[vox-tech] cron - not at a different time

Mark K. Kim vox-tech@lists.lugod.org
Wed, 3 Mar 2004 13:42:12 -0800 (PST) 

It's not from the list.

I'm pretty sure it's someone on our list who got infected, though.  I,
too, received such trogen from lugod@livepenguin.com.  This trogen seems
to be shuffling various addresses together to come up with some clever
"From:" line that looks legit.

If any of you use Windows, has a bunch of LUGOD people's addresses in your
addressbook, and have someone from livepenguin.com in your addressbook,
you're the culprit.  Get a email trogen filter.

BTW, just 'cuz it's on the mailing archive doesn't necessarily mean it was
sent through the mailing list.  It just means the mailing archive received
the e-mail, and whatever method used to determine its legitness got
passed.

-Mark


On Wed, 3 Mar 2004, Peter Jay Salzman wrote:

> On Wed 03 Mar 04, 10:07 AM, Ken Bloom <kabloom@ucdavis.edu> said:
> >
> > >ps- is there a new virus?  all of a sudden, starting from last night
> > >i've gotten a huge ton of emails that say things like:
> > >
> > >   Arggghh, I hate plaintext!
> > >
> > >   Here is your excel file.
> > >
> > >   I don't bite, weah!
> > >
> > >   Your file is attached.
> > >
> > >i normally don't see viruses because i filter based on executable
> > >strings in every win32 executable.  but these viruses seem to be
> > >carrying .zip and .pif payloads which are getting past my filter.
> > >
> > >also, i just got a bounced email, with MY email address on it.  it said:
> > >
> > >   I know about you!
> > >
> > >and it was addressed to qmail@hollings.senate.gov, a US senator's
> > >office.  holy cow.  i sure hope the secret service doesn't come after
> > >me!   ;-)
> > >
> > >pete
> > >
> >
> > ClamAV is filtering that virus out for me. I installed ClamAV yesterday
> > morning to handle that problem - apparently the school's virus checker
> > hasn't updated to recognize that virus yet. I also got one from vox (which
> > I trust so I don't usually subject it to spam and virus filtering). Perhaps
> > we need a virus scanner on the lists even for subscribed members.
>
> ken,
>
> from vox?  or do you mean forged to look like it came from vox?  i don't
> recall seeing one from the list...
>
> i know how to filter based on attachment content (since the content is
> just part of the body).  i need to google for how you filter based on
> attachment name.  i don't recall there being any headers declaring the
> name of attachments...
>
> pete
>
>
> --
> Make everything as simple as possible, but no simpler.  -- Albert Einstein
> GPG Instructions: http://www.dirac.org/linux/gpg
> GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

-- 
Mark K. Kim
AIM: markus kimius
Homepage: http://www.cbreak.org/
Xanga: http://www.xanga.com/vindaci
Friendster: http://www.friendster.com/user.jsp?id=13046
PGP key fingerprint: 7324 BACA 53AD E504 A76E  5167 6822 94F0 F298 5DCE
PGP key available on the homepage