virus

As this morning's collection of virus-contaminated e-mails was clearing out of my internet service's isolation file, I fleetingly noticed that Kate Dicey's address was on one of them.

Since these messages are addressed to me, the likeliest scenario is that some low-life sociopath has hijacked Kate's address, rather than that her computer is infected, as I never get messages directly from her.

Still, Kate, best run a scan if you haven't done so recently.

I just now found my ISP's virus notification message for this transgression:

+OK 1531 octets Return-Path: Received: from psmtp.com (exprod5mx89.postini.com [64.18.0.77]) by mail3.cybermesa.com (8.12.11/8.12.10) with SMTP id j2BJEWDO019370 for ; Fri, 11 Mar 2005 12:14:35 -0700 Message-Id: Date: Fri, 11 Mar 2005 11:14:35 PST From: Cyber Mesa Support To: snipped-for-privacy@cybermesa.com Subject: Virus Detected! Status:

Dear Cyber Mesa Subscriber,

Our Virus Interception service has identified a probable virus in an email s ent to you. The message is in quarantine at the Message Center:

From: snipped-for-privacy@diceyhome.free-online.co.uk Subject: Re: Protected Mail Delivery Virus: W32/Netsky.p@MM!zip

Internet at Cyber Mesa Albuquerque Network Center

Tom Willmon Mountainair, (mid) New Mexico, USA

Net-Tamer V 1.12.0 - Registered

Unfortunately, the latest viruses forge the originator's address, so that might not help. More effective it would be for everybody who has any email from Kate in their mail folders or who has her in their address book to run a virus scan. :)

Tom, thanks for the heads-up. However, as Penny has noted below, the source of this malware is more likely to be another machine, either one infected already or a spammer who has harvested the domain name. You can read about this virus at the Mcafee Virus Information Library (link below):

points:

The worm harvests adresses from the infected system. The worm exploits an Internet Explorer vulnerability -

have IE, but it is not set as the default browser, Mozilla is. We have patched IE against this exploit (its more than a year old). We run current versions of Mcafee Virus Scan and Zone Alarm. Kate's account does not have administrator privileges. So I don't think the source is us (I'll run a scan though). You should note that only the domain (the part after the @ sign) is recognisably ours, the numeric account identifier is anonymous. Basically, the domain name has been used to give a spurious authenticity to the email. Any replies will be deleted unread, as they will end up in the spam-bucket where all emails with bad account names go.

Happens all the time, I'm afraid. Still, once I get my next little cyber widget in place...

Will do. Thanks for the heads up... Oh, I see Alan has caught it! Thanks, sweetie! :)

We have virus software and firewalls here: very little gets in that I don't invite! I also vet anything I don't know with Mailwasher. Look at the full headers, not just a 'from' address. Last coupla hundred times this happened it did not originate from here! ;)

I have gotten the ones from "diceyhome.free-online.co.uk" as well as some from "singerlady.reno.nv.us" which I know did not go out from my computer. Alan is right, of course, we reside in someone's Outlook or OE address book although I don't use M$ for mail. I use Eudora and Thunderbird for mail and news. I like Thunderbird so much, I might even switch over from Eudora for my mail.

I run Norton A-V plus a number of other security programs on my computer because I am on DSL. Two firewalls. That still doesn't mean that a new virus or worm won't ever get me, but they'll have to get up early.

In article , Melinda Meahan - take out TRASH to reply of uttered

But, of course, we all run those and keep our AV software up to date anyway? Don't we?