User Panel
Posted: 4/25/2002 3:23:25 PM EDT
from "wa3key"...with topic headers such as "begging part 2" or "begiining and end"?
they may also show up as coming from other folks..but a properties check tracks back to "wa3key". hell, i even got onr fron the ak-47admin entitled "let's be friends"!!! now, if THAT isn't a tip-off that something is rotten in denmark, i don't know what is! over the past 3-4 weeks, i must have received over 100 of the "wa3key" emails with dozens of different titles. anyone else getting this crap? is it related to the klez virus. so far, udated scans show my box as not being infected...but how do you block this kind of thing? |
|
Bob,
(And everyone else) Do not download anything supposedly sent by me. I have just been told that some of the virus e-mails are sliding in using my MyNRA address.... Scott |
|
dsh, i read the post in which your box was infected..sorry to hear.
last summer, i got the w32sircam virus and suffered a meltdown...but not before jewbroni's puter got a tainted email from me (and lord knows who else! good luck! norton and macaffee say i'm clean...i'm just wondering if this wa3key shit is harmless, an aimed attack on my box or just another generic hacker at work. |
|
I need to get a virus scan program. Especially since I am on cable modem now...
I wonder if this could be what knocked my cable connection out. Scott |
|
I know on AOL, we often get e-mail when we are in a chat room that is supposedly from someone in the room, but the address has "@aol.com" on the end, so it is NOT from AOL...
What is odd, is the jerk stole my MyNRA apparently, because I got a "reply" from Mike (Beekeeper) Scott |
|
here is another "wa3key" mail i just rec'd.
wtf?!?! it is from "postmaster" The following mail can't be sent to [email protected]: From: [email protected] To: [email protected] Subject: japanese lass' sexy pictures The attachment is the original mail here are the "properties"... Received: by pop7.mx.voyager.net (mbox [email protected]) (with voyager.net's vgrpop Thu, 25 Apr 2002 19:44:57) Received: from rly-ip02.mx.aol.com (rly-ip02.mx.aol.com [152.163.225.160]) by mx5.mx.voyager.net (8.11.6/8.10.2) with ESMTP id g3P37j305651 for Received: from logs-ti.proxy.aol.com (logs-ti.proxy.aol.com [152.163.194.135]) by rly-ip02.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0) with ESMTP id UAB10558 for Wed, 24 Apr 2002 20:56:51 -0400 (EDT) Received: from Bclnccygw (AC901075.ipt.aol.com [172.144.16.117]) by logs-ti.proxy.aol.com (8.10.0/8.10.0) with SMTP id g3ONghh250536 for Date: Wed, 24 Apr 2002 19:42:44 -0400 (EDT) Message-Id: <[email protected]> From: postmaster To: [email protected] Subject: Undeliverable mail--"japanese lass' sexy pictures" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=S54901w83cao4W0z80Y3712b5KVor7c X-Apparently-From: [email protected] Status: U |
|
Quoted: I need to get a virus scan program. Especially since I am on cable modem now... I wonder if this could be what knocked my cable connection out. Scott View Quote You need to be sure you have some type of firewall hardware or software as well. If you're on broadband without a firewall, they can walk right in. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img] |
|
Has nobody else noticed anything? I got what looked to be an auto-letter from AR15.com that said I may have been infected with something... I know nothing about this stuff, but I scanned with mcaffe and found nothing. Shortly before I recieved that mail I got one from [email protected] and [email protected], as well as one from someone on the FalFiles. They all had attachments, but were just empty emails. I deleted them, but because I know those screen names, I was tempted to open the attachments.
No one else has gotten anything like this? |
|
Gunbert - I got the e-mail from AR15.com last night too about the possible virus infecting my system. I just deleted it so I don't know the details. All I know is that since yesterday, I've been getting inundated by spam e-mails. I haven't opened any but I've never been spammed like this before.
Is anybody else experiencing this? |
|
Over the past 3 days I have probably gotten 8-10 infected emails. I wish I could get my hands on the little bastard that is sending them...
|
|
Quoted: Has nobody else noticed anything? I got what looked to be an auto-letter from AR15.com that said I may have been infected with something... I know nothing about this stuff, but I scanned with mcaffe and found nothing. Shortly before I recieved that mail I got one from [email protected] and [email protected], as well as one from someone on the FalFiles. They all had attachments, but were just empty emails. I deleted them, but because I know those screen names, I was tempted to open the attachments. No one else has gotten anything like this? View Quote For God's sake don't open them!!! I got the [email protected] one too. I assure you it is a virus. The "japanese lass' sexy pictures" is also. Everyone, don't open any attachments from anyone you are not specifically expecting one from. Also, get a good virus protection (I just got Norton 2002). You cannot imagine the nightmare it causes when you just make a little d'load mistake. Beware!! |
|
My guess is that it is no accident that these mails are being sent to AR15.com members, and are supposedly from AR15.com members. The method involves "spoofing" through an open mail relay. It is possible to make an email appear from anyone, even if no such E-mail address exists.
My hunch is that this is intentionally directed at gun owners that have their E-mail addresses on the web. I'm betting it is a semi-computer-literate anti-gun wannabe-hacker. [(:|)] |
|
Quoted: My hunch is that this is intentionally directed at gun owners that have their E-mail addresses on the web. I'm betting it is a semi-computer-literate anti-gun wannabe-hacker. View Quote Um, not to sound like I would follow up by carving his freaking heart out, but is there a way to track this to its source? [pissed] |
|
Quoted: Um, not to sound like I would follow up by carving his freaking heart out, but is there a way to track this to its source? [pissed] View Quote Not likely. You'd have to analyze the mail headers for the sender's IP address, and if he's using an open relay server, the chances are 50/50 that there will be the IP address of the sender included in the header. To make matters worse, the offender could be going through proxy servers before connecting to the relay. So tracking this lamer would be unlikely. The best thing to do is just delete the stuff, and get a good virus scanner. [(:|)] |
|
I don't think this is directed at ar15.com members specificly.
These viruses are designed to get into people's email address books, and simply send the virus to everyone in the address book when ever you send out an email. All it takes is one email, and everyone in the book gets sent the virus email. More than likely, these people don't even know their computer/address book are infected until they get an email from someone unlucky enough to have recieved the virus, but was lucky enough to have good anti-virus software. These are the people who wait until disaster strikes (a virus or worm that really screws up their computer) before they go get Norton. Not intended to offend anyone: It's just what I see from experence when people call the 800 Jay Tech Support line. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img] edited to add, I've been getting hammered by klez, but Norton Anti Virus is saving my ass !!! |
|
[url=]http://www.ar15.com/forums/topic.html?id=111678&page=1[/url]
A bunch of us have been getting e-mails with fake return addresses listing other members. This is the result of a virus. Goatboy explains it in the thread listed above. Everyone who has a computer that interacts with internet or other computers in anyway,{edited to add-which is all of us here, duh) whether on the internet, through other people's floppy drives bing put in it, on a network etc. MUST have virus checking software and have it updated regulary from Symantec, or whoever you choose to use. Not doing so not only puts your computer at risks but allow the virus to grab our e-mail addresses and send us crap. I am glad to find out that the messages from some of you guys with the "Re:" line of "Honey" was the result of a virus. I should also add- I didn't mean the above as a criticism of anyone who already got infected, but unfortunately paying for this software, and for the updates, because I think the updates are only good for year and then you have to pay more to continue the service, is a necessary expense of being on the internet. These all seem to be coming from same address in Japan, I don't know if that's another shell address or if someone is really there causing this mess, but maybe we need an "AR15 fact finding mission" Sure we can't bring our guns,but they don't have any either [:D] |
|
Quoted: These viruses are designed to get into people's email address books, and simply send the virus to everyone in the address book when ever you send out an email. View Quote This particular bug did not send one e-mail to anyone in my addy book. All of the outgoing went to other Board members, only one of which I have ever directly e-mailed, and she (ARlady) was NOT in my addy book. "I" was sending several a day to myself! Check out the thread linked by Aimless, it is interesting. This has really been a wake-up for me re. the Norton Anti-Virus software. I did exactly what you said--let the horses all out, then closed the barn door. [:(] Everything that was in my 'puter is gone. |
|
Here are quotes from "Observer" and Goatboy about what might be causing this. I did not know that a virus would search through your computer for e-mail addresses, like searching the internet temp files-but something like this is going on since I am getting stuff form people who do not have me in their address books and people have gotten e-mails that are not from me, but list my e-mail address as the return address-they were actually sent from-" an AOL account. The return path is
Observer- It's really a virus/worm that you can read more information about here...securityresponse.symantec.com/avcenter/venc/data/[email protected] Although it can be a bit confusing when first seen, what happens is that this worm searches the Windows address book, the ICQ database, and any local files (like your internet 'temp' files of pages you've visited) for email addresses. So if your email address is visible on the page somewhere, there's the potential for it to be 'hijacked' and make it look like you're sending the virus. (But if you look at the detailed mail header, you can tell that it never came from your computer) The 'subject' line, message bodies, and attachment file names are all random. The 'From' address is randomly-chosen from email addresses that the worm finds somewhere on the infected computer. The worm then sends an email message to these addresses with itself as an attachment. If you don't have an antivirus program, go get one and keep the virus definitions current. Unfortunately this worm disables most antivirus programs (so it either won't load at startup or it crashes when you try to run it), but it can be removed using the tool from Symantec at this address: securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html Bottom line is 'if it looks suspicious, don't open it!'. (Although sometimes the virus will include some pretty damned interesting private files as a separate attachment! lol) -Observer GoatBoy Administrator This is a worm that's been spreading like mad. Apparently a few ISPs have gotten hit (morons) and they've led to this thing getting out of hand. The AR15.Com mail server (for team members) has been catching this thing like mad (I get about 25-100 a day!) so be thankful! ]=) We'll be looking at our servers and checking for any patches we've missed, but they should be solid and up to date. BTW - This virus masks itself and will randomly assign the "FROM" field so that it's harder to track. The headers are key because they help track the IP to a user. So half these you get are not from the person it looks like! |
|
Quoted: Quoted: I need to get a virus scan program. Especially since I am on cable modem now... I wonder if this could be what knocked my cable connection out. Scott View Quote You need to be sure you have some type of firewall hardware or software as well. If you're on broadband without a firewall, they can walk right in. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img] View Quote Windoze XP has a built-in firewall. Anyone know how I turn it on? Scott |
|
Quoted: Everything that was in my 'puter is gone. View Quote There is also information with Norton on how to handle an already infected computer-whether it works or not I don't know... Here's a live link to look info on this Klez virus [url=]securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html[/url] |
|
well, as reported, i received one of the tainted emails "from" beekeeper. ar15.com mail caught it though, so i'm safe, right?
also, [b]Aimless[/b], i noticed that my updates, well...aren't and that my "subscription" to them has expired. can i just pay to renew and start up again from this point? (using Norton if you need to know). i generally don't worry about these things cuz i just delete emails from addys i don't recognize, but this is kinda freakin' me out. i hate sleazeballs that do this!!!!!!!! |
|
Would you guys start hiding your emails, it's way to easy when everytime you post it's there for EVERYONE to see. If you want to email a member send him an IM and get his email that way, I haven't gotten ANY weird emails, but my addy is hidden [:D]
|
|
Gunbert,
I am truly sorry if my computer has been infected with a virus -- had oour Lan Nazi check out my computer at work today and he is pretty good, if he finds anything will let me know tommorrow....I haven't used the computer at home for two weeks because we moved into the new house...I dont think the home laptop is infected, but he will check that one for me tommorrow.... My wife knows nothing about attachments and everytime I try to educate her, she looks at me like a highschool girl who doesn't care about anything you say....all she wants to do is send her emails. I tried. Hope I am not infecting anyone. I have Norton CORP edition at home! |
|
O.K. I'm on the case here. If Gunbert has an AOL address gets an email from [email protected] and Satcong ISN'T a Team Member so he CAN'T have an ar15.com email address, then that means someone if screwing around with us here. If Gunbert's email was hidden I bet all of this would have been avoided, am I right?
|
|
Quoted: also, [b]Aimless[/b], i noticed that my updates, well...aren't and that my "subscription" to them has expired. can i just pay to renew and start up again from this point? (using Norton if you need to know). View Quote To be honest, I'm not sure-I seem to remember having one of the office computers coming up with a message that the norton anti-virus on that computer had expired and there was a fee to continue to get the updates. I think after awhile the "Live Updates" will give you a message that the virus definitions won't be updated anymore without paying a fee, I think if you hit "live update" it'll run you through how to update-or you can buy the latest edition of anti-virus and I think you get a year free-but I REALLY know next to nothing about this stuff-just enough to be dangerous maybe this will help? [url=]http://www.symantec.com/techsupp/subscribe[/url] and Symatec's main page has a warning about this klez worm virus- [url=]http://www.symantec.com[/url] |
|
Quoted: Would you guys start hiding your emails, it's way to easy when everytime you post it's there for EVERYONE to see. If you want to email a member send him an IM and get his email that way, I haven't gotten ANY weird emails, but my addy is hidden [:D] View Quote Don't you feel left out though? |
|
I got one from "[email protected]" with subject "comp order" WTF, over?
|
|
I've received one back as a bad send to someone that I didn't know, with me as the sender, reply line stating "PRODUCT SOFTWARE INCLUDED WITH HARDWARE!"
body of message, from experience, appeared to be bad translation of Mandarin Chinese to English, due to the idioms. |
|
Quoted: Quoted: also, [b]Aimless[/b], i noticed that my updates, well...aren't and that my "subscription" to them has expired. can i just pay to renew and start up again from this point? (using Norton if you need to know). View Quote To be honest, I'm not sure-I seem to remember having one of the office computers coming up with a message that the norton anti-virus on that computer had expired and there was a fee to continue to get the updates. I think after awhile the "Live Updates" will give you a message that the virus definitions won't be updated anymore without paying a fee, I think if you hit "live update" it'll run you through how to update-or you can buy the latest edition of anti-virus and I think you get a year free-but I REALLY know next to nothing about this stuff-just enough to be dangerous maybe this will help? [url=]http://www.symantec.com/techsupp/subscribe[/url] and Symatec's main page has a warning about this klez worm virus- [url=]http://www.symantec.com[/url] View Quote when my norton 2000 expired and I tried to renew it, they told me it would be better to upgrade to 2002 version instead of just getting updates. Price difference was a bit more but I do like the new version better. "Windoze XP has a built-in firewall. Anyone know how I turn it on?" Go to control panel---network connection---broadband connection icon---right click on properties---advanced tab----internet firewall box on top. |
|
Lots of guys at Sniper Country are getting this crap sent to them too, a couple hogs got infected. Most of my friends and acquiantences are non-shooters, none of them are having problems.
|
|
Used this site to clear my puter today after receiving a worm:
[url]http://housecall.antivirus.com/[/url] worked great |
|
[b]Received this e-mail worm virus yesterday morning and this is the response from our IT dept. today, (believe this is worm Goatboy has referred to)[/b].
Everyone: If you get an e-mail message that looks like the message below, do NOT open any attachments that may be with it and do NOT click on the link in the message. The link in the message is in the last sentence where it says "[b]mail to me[/b]". That part is underlined as if to click on the link to e-mail the person back indicating your interest. What this link actually does is generate a virus that sends itself to everyone in your address book and can do some nasty things to files on your local machine as well as on the network. Please be aware of this message and simply delete it if you receive it. As always, please contact one of the IT Department guys if you receive a questionable e-mail and/or attachment of if you have any questions. It's always better to be safe than sorry. We appreciate your cooperation. Regards, IT Department [b]THIS IS ACTUAL MESSAGE RECEIVED[/b] -----Original Message----- From: tomeslick [mailto:[email protected]] Sent: Thursday, April 25, 2002 3:51 AM Subject: Worm Klez.E immunity Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,[b]please mail to me[/b]. Mike |
|
Download this program and run it to clean up the virus: [url]http://securityresponse.symantec.com/avcenter/FixKlez.com[/url]
I got hosed with it. What the virus does is find subjects in your emails and uses those as the subjects to those its emailing. For example, if Joe emails Dan with the subject "That SP-1 for $900", the virus would use that when sending itself out, so 50 billion people would get an email titled "That SP-1 for $900". Dont open any emails with attachments for a while. Kharn |
|
kharn. i scanned, here at work, and came up clean. i'll do the same thing at home tonight, using your link.
i was not aware the klez had an "anti-anti-virus" mode. perhaps that's why macaffee did not pick it up it my 3 previous scans. thanks. |
|
Quoted: kharn. i scanned, here at work, and came up clean. i'll do the same thing at home tonight, using your link. i was not aware the klez had an "anti-anti-virus" mode. perhaps that's why macaffee did not pick it up it my 3 previous scans. thanks. View Quote CB, mine was definitely the Klez as we found the "wink" file, as described in the manual removal instructions. It would not allow any virus cleaning software to run, and even after deleting all the "wink" files we [b]still[/b] could not run or install virus software. We ended up having to do a full system restore. |
|
Quoted: kharn. i scanned, here at work, and came up clean. i'll do the same thing at home tonight, using your link. i was not aware the klez had an "anti-anti-virus" mode. perhaps that's why macaffee did not pick it up it my 3 previous scans. thanks. View Quote I forgot as well: If your definitions were not updated with the klez virus information, not only might it have gotten on your computer, it might have screwed up your anti virus software. People say klez started in Japan: This smells like to me like ChiCom crap. Jay [img]http://www.commspeed.net/jmurray/images/iroc-cop.gif[/img] |
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.