PING : JNUGENT - you're sending out virus's mate



Status
Not open for further replies.
D

Doug

Guest
JNUGENT

I just received an e-mail from your account headed

Re: Question for seller -- Item #934222988

and containing a virus infected attachment.

McAfee dealt with it no probs but please sort it out - in case anyone isn't as well protected as me.

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
http://www.newsfeed.com The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
 
Doug wrote:

> JNUGENT
>
> I just received an e-mail from your account headed
>
> Re: Question for seller -- Item #934222988
>
> and containing a virus infected attachment.
>
> McAfee dealt with it no probs but please sort it out - in case anyone isn't as well
> protected as me.
>
> -----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
> http://www.newsfeed.com The #1 Newsgroup Service in the World!
> -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----

moi aussi
 
"Peter B" <[email protected]> wrote in message news:[email protected]...
>
> "NM" <[email protected]> wrote in message news:[email protected]...
> > Doug wrote:
> >
> > > JNUGENT
> > >
> > > I just received an e-mail from your account headed
> > >
> > > Re: Question for seller -- Item #934222988
> > >
> > > and containing a virus infected attachment.
> > >
> > > McAfee dealt with it no probs but please sort it out - in case anyone
> isn't
> > > as well protected as me.
>
> > moi aussi
>
> Et moi. BT Openworld intercepted it in my case.

And me . please check it out.
>
> Pete
 
"NM" <[email protected]> wrote in message news:[email protected]...
> Doug wrote:
>
> > JNUGENT
> >
> > I just received an e-mail from your account headed
> >
> > Re: Question for seller -- Item #934222988
> >
> > and containing a virus infected attachment.
> >
> > McAfee dealt with it no probs but please sort it out - in case anyone
isn't
> > as well protected as me.

> moi aussi

Et moi. BT Openworld intercepted it in my case.

Pete
 
"Paul Kelly" <[email protected]> wrote in message news:[email protected]...
>
> "Peter B" <[email protected]> wrote in message news:[email protected]...
> >
> > "NM" <[email protected]> wrote in message news:[email protected]...
> > > Doug wrote:
> > >
> > > > JNUGENT
> > > >
> > > > I just received an e-mail from your account headed
> > > >
> > > > Re: Question for seller -- Item #934222988
> > > >
> > > > and containing a virus infected attachment.
> > > >
> > > > McAfee dealt with it no probs but please sort it out - in case
anyone
> > isn't
> > > > as well protected as me.
> >
> > > moi aussi
> >
> > Et moi. BT Openworld intercepted it in my case.
>
> And me . please check it out.
> >
> > Pete
> >
> >
>

Me too - intercepted by my Uni server's scanner.
 
On Thu, 20 Feb 2003 22:41:34 +0000, Nathaniel Porter wrote:

> Me too - intercepted by my Uni server's scanner.

I'm using Linux. Please feel free to e-mail it here.

--
________________________
Conor Turton [email protected]
________________________
 
"PeterE" <[email protected]> wrote in message
news:[email protected]...
> Paul Kelly wrote in message ...
> >
> >"Peter B" <[email protected]> wrote in message news:[email protected]...
> >>
> >> "NM" <[email protected]> wrote in message news:[email protected]...
> >> > Doug wrote:
> >> >
> >> > > JNUGENT
> >> > >
> >> > > I just received an e-mail from your account headed
> >> > >
> >> > > Re: Question for seller -- Item #934222988
> >> > >
> >> > > and containing a virus infected attachment.
> >> > >
> >> > > McAfee dealt with it no probs but please sort it out - in case
anyone
> >> isn't
> >> > > as well protected as me.
> >>
> >> > moi aussi
> >>
> >> Et moi. BT Openworld intercepted it in my case.
> >
> >And me . please check it out.
>
> Is it not the case that these viruses can take a random name in someone's address book and use
> that as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives
> the impression of doing so?
>
> --
> http://www.speedlimit.org.uk "I hate cars. If I ever get any power again, I'd ban the lot." (Ken
> Livingstone, June 1989)
>
>
>
>
>

I think the fact that Jnugent is a regular on these groups and many people coming through as
recipients are also regulars points suggests otherwise. No one is suggesting it is
deliberate though.

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
http://www.newsfeed.com The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
 
Paul Kelly wrote in message ...
>
>"Peter B" <[email protected]> wrote in message news:[email protected]...
>>
>> "NM" <[email protected]> wrote in message news:[email protected]...
>> > Doug wrote:
>> >
>> > > JNUGENT
>> > >
>> > > I just received an e-mail from your account headed
>> > >
>> > > Re: Question for seller -- Item #934222988
>> > >
>> > > and containing a virus infected attachment.
>> > >
>> > > McAfee dealt with it no probs but please sort it out - in case anyone
>> isn't
>> > > as well protected as me.
>>
>> > moi aussi
>>
>> Et moi. BT Openworld intercepted it in my case.
>
>And me . please check it out.

Is it not the case that these viruses can take a random name in someone's address book and use that
as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives the
impression of doing so?

--
http://www.speedlimit.org.uk "I hate cars. If I ever get any power again, I'd ban the lot." (Ken
Livingstone, June 1989)
 
In article <[email protected]>, [email protected] spouted forth into
uk.rec.driving...
> JNUGENT
>
> I just received an e-mail from your account headed
>
> Re: Question for seller -- Item #934222988
>
> and containing a virus infected attachment.
>
> McAfee dealt with it no probs but please sort it out - in case anyone isn't as well
> protected as me.

F-Prot running on my mail server let the mail through, but stripped the attachment.

Was just about to mail him, and ask why I was getting mailed :)

Poor bugger, hope he knows.

--
Carl Robson (The poster formerly known as Skodapilot) http://www.bouncing-czechs.com
 
"Conor Turton" <[email protected]> wrote in message
news:p[email protected]...
> On Thu, 20 Feb 2003 22:41:34 +0000, Nathaniel Porter wrote:
>
> > Me too - intercepted by my Uni server's scanner.
>
> I'm using Linux. Please feel free to e-mail it here.
>

I'm using both Windows and Linux, so I get security with the option of being masochistic ;-)
 
"PeterE" <[email protected]> wrote in message
>
> Is it not the case that these viruses can take a random name in someone's address book and use
> that as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives
> the impression of doing so?

Well yes and no if you look at the headers of the e-mail you will normally be able to trace the
senders address from them. Here is one I keep getting with klez (real e-mail addresses masked with 5
stars for there address and & for
me)

X-From_: *****Sat Feb 15 21:27:04 2003 Return-path: <*****> Envelope-to: &&&&& Delivery-date: Sat,
15 Feb 2003 21:27:04 +0000 Received: from modem-1064.rickt.dialup.pol.co.uk ([62.25.196.40]
helo=Chhqyx) by cmailm5.svr.pol.co.uk with smtp (Exim 4.10.11) id 18k9oy-0002pl-00 for &&&&&; Sat,
15 Feb 2003 21:26:04 +0000 From: complaints <[email protected]> To: &&&&& Subject: Some
questions MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=L4251B74pGE4d4FRXKO2
Message-Id: <[email protected]> Date: Sat, 15 Feb 2003
21:26:04 +0000

In this case the only faked e-mail address in in the from field the x-from and return path were both
correct (and normally are) you can also use the Received: from line to trace where it entered the
internet in this care modem-1064.rickt.dialup.pol.co.uk then contact the server admin with a copy of
the header and ask them to double check on there logs and contact the sender. This is one of the
reasons I don't put my address into outlook for news to prevent worms like this from using it as the
from address.
 
Paul Kelly <[email protected]> wrote:

> And me . please check it out.

What, exactly, is the point of all these follow-ups, quoting the original piece and effectively just
adding the old AOL staple of "me too"?

Hoagy (got it, but I don't care as I don't run Windows)
 
"Doug" <[email protected]> wrote:

goliath.newsgroups.com
|| JNUGENT

|| I just received an e-mail from your account headed Re: Question for seller -- Item #934222988 and
|| containing a virus infected attachment. McAfee dealt with it no probs but please sort it out - in
|| case anyone isn't as well protected as me.

Thanks for the tip off.

Should have been sorted out now (courtesy of the McAfee site).

Sorry, everyone, don't know where it came from.

---
Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/03
 
On Fri, 21 Feb 2003 01:13:18 +0000, JNugent wrote:

> Thanks for the tip off.
>
> Should have been sorted out now (courtesy of the McAfee site).
>
> Sorry, everyone, don't know where it came from.

Outlook Express..nuff said.

--
________________________
Conor Turton [email protected]
________________________
 
"PeterE" <[email protected]> wrote in message
news:<[email protected]>...

> Is it not the case that these viruses can take a random name in someone's address book and use
> that as the "from" address, so it doesn't necessarily come from JNugent's PC, although it gives
> the impression of doing so?

Yes, it's possible, and that's what I assumed when I got the email from him. But with the
significant number of people fingering one sender, it seems unlikely in this case.

James
 
In article <1fqpg3d.qp100u16cw60wN%[email protected]>, [email protected] spouted forth into
uk.rec.driving...
> Hoagy (got it, but I don't care as I don't run Windows)
>

Got it, but I don't use Outloot ExtraStress for mail and news, and run my Own
firewall/mailserver/Nat gateway, with Anti Virus on all the client machines and the server, and
realtime anti virus on the mail server (Do have linux on a virtual machine though, so I do have the
option of being worm safe).
--
Carl Robson (The poster formerly known as Skodapilot) http://www.bouncing-czechs.com
 
In article <[email protected]>, [email protected] says...
> On Fri, 21 Feb 2003 01:13:18 +0000, JNugent wrote:
>
> > Thanks for the tip off.
> >
> > Should have been sorted out now (courtesy of the McAfee site).
> >
> > Sorry, everyone, don't know where it came from.
>
> Outlook Express..nuff said.

So this means Outlook Express also builds an address book from newsgroup articles? I assume so since
that is the only contact I've ever had with JNugent. That must be a bloody enormous address book for
any normal usenet user.

Colin
 
"Colin Blackburn" <[email protected]> wrote in message
news:MPG.18c01841347279699897c1@localhost
>
> So this means Outlook Express also builds an address book from newsgroup articles? I assume so
> since that is the only contact I've ever had with JNugent. That must be a bloody enormous address
> book for any normal usenet user.

One of the options in OE is "Automatically put people I reply to in my Address Book". I'm pretty
sure it's turned on by default. It covers both newsgroup and email replies.
 
"Colin Blackburn" <[email protected]> wrote in message
news:MPG.18c01841347279699897c1@localhost...

> I assume so since that is the only contact I've ever had with JNugent. That must be a bloody
> enormous address book for any normal usenet user.

No, it's not like that. Klez and other viruses of this period tend to scan the hard drive for mail
addresses buried in the cache, downloaded news postings, that sort of thing. The poor fellow
probably didn't have any of you in his address book. It's worth pointing ou that this is a good
reason to use either a trash account for usenet (I use a Freeserve account but I'm on Blueyonder, I
only look at it every couple of days) or munging your address. Note that the recipients were using
an unmunged address.

Tim

--
Sent from Brum, UK... ...scheduled completion Sept 2003 'What's keeping the White House white? Is it
chalk, is it fog, is it fear?' Steve Skaith, 'America For Beginners' Look, mum, an anorak on a bike!
Check out www.nervouscyclist.org
 
Grant Mason wrote:
> One of the options in OE is "Automatically put people I reply to in my Address Book". I'm pretty
> sure it's turned on by default. It covers both newsgroup and email replies.

Not in my case. I only use OE for NGs and nothing has ever gone into the address book.
--
Michael MacClancy
 
Status
Not open for further replies.

Similar threads

G
Replies
12
Views
581
UK and Europe
Peter Clinch
P
G
Replies
0
Views
589
G
W
Replies
7
Views
480
UK and Europe
Dave Larrington
D
G
Replies
3
Views
492
Road Cycling
GoneBeforeMyTime
G
G
Replies
11
Views
482
Road Cycling
Michael Press
M
L
Replies
1
Views
342
P