that my updates, well...aren't and that my "subscription" to them has expired. can i just pay to renew and start up again from this point? (using Norton if you need to know).
View Quote
To be honest, I'm not sure-I seem to remember having one of the office computers coming up with a message that the norton anti-virus on that computer had expired and there was a fee to continue to get the updates. I think after awhile the "Live Updates" will give you a message that the virus definitions won't be updated anymore without paying a fee, I think if you hit "live update" it'll run you through how to update-or you can buy the latest edition of anti-virus and I think you get a year free-but I REALLY know next to nothing about this stuff-just enough to be dangerous maybe this will help? [url=]http://www.symantec.com/techsupp/subscribe[/url] and Symatec's main page has a warning about this klez worm virus- [url=]http://www.symantec.com[/url]
View Quote
when my norton 2000 expired and I tried to renew it, they told me it would be better to upgrade to 2002 version instead of just getting updates. Price difference was a bit more but I do like the new version better. "Windoze XP has a built-in firewall. Anyone know how I turn it on?" Go to control panel---network connection---broadband connection icon---right click on properties---advanced tab----internet firewall box on top.
Link Posted: 4/26/2002 1:11:37 AM EDT
Lots of guys at Sniper Country are getting this crap sent to them too, a couple hogs got infected. Most of my friends and acquiantences are non-shooters, none of them are having problems.
Link Posted: 4/26/2002 1:17:14 AM EDT
Used this site to clear my puter today after receiving a worm: [url]http://housecall.antivirus.com/[/url] worked great
Link Posted: 4/26/2002 2:11:21 AM EDT
[Last Edit: 4/26/2002 2:12:41 AM EDT by mr_wilson]
[b]Received this e-mail worm virus yesterday morning and this is the response from our IT dept. today, (believe this is worm Goatboy has referred to)[/b]. Everyone: If you get an e-mail message that looks like the message below, do NOT open any attachments that may be with it and do NOT click on the link in the message. The link in the message is in the last sentence where it says "[b]mail to me[/b]". That part is underlined as if to click on the link to e-mail the person back indicating your interest. What this link actually does is generate a virus that sends itself to everyone in your address book and can do some nasty things to files on your local machine as well as on the network. Please be aware of this message and simply delete it if you receive it. As always, please contact one of the IT Department guys if you receive a questionable e-mail and/or attachment of if you have any questions. It's always better to be safe than sorry. We appreciate your cooperation. Regards, IT Department [b]THIS IS ACTUAL MESSAGE RECEIVED[/b] -----Original Message----- From: tomeslick [mailto:tomeslick@msn.com] Sent: Thursday, April 25, 2002 3:51 AM Subject: Worm Klez.E immunity Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,[b]please mail to me[/b]. Mike
Link Posted: 4/26/2002 4:20:29 AM EDT
Download this program and run it to clean up the virus: [url]http://securityresponse.symantec.com/avcenter/FixKlez.com[/url] I got hosed with it. What the virus does is find subjects in your emails and uses those as the subjects to those its emailing. For example, if Joe emails Dan with the subject "That SP-1 for $900", the virus would use that when sending itself out, so 50 billion people would get an email titled "That SP-1 for $900". Dont open any emails with attachments for a while. Kharn
Link Posted: 4/26/2002 5:02:40 AM EDT
kharn. i scanned, here at work, and came up clean. i'll do the same thing at home tonight, using your link. i was not aware the klez had an "anti-anti-virus" mode. perhaps that's why macaffee did not pick it up it my 3 previous scans. thanks.
Link Posted: 4/26/2002 5:08:32 AM EDT
Link Posted: 4/26/2002 5:12:27 AM EDT
Originally Posted By CAMPYBOB: kharn. i scanned, here at work, and came up clean. i'll do the same thing at home tonight, using your link. i was not aware the klez had an "anti-anti-virus" mode. perhaps that's why macaffee did not pick it up it my 3 previous scans. thanks.
View Quote
I forgot as well: If your definitions were not updated with the klez virus information, not only might it have gotten on your computer, it might have screwed up your anti virus software. People say klez started in Japan: This smells like to me like ChiCom crap. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img]
Top Top