IDM Mailing Archive

i've had similar experiences on my Mac OS X in the past week and i'm not gonna go into detail, but if anyones had weird mail from ninjatune... i didnt send it and we're looking into it. a few other housekeeping things i learned for macs... deleting and trashing mail doesnt mean its off the hardrive. you gotta go into the attachments folder and delete from there too. then you have to empty the trash on the desktop. i use the delete button more than the open to read the mail button these days. nH At 9:23 pm +0200 7/6/03, ma_hovina wrote:

quoted 87 lines just the same with this one: lofixxx@atom-heart.com

>just the same with this one: lofixxx@atom-heart.com > >i'm running OS X and not infected, but this eMail is used by someone >from Poland i don't know. > >ma_hovina > > > >Am Samstag, 07.06.03, um 20:55 Uhr (Europe/Berlin) schrieb Mr. Tangent: > >>-- read the following if you want the short version -- >> >>Hello. As you may or may not have seen, someone from Poland is >>infected with the Bugbear virus and is making it appear that >>e-mails are being sent from me. Do NOT respond or open ANY e-mail >>attachment from "warpobot@mrtangent.com" -- it's a spoofed e-mail >>and no such e-mail address exists at my mrtangent.com domain. >>DELETE the e-mail AND attachment immediately if you get an e-mail >>from "warpbot@mrtangent.com". >> >>-- keep reading if you want the full story -- >> >>I'm in the process of investigating, but what I can ascertain 1) >>someone from Poland is either spoofing my e-mail address, and >>sending a fake "warpbot/warp records" mail that also contains a >>virus (don't open the attachment!) or 2) someone from Poland is >>genuinely not trying to spoof my address, and has somehow been >>infected with this Bugbear virus and is being an unwitting victim >>in propagating the virus (and the virus for some reason is choosing >>my domain as the spoof source). >> >>Apparently the Bugbear virus looks through the contact book of the >>infected person's e-mail client and chooses a random domain >>(mrtangent.com in this instance) and a random name (warpbot in this >>instance) and then a random message from his or her in-box. It >>then sends this new e-mail AND VIRUS to everyone in the infected >>person's address book (including mailing lists, apparently), thus >>continuing the infection process. >> >>I wrote to my domain provider (for mrtangent.com) earlier and he >>assures me that no spam/spoofed e-mails or viruses are going >>through their mail server. >> >>I'm running Mac OS X, so there is very little chance I'm personally >>infected. I've also ran Virex (with current virus definitions as of >>today) and there is absolutely no viruses on my Macintosh. There >>is also no "warpbot" address on my mrtangent.com domain (I checked >>to see if I had been compromised). >> >>I apologize for any inconveniences this has caused but >>unfortunately the virus is spoofing my address and there's no way I >>can do anything about it since the e-mail is not technically going >>through my mail server (the e-mail is NOT from mrtangent.com, I >>assure you). >> >>Here is the full headers in case anyone is curious. This proves >>the e-mail is originating from someone in Poland (nickname "Adax" >>apparently): >> >>Return-Path: <warpbot@mrtangent.com> >>Received: (qmail 63185 invoked from network); 6 Jun 2003 17:49:34 -0000 >>Received: from ns2.tele2.pl (213.173.209.71) >>by taz3.hyperreal.org with SMTP; 6 Jun 2003 17:49:34 -0000 >>Received: from adax (host-81-118.tele2.pl [62.93.81.118]) >>by ns2.tele2.pl id h56HiuI22510; >>Fri, 6 Jun 2003 19:44:56 +0200 (MET DST) >>Date: Fri, 6 Jun 2003 19:44:56 +0200 (MET DST) >>Message-Id: <200306061744.h56HiuI22510@ns2.tele2.pl> >>From: "Warpbot" <warpbot@mrtangent.com> >>Subject: Warp Records Mailing List Letter - 09/10/02 >>MIME-Version: 1.0 >>Content-Type: multipart/mixed; boundary="----------7M1O4BN2O27N21" >>X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >> >>If someone could forward this to the ambient and idm mailing lists >>I would appreciate it (since I'm not on them). Thank you and be >>SURE not to open ANY attachment you get as a result of this mess. >> >>-- >> >>Mr. Tangent [the binary police] >> >>"Ultimately, it boils down to one thing. Do you want to work for >>the machine, or do you want it to work for you?", Bob Shier, >>Teacher, in reference to Window's unreliability and preference of >>the Mac OS

-- http://www.ninjatune.net http://www.bigdada.com --------------------------------------------------------------------- To unsubscribe, e-mail: idm-unsubscribe@hyperreal.org For additional commands, e-mail: idm-help@hyperreal.org

I had a (not too) similar problem - some ****ard spammer used one of my domain names as the 'from' address for a bulk mailout; I went to check my email one evening only to find 35000+ bounced email messages. Luckily the guys in charge of my hosting were able to delete them all for me without me having to wade through them personally. but it was a real bummer. My domain is probably now on some blacklist, thanks to some ignorant tosser... john.. www.minimism.com www.namke.com --- At 21:53 08/06/2003 +0100, nethed wrote:

quoted 108 lines i've had similar experiences on my Mac OS X in the past week

>i've had similar experiences on my Mac OS X in the past week >and i'm not gonna go into detail, but if anyones had weird mail >from ninjatune... i didnt send it and we're looking into it. > >a few other housekeeping things i learned for macs... > >deleting and trashing mail doesnt mean its off the hardrive. >you gotta go into the attachments folder and delete from there >too. then you have to empty the trash on the desktop. > >i use the delete button more than the open to read the mail >button these days. > >nH > > > >At 9:23 pm +0200 7/6/03, ma_hovina wrote: >>just the same with this one: lofixxx@atom-heart.com >> >>i'm running OS X and not infected, but this eMail is used by someone from >>Poland i don't know. >> >>ma_hovina >> >> >> >>Am Samstag, 07.06.03, um 20:55 Uhr (Europe/Berlin) schrieb Mr. Tangent: >> >>>-- read the following if you want the short version -- >>> >>>Hello. As you may or may not have seen, someone from Poland is infected >>>with the Bugbear virus and is making it appear that e-mails are being >>>sent from me. Do NOT respond or open ANY e-mail attachment from >>>"warpobot@mrtangent.com" -- it's a spoofed e-mail and no such e-mail >>>address exists at my mrtangent.com domain. DELETE the e-mail AND >>>attachment immediately if you get an e-mail from "warpbot@mrtangent.com". >>> >>>-- keep reading if you want the full story -- >>> >>>I'm in the process of investigating, but what I can ascertain 1) someone >>>from Poland is either spoofing my e-mail address, and sending a fake >>>"warpbot/warp records" mail that also contains a virus (don't open the >>>attachment!) or 2) someone from Poland is genuinely not trying to spoof >>>my address, and has somehow been infected with this Bugbear virus and is >>>being an unwitting victim in propagating the virus (and the virus for >>>some reason is choosing my domain as the spoof source). >>> >>>Apparently the Bugbear virus looks through the contact book of the >>>infected person's e-mail client and chooses a random domain >>>(mrtangent.com in this instance) and a random name (warpbot in this >>>instance) and then a random message from his or her in-box. It then >>>sends this new e-mail AND VIRUS to everyone in the infected person's >>>address book (including mailing lists, apparently), thus continuing the >>>infection process. >>> >>>I wrote to my domain provider (for mrtangent.com) earlier and he assures >>>me that no spam/spoofed e-mails or viruses are going through their mail server. >>> >>>I'm running Mac OS X, so there is very little chance I'm personally >>>infected. I've also ran Virex (with current virus definitions as of >>>today) and there is absolutely no viruses on my Macintosh. There is >>>also no "warpbot" address on my mrtangent.com domain (I checked to see >>>if I had been compromised). >>> >>>I apologize for any inconveniences this has caused but unfortunately the >>>virus is spoofing my address and there's no way I can do anything about >>>it since the e-mail is not technically going through my mail server (the >>>e-mail is NOT from mrtangent.com, I assure you). >>> >>>Here is the full headers in case anyone is curious. This proves the >>>e-mail is originating from someone in Poland (nickname "Adax" apparently): >>> >>>Return-Path: <warpbot@mrtangent.com> >>>Received: (qmail 63185 invoked from network); 6 Jun 2003 17:49:34 -0000 >>>Received: from ns2.tele2.pl (213.173.209.71) >>>by taz3.hyperreal.org with SMTP; 6 Jun 2003 17:49:34 -0000 >>>Received: from adax (host-81-118.tele2.pl [62.93.81.118]) >>>by ns2.tele2.pl id h56HiuI22510; >>>Fri, 6 Jun 2003 19:44:56 +0200 (MET DST) >>>Date: Fri, 6 Jun 2003 19:44:56 +0200 (MET DST) >>>Message-Id: <200306061744.h56HiuI22510@ns2.tele2.pl> >>>From: "Warpbot" <warpbot@mrtangent.com> >>>Subject: Warp Records Mailing List Letter - 09/10/02 >>>MIME-Version: 1.0 >>>Content-Type: multipart/mixed; boundary="----------7M1O4BN2O27N21" >>>X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>> >>>If someone could forward this to the ambient and idm mailing lists I >>>would appreciate it (since I'm not on them). Thank you and be SURE not >>>to open ANY attachment you get as a result of this mess. >>> >>>-- >>> >>>Mr. Tangent [the binary police] >>> >>>"Ultimately, it boils down to one thing. Do you want to work for the >>>machine, or do you want it to work for you?", Bob Shier, Teacher, in >>>reference to Window's unreliability and preference of the Mac OS > > >-- >http://www.ninjatune.net >http://www.bigdada.com > >--------------------------------------------------------------------- >To unsubscribe, e-mail: idm-unsubscribe@hyperreal.org >For additional commands, e-mail: idm-help@hyperreal.org