179,854Messages
9,130Senders
30Years
342mboxes
Search · subject · body · from · to
Advanced search
reset

← back to listing · view thread

From:
john tuffen
To:
nethed , idm
Date:
Sun, 08 Jun 2003 22:03:32 +0100
Subject:
Re: [idm] RE: Someone is spoofing my domain/virus alert!
Msg-Id:
<5.2.0.9.0.20030608220048.00a71230@mail.namke.com>
In-Reply-To:
<a05200fb9bb094fde236b@[192.168.254.2]>
Mbox:
idm.0306.gz
I had a (not too) similar problem - some ****ard spammer used one of my domain names as the 'from' address for a bulk mailout; I went to check my email one evening only to find 35000+ bounced email messages. Luckily the guys in charge of my hosting were able to delete them all for me without me having to wade through them personally. but it was a real bummer. My domain is probably now on some blacklist, thanks to some ignorant tosser... john.. www.minimism.com www.namke.com --- At 21:53 08/06/2003 +0100, nethed wrote:
quoted 108 lines i've had similar experiences on my Mac OS X in the past week>i've had similar experiences on my Mac OS X in the past week >and i'm not gonna go into detail, but if anyones had weird mail >from ninjatune... i didnt send it and we're looking into it. > >a few other housekeeping things i learned for macs... > >deleting and trashing mail doesnt mean its off the hardrive. >you gotta go into the attachments folder and delete from there >too. then you have to empty the trash on the desktop. > >i use the delete button more than the open to read the mail >button these days. > >nH > > > >At 9:23 pm +0200 7/6/03, ma_hovina wrote: >>just the same with this one: lofixxx@atom-heart.com >> >>i'm running OS X and not infected, but this eMail is used by someone from >>Poland i don't know. >> >>ma_hovina >> >> >> >>Am Samstag, 07.06.03, um 20:55 Uhr (Europe/Berlin) schrieb Mr. Tangent: >> >>>-- read the following if you want the short version -- >>> >>>Hello. As you may or may not have seen, someone from Poland is infected >>>with the Bugbear virus and is making it appear that e-mails are being >>>sent from me. Do NOT respond or open ANY e-mail attachment from >>>"warpobot@mrtangent.com" -- it's a spoofed e-mail and no such e-mail >>>address exists at my mrtangent.com domain. DELETE the e-mail AND >>>attachment immediately if you get an e-mail from "warpbot@mrtangent.com". >>> >>>-- keep reading if you want the full story -- >>> >>>I'm in the process of investigating, but what I can ascertain 1) someone >>>from Poland is either spoofing my e-mail address, and sending a fake >>>"warpbot/warp records" mail that also contains a virus (don't open the >>>attachment!) or 2) someone from Poland is genuinely not trying to spoof >>>my address, and has somehow been infected with this Bugbear virus and is >>>being an unwitting victim in propagating the virus (and the virus for >>>some reason is choosing my domain as the spoof source). >>> >>>Apparently the Bugbear virus looks through the contact book of the >>>infected person's e-mail client and chooses a random domain >>>(mrtangent.com in this instance) and a random name (warpbot in this >>>instance) and then a random message from his or her in-box. It then >>>sends this new e-mail AND VIRUS to everyone in the infected person's >>>address book (including mailing lists, apparently), thus continuing the >>>infection process. >>> >>>I wrote to my domain provider (for mrtangent.com) earlier and he assures >>>me that no spam/spoofed e-mails or viruses are going through their mail server. >>> >>>I'm running Mac OS X, so there is very little chance I'm personally >>>infected. I've also ran Virex (with current virus definitions as of >>>today) and there is absolutely no viruses on my Macintosh. There is >>>also no "warpbot" address on my mrtangent.com domain (I checked to see >>>if I had been compromised). >>> >>>I apologize for any inconveniences this has caused but unfortunately the >>>virus is spoofing my address and there's no way I can do anything about >>>it since the e-mail is not technically going through my mail server (the >>>e-mail is NOT from mrtangent.com, I assure you). >>> >>>Here is the full headers in case anyone is curious. This proves the >>>e-mail is originating from someone in Poland (nickname "Adax" apparently): >>> >>>Return-Path: <warpbot@mrtangent.com> >>>Received: (qmail 63185 invoked from network); 6 Jun 2003 17:49:34 -0000 >>>Received: from ns2.tele2.pl (213.173.209.71) >>>by taz3.hyperreal.org with SMTP; 6 Jun 2003 17:49:34 -0000 >>>Received: from adax (host-81-118.tele2.pl [62.93.81.118]) >>>by ns2.tele2.pl id h56HiuI22510; >>>Fri, 6 Jun 2003 19:44:56 +0200 (MET DST) >>>Date: Fri, 6 Jun 2003 19:44:56 +0200 (MET DST) >>>Message-Id: <200306061744.h56HiuI22510@ns2.tele2.pl> >>>From: "Warpbot" <warpbot@mrtangent.com> >>>Subject: Warp Records Mailing List Letter - 09/10/02 >>>MIME-Version: 1.0 >>>Content-Type: multipart/mixed; boundary="----------7M1O4BN2O27N21" >>>X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>> >>>If someone could forward this to the ambient and idm mailing lists I >>>would appreciate it (since I'm not on them). Thank you and be SURE not >>>to open ANY attachment you get as a result of this mess. >>> >>>-- >>> >>>Mr. Tangent [the binary police] >>> >>>"Ultimately, it boils down to one thing. Do you want to work for the >>>machine, or do you want it to work for you?", Bob Shier, Teacher, in >>>reference to Window's unreliability and preference of the Mac OS > > >-- >http://www.ninjatune.net >http://www.bigdada.com > >--------------------------------------------------------------------- >To unsubscribe, e-mail: idm-unsubscribe@hyperreal.org >For additional commands, e-mail: idm-help@hyperreal.org