Email warning!!!

[BierHunter]

I'm sending this notice to please be careful!

I just received an email from jared@pelicanparts.com with an attachment that has no purpose that I can see.

I'm a network engineer/network security officer for the Dept of Defense. I get paranoid with this type of stuff.

After looking at the email header, I noticed this email was received by the pelicanparts email server and forwarded to me from maxstudio22.66-236-61-182.daf.concentric.net [66.236.61.182] Note...this is not the fault of Pelican Parts.

The attachment is "zeyti.zip" which contains the file "zeyti.exe"

As of the writing of this message, I have not yet been able to detect a virus according to the virus definitions of the current scanners.

However, that does not mean the file is not malicious. In college years ago I wrote a program that would wipe out a computer and not be detected. DO NOT OPEN ATTACHMENTS FROM PEOPLE YOU DON'T KNOW.

I'm still analyzing the attachment, but I wanted to give warning just in case. There was no reason for me to receive this email, so it raised a red flag.

Please be careful.


UPDATE: Just discovered W32.Novarg.A@mm inside the file. DO NOT OPEN THIS FILE. KILL IT IMMEDIATELY!

[widebody911]

I opened it and it didn't do anything to my system. Oh, wait:

/s2/thom $ uname -a
FreeBSD web1.calweb.com 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Fri Jun 13 09:55:28 PDT 2003 cslye@web1.calw
eb.com:/usr/src/sys/compile/SHELL i386

[anh911]

along these lines I got an email from "Paypal" yesterday asking me to click and confirm info etc. It was a spoof, sent it to paypal security and they are investigating.

[moazam]

I've been seeing this all day from different companies and users. Looks like some sort of new Windows virus.

Luckily I'm running Linux at work (Sun Java Desktop *go rah rah*) and I never use Outlook at home either.

[Reg]

There are many ebay or paypal emails out there that are bogus. For any of the computer users out here who may not know how to tell this, try checking "properties" on an email and then on the details tab. In here you will see the originating email address which shows you that it is not from paypal or ebay.

As per the file attachements, just as Bierhunter had said I never opening anything that I have ANY doubts about. I delete and then delete the deleted.

I have not received such an email but I hope Pelican gets this sorted soon with little time and effort or hopefully no troubles.

[Eugene at Pelican Parts]

Quote:

Originally posted by Reg
I have not received such an email but I hope Pelican gets this sorted soon with little time and effort or hopefully no troubles.

Thanks guys...

Wayne has been informed.

We'll keep you updated.

[ischmitz]

Quote:

Originally posted by BierHunter
After looking at the email header, I noticed this email was received by the pelicanparts email server and forwarded to me from maxstudio22.66-236-61-182.daf.concentric.net [66.236.61.182]

I seems like all Emails have the MAXSTUDIO in their header. My guess is that Jared has simply caught a virus and now his computer spreads it.

Ingo

[Tim Walsh]

yep yep happens alot.. thank god for pine.. if it can't read it it's either spam or a virus.

[masraum]

New worm spreading rapidly across Internet

Quote:

The worm, called "Mydoom" or "Novarg" by antivirus companies, appears to be an e-mail error message.

I saw these in my inbox all day long.

NEVER, NEVER, NEVER open messages that seem to have no rhyme or reason. If anything seems nonsensical about an email, even if it someone that you know don't open it. If it is from someone that you know then contact them and ask them if they sent it to you. As was said above these things will often look like they come from friends, but they probably didn't.

'MyDoom' Security Advice:

http://us.mcafee.com/virusInfo/default.asp?id=mydoom

http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

[Adam]

Thanks for the update, but...

Quote:

In college years ago I wrote a program that would wipe out a computer and not be detected.

[dd74]

Wayne - I received the same message as Bierhunter, but it came from "you."

I figured something was askew there. I forgot to tell you about it Saturday, though I meant to.

Hmmm...maybe I should have PM'd you as soon as I received it. I don't know, what do you think?

[nostatic]

I was feeling so left out running OSX, and just deleting the stuff that floated through the transom...and then I realized that my tabletPC was on and Outlook was running. Too late...so I got to play too!

And I had almost convinced myself to try another piece of MS technology (smartphone). Glad I came back to my senses. I'll run Palm or Symbian...

[Shuie]

I got the same virus in a email attachment this morning. It came from 'eurotech@.....', it wasnt from pelican. Norton did pick it up as soon as I got the email though. Update your virus defs.

[cstreit]

I've been getting "returned mails" from people I never sent to, and who aren't in my address book. I have an up-to-date Norton and no virus's from this mornings scan...

[Shuie]

Chris, Im getting the same thing. I thought I had been hit and my machine was sending out emails at will that were being rejected. Norton keeps catching them as they come in though

[jrdavid68]

Chris and Shuie - you are both the victims of the "spoofing" that the viruses do. Since the viurs gleans e-mail address from all sorts of users and uses them in the "From" and "Reply To' fields, when an e-mail gets rejected - guess where it goes!

So, somebody got infected, their machine used your address in the "From" field and sent out the virus to someone else who had protection in place to reject the message and the rejection goes to you.

[widebody911]

Quote:

Originally posted by cstreit
I've been getting "returned mails" from people I never sent to, and who aren't in my address book. I have an up-to-date Norton and no virus's from this mornings scan...

I wish the AV programs wouldn't do this - they know the address was spoofed, but I think they do it anyway as a subtle marketing ploy. At least don't send me back the entire freakin' infected attachment!

[Eric Coffey]

Quote:

Originally posted by moazam
I've been seeing this all day from different companies and users. Looks like some sort of new Windows virus.

Luckily I'm running Linux at work (Sun Java Desktop *go rah rah*) and I never use Outlook at home either.

Moazam, It's all your fault! Apparently, the whole reason this new virus is out there is because of a few angry Linux users. They are currently tied up in a legal battle with the company (CPO?), who's website is the target of the DoS attack the virus is scheduled to launch on Feb. 1.

[SpeedracerIndy]

This MyDoom virus that spoofs email addresses is slamming my mail server. I shut it down until I get home from work and install/update a filter. It infects a computer then replicates or sends itself to every email address in that persons address book. "they" are saying it might be the fastest spreading virus yet. More so than the Nimba, and others. From what I can see, it doesn't cause too much damage, jsut DOS attacks and junk email. I guess there are some though that are installing keystroke recorders with the virus, that can record various bit of personal info such as passwords and credit card info that you type in.

[juanbenae]

i knew jared was trouble.....