OT: Inundated with bogus(?) warnings I'm infected
Paul Howarth
paul at city-fan.org
Wed Sep 13 10:50:35 UTC 2006
fredex wrote:
> On Wed, Sep 13, 2006 at 05:33:21AM -0500, Mike McCarty wrote:
>> I'm getting inundated (like a few tens of e-mails a day) with
>> messages claiming that my machine has been identified as sending
>> a multitude of messages and is likely to be infected, or that
>> some e-mail I don't recognize was undeliverable. Both of them
>> recommend that I follow the attached instructions.
>>
>> The attachment is a .zip which unpacks to a file named
>>
>> text.doc .scr
>>
>> (many more spaces in the name than I put). For some of these,
>> I've managed to ascertain that they are actually Windows
>> executables. Sometimes my ISP warns me that the attachment
>> contains the W32.Mydoom.M at mm virus, and the content was
>> removed (in which case the .zip is 0 bytes). Other times
>> the "virus protection" was unavailable, and I am warned
>> that it wasn't run, and those are the ones I've looked
>> at.
>>
>> Would someone please help me in interpreting the headers
>> from these messages so I can ascertain where they originate,
>> and possibly get someone (who I presume is infected) either
>> cleaned or shut down?
>>
>> Thanks very much for your time.
>
> Mike:
>
> I dunno where they come from, but I get tons of 'em too. They're
> clearly some kind of spam, I presume them to be a phishing scheme,
> though it could just be a virus laden piece of crapware.
>
> My spam filter (spambayes) does an excellent job of filtering out
> all that junk so I never see them anywhere except in the spam (or
> unsure) folder.
It's probably just clueless anti-virus software sending mail to the
forged sender address used by the virus.
http://attrition.org/security/rant/av-spammers.html
http://www.joewein.de/sw/spam-virus-warnings.htm
http://www.f-prot.com/news/gen_news/030910_open_letter.html
http://www.f-prot.com/news/gen_news/040130_open_letter.html
Paul.
More information about the fedora-list
mailing list