[vox-tech] cron - not at a different time

Ken Bloom vox-tech@lists.lugod.org
Wed, 3 Mar 2004 17:30:33 -0800


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Go read my other post. It's in the vox list archives. It came from the
list.

On Wed, Mar 03, 2004 at 01:42:12PM -0800, Mark K. Kim wrote:
> It's not from the list.
>=20
> I'm pretty sure it's someone on our list who got infected, though.  I,
> too, received such trogen from lugod@livepenguin.com.  This trogen seems
> to be shuffling various addresses together to come up with some clever
> "From:" line that looks legit.
>=20
> If any of you use Windows, has a bunch of LUGOD people's addresses in your
> addressbook, and have someone from livepenguin.com in your addressbook,
> you're the culprit.  Get a email trogen filter.
>=20
> BTW, just 'cuz it's on the mailing archive doesn't necessarily mean it was
> sent through the mailing list.  It just means the mailing archive received
> the e-mail, and whatever method used to determine its legitness got
> passed.
>=20
> -Mark
>=20
>=20
> On Wed, 3 Mar 2004, Peter Jay Salzman wrote:
>=20
> > On Wed 03 Mar 04, 10:07 AM, Ken Bloom <kabloom@ucdavis.edu> said:
> > >
> > > >ps- is there a new virus?  all of a sudden, starting from last night
> > > >i've gotten a huge ton of emails that say things like:
> > > >
> > > >   Arggghh, I hate plaintext!
> > > >
> > > >   Here is your excel file.
> > > >
> > > >   I don't bite, weah!
> > > >
> > > >   Your file is attached.
> > > >
> > > >i normally don't see viruses because i filter based on executable
> > > >strings in every win32 executable.  but these viruses seem to be
> > > >carrying .zip and .pif payloads which are getting past my filter.
> > > >
> > > >also, i just got a bounced email, with MY email address on it.  it s=
aid:
> > > >
> > > >   I know about you!
> > > >
> > > >and it was addressed to qmail@hollings.senate.gov, a US senator's
> > > >office.  holy cow.  i sure hope the secret service doesn't come after
> > > >me!   ;-)
> > > >
> > > >pete
> > > >
> > >
> > > ClamAV is filtering that virus out for me. I installed ClamAV yesterd=
ay
> > > morning to handle that problem - apparently the school's virus checker
> > > hasn't updated to recognize that virus yet. I also got one from vox (=
which
> > > I trust so I don't usually subject it to spam and virus filtering). P=
erhaps
> > > we need a virus scanner on the lists even for subscribed members.
> >
> > ken,
> >
> > from vox?  or do you mean forged to look like it came from vox?  i don't
> > recall seeing one from the list...
> >
> > i know how to filter based on attachment content (since the content is
> > just part of the body).  i need to google for how you filter based on
> > attachment name.  i don't recall there being any headers declaring the
> > name of attachments...
> >
> > pete
> >
> >
> > --
> > Make everything as simple as possible, but no simpler.  -- Albert Einst=
ein
> > GPG Instructions: http://www.dirac.org/linux/gpg
> > GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> >
>=20
> --=20
> Mark K. Kim
> AIM: markus kimius
> Homepage: http://www.cbreak.org/
> Xanga: http://www.xanga.com/vindaci
> Friendster: http://www.friendster.com/user.jsp?id=3D13046
> PGP key fingerprint: 7324 BACA 53AD E504 A76E  5167 6822 94F0 F298 5DCE
> PGP key available on the homepage
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org

--=20
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about=20
signing the key. ***** My computer can't give you viruses by email. ***

--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFARoa5lHapveKyytERAg8gAJ0YfI2P5/RhMUS76CTW1W7T9oz5HgCeM9Vn
lkMyAAANM6KReRQ3b2SKgEQ=
=TF4j
-----END PGP SIGNATURE-----

--xHFwDpU9dbj6ez1V--