Re: Virus
- Subject: Re: [sibrob] Virus
- From: D* P*
- Date: Sun, 06 May 2001 21:31:36 -0700
Dave,
If you take a look at the full headers for those e-mail messages, you
may see the answer to your questions. Crackers often send forged e-mail
messages directly to you containing the virus/trojan horse/etc. they
wish to install on your computer system. You get the impression that the
messages are coming from the <sibrob@yahoogroups.com> or
<sibrob@onelist.com> maillist, but you may actually be receiving it from
the cracker directly or indirectly via a relay of compromised computers
and network routers. In other words, these particular messages are not
coming from <sibrob@yahoogroups.com>.
I noted that one of the two infected messages I received included a
comment in the full header saying the <yahoogroups.com> address was
likely to be a forged address. Apparently, an interim e-mail handler
detected something wrong with the address.
Assuming your messages were also forgeries, that would explain why the
other list members did not see the messages that you and I received. The
messages were sent directly to us, without passing through <sibrob>.
The cracker sent the infected messages directly to us in the hope that
one of our computers would be unprotected. The virus/etc. was supposed
to gain control of our computer systems and modems to the extent that
they would answer the cracker's telephone call placed late at night
while we were asleep. Once the cracker gained a direct or Internet
connection to our computer while we were asleep, the cracker would use
it for whatever purpose could be accomplished with the cracker's current
tools and skills. One such purpose would be to use our computer system
to attack other computer systems while using our identities and
privileges.
Our anti-virus protection aborted the attacks by preventing the virus
from giving the cracker a telephone/network connection to our computer
systems. So the cracker will continue to send these forged messages to
various <sibrob> addressees in the effort to exploit any unprotected
computer systems which can be found. Consequently, <sibrob> members need
to be cautious about maintaining adequate protections.
Dallas Patterson
nye@fidalgo.net
Dave Silverberg wrote:
>
> Don't know why others were not alerted to the virus - but my Norton
> picked up two different ones both sent under the Bilson address. What
> was unusual was that the first one arrived yesterday (May 5) as a single
> message and the second today (May 6) as part of a digest. The unusual
> part is that I have not been on digest mode for over a year. I suspect
> that somehow or other that hacker (???) got into the Bilson system. Just
> to be on the safe side I went thru all of my Norton protection systems
> and updated them. I suggest all others do the same.
>
> Dave Silverberg
> Molalla, Oregon USA zone 7/8ish
>
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Clubmom is the first free organization dedicated to rewarding and celebrating Moms! Join today - it's free - and get a free year-long subscription
for Parents magazine - just for being a Mom!
http://us.click.yahoo.com/BVVVCC/YKfCAA/OZ8EAA/VTJVlB/TM
---------------------------------------------------------------------_->
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
