Re: CRIME How to stop this from happening.....

From: Shaun Savage (savages@private)
Date: Sun Sep 15 2002 - 09:40:51 PDT

  • Next message: Andrew Plato: "RE: CRIME How to stop this from happening....."

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    Switch to LINUX!!!!
    
    In the headers, the will be a site that your server connected to to to
    receive the email.  That is the only thing that is know for sure.
    
    Send me/Forward an email and I will check it out for you
    
    Shaun
    
    
    
    
    
    
    John E Jewkes-AAA0OR-AAA0ID wrote:
    | Hi All,
    |         Hoping someone here has the right information to help me.
    | In addition to being the Webbie for the Army MARS Oregon
    | Website, I have my own personal Website (not sales or such,
    | just "Here I am World") hosted on Virtual Avenue. I keep seeing
    | messages in my 'alias' email such as:
    |
    | Recipient of the infected attachment:  Andrea Moe\Inbox
    | Subject of the message:  Worm Klez.E immunity
    | One or more attachments were deleted
    |   Attachment Page.exe was Deleted for the following reasons:
    |     Virus W32.Klez.H@mm was found.
    |
    | It comes into john@private <mailto:john@private> and
    | auto-forwards to the alias
    | john.jewkes@private <mailto:john.jewkes@private>. EACH of these emails
    | claims that john@private <mailto:john@private>
    | sent it. I do NOT have any email facilities on the server, nor do I ever
    | send email with that e-address in it. (YES, I do know how to 'do' that
    | in both
    | Netscape and IE Mail and Outlook /Express, BUT, I do not.....) The
    techs at
    | VirtualAve.net swear that their servers do NOT support Open Frame Relays.
    | Scans of my own computer also do not reveal the worm (Even went and
    got the
    | 'worm scanner' specifically written for KLEZ from Norton's Homepage).
    |
    |         So, How do I stop it?
    | John Jewkes, SMD US ARMY MARS
    | Oregon/Idaho State Director
    | AAA0OR OR/AAA0ID ID/AAR0MI OR
    | W6HNC
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    
    iD8DBQE9hLgRn6I06Opz+XURAqcKAJ4s1dHRnOHtFjP4wLbdMd214mxZ5gCgnp1Y
    4y3yOAu78VNDS6RxSq1pLDM=
    =1+pl
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Sat Sep 14 2002 - 19:29:03 PDT