PING : JNUGENT - you're sending out virus's mate

Discussion in 'UK and Europe' started by Doug, Feb 20, 2003.

Thread Status:
Not open for further replies.
  1. Doug

    Doug Guest

    JNUGENT

    I just received an e-mail from your account headed

    Re: Question for seller -- Item #934222988

    and containing a virus infected attachment.

    McAfee dealt with it no probs but please sort it out - in case anyone isn't as well protected as me.

    -----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
    http://www.newsfeed.com The #1 Newsgroup Service in the World!
    -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
     
    Tags:


  2. Nm

    Nm Guest

    Doug wrote:

    > JNUGENT
    >
    > I just received an e-mail from your account headed
    >
    > Re: Question for seller -- Item #934222988
    >
    > and containing a virus infected attachment.
    >
    > McAfee dealt with it no probs but please sort it out - in case anyone isn't as well
    > protected as me.
    >
    > -----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
    > http://www.newsfeed.com The #1 Newsgroup Service in the World!
    > -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----

    moi aussi
     
  3. Paul Kelly

    Paul Kelly Guest

    "Peter B" <[email protected]> wrote in message news:[email protected]...
    >
    > "NM" <[email protected]> wrote in message news:[email protected]...
    > > Doug wrote:
    > >
    > > > JNUGENT
    > > >
    > > > I just received an e-mail from your account headed
    > > >
    > > > Re: Question for seller -- Item #934222988
    > > >
    > > > and containing a virus infected attachment.
    > > >
    > > > McAfee dealt with it no probs but please sort it out - in case anyone
    > isn't
    > > > as well protected as me.
    >
    > > moi aussi
    >
    > Et moi. BT Openworld intercepted it in my case.

    And me . please check it out.
    >
    > Pete
     
  4. Peter B

    Peter B Guest

    "NM" <[email protected]> wrote in message news:[email protected]...
    > Doug wrote:
    >
    > > JNUGENT
    > >
    > > I just received an e-mail from your account headed
    > >
    > > Re: Question for seller -- Item #934222988
    > >
    > > and containing a virus infected attachment.
    > >
    > > McAfee dealt with it no probs but please sort it out - in case anyone
    isn't
    > > as well protected as me.

    > moi aussi

    Et moi. BT Openworld intercepted it in my case.

    Pete
     
  5. "Paul Kelly" <[email protected]> wrote in message news:[email protected]...
    >
    > "Peter B" <[email protected]> wrote in message news:[email protected]...
    > >
    > > "NM" <[email protected]> wrote in message news:[email protected]...
    > > > Doug wrote:
    > > >
    > > > > JNUGENT
    > > > >
    > > > > I just received an e-mail from your account headed
    > > > >
    > > > > Re: Question for seller -- Item #934222988
    > > > >
    > > > > and containing a virus infected attachment.
    > > > >
    > > > > McAfee dealt with it no probs but please sort it out - in case
    anyone
    > > isn't
    > > > > as well protected as me.
    > >
    > > > moi aussi
    > >
    > > Et moi. BT Openworld intercepted it in my case.
    >
    > And me . please check it out.
    > >
    > > Pete
    > >
    > >
    >

    Me too - intercepted by my Uni server's scanner.
     
  6. Conor Turton

    Conor Turton Guest

    On Thu, 20 Feb 2003 22:41:34 +0000, Nathaniel Porter wrote:

    > Me too - intercepted by my Uni server's scanner.

    I'm using Linux. Please feel free to e-mail it here.

    --
    ________________________
    Conor Turton [email protected]
    ________________________
     
  7. Doug

    Doug Guest

    "PeterE" <[email protected]> wrote in message
    news:[email protected]...
    > Paul Kelly wrote in message ...
    > >
    > >"Peter B" <[email protected]> wrote in message news:[email protected]...
    > >>
    > >> "NM" <[email protected]> wrote in message news:[email protected]...
    > >> > Doug wrote:
    > >> >
    > >> > > JNUGENT
    > >> > >
    > >> > > I just received an e-mail from your account headed
    > >> > >
    > >> > > Re: Question for seller -- Item #934222988
    > >> > >
    > >> > > and containing a virus infected attachment.
    > >> > >
    > >> > > McAfee dealt with it no probs but please sort it out - in case
    anyone
    > >> isn't
    > >> > > as well protected as me.
    > >>
    > >> > moi aussi
    > >>
    > >> Et moi. BT Openworld intercepted it in my case.
    > >
    > >And me . please check it out.
    >
    > Is it not the case that these viruses can take a random name in someone's address book and use
    > that as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives
    > the impression of doing so?
    >
    > --
    > http://www.speedlimit.org.uk "I hate cars. If I ever get any power again, I'd ban the lot." (Ken
    > Livingstone, June 1989)
    >
    >
    >
    >
    >

    I think the fact that Jnugent is a regular on these groups and many people coming through as
    recipients are also regulars points suggests otherwise. No one is suggesting it is
    deliberate though.

    -----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
    http://www.newsfeed.com The #1 Newsgroup Service in the World!
    -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
     
  8. Petere

    Petere Guest

    Paul Kelly wrote in message ...
    >
    >"Peter B" <[email protected]> wrote in message news:[email protected]...
    >>
    >> "NM" <[email protected]> wrote in message news:[email protected]...
    >> > Doug wrote:
    >> >
    >> > > JNUGENT
    >> > >
    >> > > I just received an e-mail from your account headed
    >> > >
    >> > > Re: Question for seller -- Item #934222988
    >> > >
    >> > > and containing a virus infected attachment.
    >> > >
    >> > > McAfee dealt with it no probs but please sort it out - in case anyone
    >> isn't
    >> > > as well protected as me.
    >>
    >> > moi aussi
    >>
    >> Et moi. BT Openworld intercepted it in my case.
    >
    >And me . please check it out.

    Is it not the case that these viruses can take a random name in someone's address book and use that
    as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives the
    impression of doing so?

    --
    http://www.speedlimit.org.uk "I hate cars. If I ever get any power again, I'd ban the lot." (Ken
    Livingstone, June 1989)
     
  9. In article <[email protected]>, [email protected] spouted forth into
    uk.rec.driving...
    > JNUGENT
    >
    > I just received an e-mail from your account headed
    >
    > Re: Question for seller -- Item #934222988
    >
    > and containing a virus infected attachment.
    >
    > McAfee dealt with it no probs but please sort it out - in case anyone isn't as well
    > protected as me.

    F-Prot running on my mail server let the mail through, but stripped the attachment.

    Was just about to mail him, and ask why I was getting mailed :)

    Poor bugger, hope he knows.

    --
    Carl Robson (The poster formerly known as Skodapilot) http://www.bouncing-czechs.com
     
  10. "Conor Turton" <[email protected]> wrote in message
    news:p[email protected]...
    > On Thu, 20 Feb 2003 22:41:34 +0000, Nathaniel Porter wrote:
    >
    > > Me too - intercepted by my Uni server's scanner.
    >
    > I'm using Linux. Please feel free to e-mail it here.
    >

    I'm using both Windows and Linux, so I get security with the option of being masochistic ;-)
     
  11. Depresion

    Depresion Guest

    "PeterE" <[email protected]> wrote in message
    >
    > Is it not the case that these viruses can take a random name in someone's address book and use
    > that as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives
    > the impression of doing so?

    Well yes and no if you look at the headers of the e-mail you will normally be able to trace the
    senders address from them. Here is one I keep getting with klez (real e-mail addresses masked with 5
    stars for there address and & for
    me)

    X-From_: *****Sat Feb 15 21:27:04 2003 Return-path: <*****> Envelope-to: &&&&& Delivery-date: Sat,
    15 Feb 2003 21:27:04 +0000 Received: from modem-1064.rickt.dialup.pol.co.uk ([62.25.196.40]
    helo=Chhqyx) by cmailm5.svr.pol.co.uk with smtp (Exim 4.10.11) id 18k9oy-0002pl-00 for &&&&&; Sat,
    15 Feb 2003 21:26:04 +0000 From: complaints <[email protected]> To: &&&&& Subject: Some
    questions MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=L4251B74pGE4d4FRXKO2
    Message-Id: <[email protected]> Date: Sat, 15 Feb 2003
    21:26:04 +0000

    In this case the only faked e-mail address in in the from field the x-from and return path were both
    correct (and normally are) you can also use the Received: from line to trace where it entered the
    internet in this care modem-1064.rickt.dialup.pol.co.uk then contact the server admin with a copy of
    the header and ask them to double check on there logs and contact the sender. This is one of the
    reasons I don't put my address into outlook for news to prevent worms like this from using it as the
    from address.
     
  12. Paul Kelly <[email protected]> wrote:

    > And me . please check it out.

    What, exactly, is the point of all these follow-ups, quoting the original piece and effectively just
    adding the old AOL staple of "me too"?

    Hoagy (got it, but I don't care as I don't run Windows)
     
  13. Jnugent

    Jnugent Guest

    "Doug" <[email protected]> wrote:

    goliath.newsgroups.com
    || JNUGENT

    || I just received an e-mail from your account headed Re: Question for seller -- Item #934222988 and
    || containing a virus infected attachment. McAfee dealt with it no probs but please sort it out - in
    || case anyone isn't as well protected as me.

    Thanks for the tip off.

    Should have been sorted out now (courtesy of the McAfee site).

    Sorry, everyone, don't know where it came from.

    ---
    Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/03
     
  14. Conor Turton

    Conor Turton Guest

    On Fri, 21 Feb 2003 01:13:18 +0000, JNugent wrote:

    > Thanks for the tip off.
    >
    > Should have been sorted out now (courtesy of the McAfee site).
    >
    > Sorry, everyone, don't know where it came from.

    Outlook Express..nuff said.

    --
    ________________________
    Conor Turton [email protected]
    ________________________
     
  15. James Annan

    James Annan Guest

    "PeterE" <[email protected]> wrote in message
    news:<[email protected]>...

    > Is it not the case that these viruses can take a random name in someone's address book and use
    > that as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives
    > the impression of doing so?

    Yes, it's possible, and that's what I assumed when I got the email from him. But with the
    significant number of people fingering one sender, it seems unlikely in this case.

    James
     
  16. In article <1fqpg3d.qp100u16cw60wN%[email protected]>, [email protected] spouted forth into
    uk.rec.driving...
    > Hoagy (got it, but I don't care as I don't run Windows)
    >

    Got it, but I don't use Outloot ExtraStress for mail and news, and run my Own
    firewall/mailserver/Nat gateway, with Anti Virus on all the client machines and the server, and
    realtime anti virus on the mail server (Do have linux on a virtual machine though, so I do have the
    option of being worm safe).
    --
    Carl Robson (The poster formerly known as Skodapilot) http://www.bouncing-czechs.com
     
  17. In article <[email protected]>, [email protected] says...
    > On Fri, 21 Feb 2003 01:13:18 +0000, JNugent wrote:
    >
    > > Thanks for the tip off.
    > >
    > > Should have been sorted out now (courtesy of the McAfee site).
    > >
    > > Sorry, everyone, don't know where it came from.
    >
    > Outlook Express..nuff said.

    So this means Outlook Express also builds an address book from newsgroup articles? I assume so since
    that is the only contact I've ever had with JNugent. That must be a bloody enormous address book for
    any normal usenet user.

    Colin
     
  18. Grant Mason

    Grant Mason Guest

    "Colin Blackburn" <[email protected]> wrote in message
    news:[email protected]
    >
    > So this means Outlook Express also builds an address book from newsgroup articles? I assume so
    > since that is the only contact I've ever had with JNugent. That must be a bloody enormous address
    > book for any normal usenet user.

    One of the options in OE is "Automatically put people I reply to in my Address Book". I'm pretty
    sure it's turned on by default. It covers both newsgroup and email replies.
     
  19. Tim Dunne

    Tim Dunne Guest

    "Colin Blackburn" <[email protected]> wrote in message
    news:[email protected]...

    > I assume so since that is the only contact I've ever had with JNugent. That must be a bloody
    > enormous address book for any normal usenet user.

    No, it's not like that. Klez and other viruses of this period tend to scan the hard drive for mail
    addresses buried in the cache, downloaded news postings, that sort of thing. The poor fellow
    probably didn't have any of you in his address book. It's worth pointing ou that this is a good
    reason to use either a trash account for usenet (I use a Freeserve account but I'm on Blueyonder, I
    only look at it every couple of days) or munging your address. Note that the recipients were using
    an unmunged address.

    Tim

    --
    Sent from Brum, UK... ...scheduled completion Sept 2003 'What's keeping the White House white? Is it
    chalk, is it fog, is it fear?' Steve Skaith, 'America For Beginners' Look, mum, an anorak on a bike!
    Check out www.nervouscyclist.org
     
  20. Grant Mason wrote:
    > One of the options in OE is "Automatically put people I reply to in my Address Book". I'm pretty
    > sure it's turned on by default. It covers both newsgroup and email replies.

    Not in my case. I only use OE for NGs and nothing has ever gone into the address book.
    --
    Michael MacClancy
     
Loading...
Thread Status:
Not open for further replies.
Loading...