1. This forum section is a read-only archive which contains old newsgroup posts. If you wish to post a query, please do so in one of our main forum sections (here). This way you will get a faster, better response from the members on Motherboard Point.

Email Virus, Its there But How Do U stop it

Discussion in 'Overclocking' started by Terrence, Sep 20, 2003.

  1. Terrence

    Terrence Guest

    Okay, i got the danm thing, spent all day gettin rid of it and preventing it
    from comming back on. now i still get those email, i over excceded my
    account twice in one day on hotmail. i cant exactly delete the account. Is
    there a way to stop the emails and still use outlook express? im going to
    try that mail washer, i hope it works with outlook. is there a patch or
    something to stop it, or do i have to hope whoever has the email address
    checks thier computer.....
    please any help is great, i dont need another 80 emails in 4 hours....
    Terrence, Sep 20, 2003
    1. Advertisements

  2. Terrence

    Phil Weldon Guest

    You don't need mail washer (and I'm not sure if it helps in most situation.)
    Make sure you have Norton Antivirus definitions from 19SEP03 or later. Set
    Norton Antivirus to 'Silent Delete' and download your messages whenever
    you're on line. 'Silent Delete' allows you to continue to use your computer
    with out the annoyance of having to deal with each infected e-mail
    separately. You will still have a slew of fake messages on your computer,
    but the infective package will have been deleted on both types of message.
    Your computer will be clean and your remote mail box will be emptied. Of
    course one of the reasons this works (so far) for me is that I have DSL and
    an always on internet connection, as well as Outlook always running on one
    system, so the dump and clean is working, but the results is still the
    mother of all spam, with real e-mail getting lost in the chaff. With
    Outlook you can write rules based on the content of the e-mail to divert the
    messages to other folders (I don't know if that works for Outlook Express,
    but your ISP likely offers some sort of anti spam in an e-mail program for
    free (Outlook runs about $100 stand alone [but you don't really need the
    latest and greatest version - Outlook 2000 ought to be pretty cheap or free,
    and security updates are still published {currently SP3}]).

    I underestimated the size of these infected e-mails originally; with a 100.4
    Kbyte verminal package you reach 5 or 10 Mbytes pretty quickly with the rate
    these message come in. The ISP's are going to be forced to stop the flow on
    their side or face collapse.

    Think about getting Outlook - it protected my system before Norton Antivirus
    could detect the worm.

    If I find any other solutions I'll post.

    Phil Weldon,
    Phil Weldon, Sep 20, 2003
    1. Advertisements

  3. Terrence

    Phil Weldon Guest

    Ok, with Outlook there is a simple rule generator that steps you through the
    process. Here's the rule I generated for the fake Microsoft HTML e-mail

    When message is downloaded
    IF the body of the message contains the exact words 'Run attached file'
    send to deleted messages folder.
    No exceptions.

    The deleted messages folder can be emptied with a click from a menu without
    ever seeing the messages (if that's what you want to do.) That rule has
    cleared about two thirds the clutter from my incomming e-mail.
    Unfortunately the variability in the fake 'Undeliverable -e-mail) messages
    great, but it is likely possible to reduce the rule to the presence of at
    least one phrase out of a list. For the moment, I am willing to forego
    legitimate 'Undeliverable e-mail) messages.

    It is likely that other e-mail programs have a similar capability, but
    Outlook is what I have and I know that security patches are pretty quickly
    published by Microsoft.

    Phil Weldon,
    Phil Weldon, Sep 20, 2003
  4. Terrence

    Winey Guest

    Winey, Sep 20, 2003
  5. Terrence

    Phil Weldon Guest

    The rule I'm using now for the fake 'Undeliverable e-mail' messages is

    When a e-mail message is download
    IF the body contains the word 'Undeliverable' or the word 'Undelivered'
    send to the 'Deleted Items' folder.
    No exceptions.

    Phil Weldon,
    Phil Weldon, Sep 20, 2003
  6. Terrence

    Thomas Guest

    Tnx for the idea, it's great!
    I just chose the option 'remove mail from server'

    Isn't that better, you think? Or does it give me an unwanted effect?

    Thomas, Sep 20, 2003
  7. Terrence

    Thomas Guest

    Hmm this unfortunately doesnt work for me, as i set my outlook express to
    'leave a copy of messages on server', since i want to be able to access mail
    both at work (through the internet) and at home...

    Thomas, Sep 20, 2003
  8. Terrence

    Phil Weldon Guest

    Chances are you will have to change that. The worm is spreading. I'm
    getting more than 50 infected messages an hour. Since the infective package
    is about 100 Kbytes, that fills a 10 Megabyte mailbox in two hours... if
    you're getting this many messages then your ISP will bounce legitimate
    e-mail when the box is full; you'll be forced to empty your box every 80 or
    so infected e-mail messages just to be able to receive ANY e-mail.

    Phil Weldon,
    Phil Weldon, Sep 20, 2003
  9. Terrence

    Phil Weldon Guest

    Well, my setup always removes the my e-mail from the server. The rules are
    just to keep my inbox from flooding. Unfortunately, the worm package seems
    to be producing more and more variants of the 'Undelivered e-mail' messages.
    My rules are only catching about two thirds of the bogus stuff; and now my
    volume is nearly 100 Worm.Automat.AGH infected emails per hour.

    With a little luck this worm will be so bad that ISP's will be forced to
    screen for viral and vermal material.

    Phil Weldon,
    Phil Weldon, Sep 20, 2003
  10. Terrence

    Thomas Guest

    I set up three rules in Outlook Express now, and i have caught about 46 of
    the 50 emails sent to me the last 90 minutes... I now chose to have the
    rules remove the virus mails from my server (ISP box), and still showing
    them in my inbox. I cant seem to select an option that simply evaporates the
    mail from both my server and local box. I made two rules, first one to
    remove from server, second one to delete locally, but i can get only one of
    the two to work. If i manually run the second rule, it DOES work. Strange
    program, the Express :p

    So now i run the rule to delete the mails from the remote box automatically,
    and run the rule to delete the mails manually...

    Thomas, Sep 20, 2003
  11. Terrence

    Arthur Hagen Guest

    If you change "screen for" to "offer screening for", I'm with you. There's
    valid reasons why some customers need to be able to get all email without
    exceptions -- this can be both for legal reasons, because a single false
    positive could have severe impacts, or because the user happens to be doing
    virus research or programming and NEEDS copies of viruses. Or they may
    simply be better admins than the ISP, and can configure filters with higher
    hit rate and fewer false positives. :)
    Enable it by default to catch all the stupid users who wouldn't know how to
    opt in, but give people the means to opt out of any filtering, and
    preferably also to be able to unquarantine any mail that turns out to be a
    false positive.

    By the way, the latest two worms have a worse impact because of Verisign's
    latest squatting of all .com and .net domains. What happens is that a virus
    infected user tries to send an email to [user]@[domain].com from
    [otheruser]@[otherdomain].com. Normally, before this, chances were good
    that the mail server would immediately reject the email if [domain].com did
    not exist, and the mail wouldn't even leave the infected user. Now, after
    Verisign's latest hijacking, the mail server gets lied to by Verisign's
    master DNS and told that the domain exists, and will accept it for the
    queue. When the queue is sent, the mail will go to Verisign's dummy server,
    who will reply that the [user] account doesn't exist. This in turn
    generates a bounce message to the fake [otheruser]@[otherdomain.com] in the
    Sender or Errors-To field of the email. This [otheruser] wonders what this
    bounce message is, and opens it. *boom* One more user infected, due to

    Someone should SUE THE HELL out of Verisign for doing this, as it was
    readily apparent to even people with mediocre tech skills that their actions
    would open for situations like this. THEY're partially responsible for the
    impact of the worms, and if they want to be registrar for top level domains,
    they should be _experts_ in the field, and can't claim ignorance.

    Symantec is also partially to blame, as their virus scanning plugins to mail
    servers bounces the worm back to the faked sender. Symantec KNOWS that for
    these worms, the sender is fake, but still bounces it. One might speculate
    that they do this because they WANT the worm spread as much as possible in
    order to sell more of their products through FUD. Bouncing viruses/worms to
    known fake senders should be at the very least called criminal negligence,
    and at worst a dangerous scam where they deliberately proliferate the worms.

    Because of 90% of all the worm emails I get now are from Symantec-controlled
    mail servers, I have decided to boycott Symantec until they mend their ways,
    and I recommend that others do the same. There's plenty of other
    alternatives, including McAffee (most configurable), Panda (least CPU use),
    F-Secure (fastest definition updates) and Norman (simple configuration).

    Arthur Hagen, Sep 20, 2003
  12. Terrence

    rob Guest

    as for hotmail there dont give a dam just like bill gates wankers ,there is
    loads comming in from hotmail i get just 2 from yahoo which is great ,well
    i know what to do and **** hotmail bag off shite ,you email them and there
    dont care ,all there say is download a anti virus software yeah i have
    norton 2003 i bet you do get 41 virus in a 30 min time scale bastard
    i hate the cunts ,
    rob, Sep 20, 2003
  13. Terrence

    Phil Weldon Guest

    What an intelligent response. Your systems AND brain are probably infected.

    Phil Weldon,

    Phil Weldon, Sep 20, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.