# Please reply ASAP... Virus help!



## CanadianGuy (Dec 2, 2003)

Hi everyone. I am worried that my computer may have a virus. I'm very computer literate, but I want some opinions. I recently installed Norton AntiVirus Pro 2004, and all was well until tonight. I have received over a hundred emails from sources unknown, which, in one way or another were "From:Mail Delivery System" and the subject was usually "Returned mail - see transcript" or "Delivery Failure".

Somehow, they claimed that my email address had sent them a virus. I know this is possible, but I did a system scan and also downloaded a fix for the [email protected] virus (NAV quarantined all the email attachments and they were all the "Swen" worm.)

So is this just a case of a rampant trojan horse that is making me believe that I have a virus, or what? Your input is greatly appreciated.

Thanks!


----------



## _mike_ (Dec 2, 2003)

Some viruses spoof who they are from. For example, it could be being generated by someone/or multiple people who has/have your e-mail address in their address book. The virus on the infected persons computer will take a random address from their address book and insert it as the "From" address. Then send out e-mail to other addresses in the address book whether they are valid or not .... viruses are not written to care about such matters. Consequently, e-mail that is sent out ..... possibly to addresses that do not exist will get bounced back to your address and land in your inbox.

This does not mean that you are not infected, it is just an explanation on how some viruses work. If your anti-virus program is up to date with the latest definitions and you have scanned your entire system and it comes out clean most likely you are ok. However, it's not a certainty that you are clean but it's really the only way to judge unless you want to get another anti-virus program for a second opinion.

Mike


----------



## Tomas (Dec 2, 2003)

[ QUOTE ]
[email protected] is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.

The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.

[/ QUOTE ]

Those deliver failure e-mails are probably the worm itself, not actualy delivery failures.

*SEE:* Symantec Page 

I get the same stuff, and I'm running systems that cannot even support the "MS worm/virus of the day." 

If your system checks clean, just get rid of the incoming crap. /ubbthreads/images/graemlins/smile.gif 







Previous swen threads on CPF: 
SWEN mail


----------



## CanadianGuy (Dec 2, 2003)

I don't understand why, but these just started coming in within the last day. It's hard to keep on top of all of them. I think someone has "spoofed" my email address, and now servers from around the world are returning messages to me (that I didn't even send) claiming that I have the virus. I hate computers... Well, I hate the hackers. They can burn in HE**.

Thanks


----------



## Tomas (Dec 2, 2003)

Yeah, you're probably right that you address got spoofed on someone else's machine, and some of those notices are actual notices. Like I said, I even get 'em. *sigh* 

I'm just glad I don't run a target system for any of those. /ubbthreads/images/graemlins/bowdown.gif 

My e-mail addresses probably filter out about 80 to 120 of that sort of stuff a day (at least that's what it was running last time I looked). 

Keep in mind that roughly 40 percent of network traffic is viruses, worms, and SPAM, and if they didn't exist, bandwidth could be a lot cheaper ...


----------



## CanadianGuy (Dec 2, 2003)

If you don't mind me asking. What programs are you running that doesn't make you a target? I'm always open to ideas on how to reduce certain risks. And I'm always trying to improve my system. However, I'm still using IE6 and OE6, and my hate for microsoft is growing by the day. Heheh...

I use programs like ad-aware, and I have a pop-up blocker called Proxomitron. It's difficult to set up, but it works great. I also have an email spam eraser that works on the "Bayesian" principle, so it learns as it goes along. It's called Spamihilator. It's great at catching the spam, but it "quarantines" it until I get around to checking for non-spam emails.

I understand there's probably no way to put it in a nutshell, so I don't expect you to try and list all the details, but any input would be great. Thank you.


----------



## Negeltu (Dec 2, 2003)

The virus takes addresses that are stored on infected machines and sends using those addresses as the source or return address. Probably someone you know or have emailed before..contracted the virus. /ubbthreads/images/graemlins/smile.gif


----------



## Negeltu (Dec 2, 2003)

Try Mozilla firebird for safer browsing.www.mozilla.org


----------



## Tomas (Dec 2, 2003)

CanadianGuy, my simple and straightforwad answer probably won't help you at all, so I'm reluctant to give it since some folks take it as a direct insult and get nasty.

Here it is, anyway: I don't use any Microsoft products.

That takes care of about 99.93% of the problem right there, since only about seven hundredths of one percent of the worms and viruses are aimed at non-Microsoft software. 







Virus/worm/ protective barrier.


----------



## brightnorm (Dec 2, 2003)

[ QUOTE ]
*Tomas said:*
...Keep in mind that roughly 40 percent of network traffic is viruses, worms, and SPAM, and if they didn't exist, bandwidth could be a lot cheaper ... 


[/ QUOTE ]

That is truly shocking, I had no idea. I hope that someday there will be a quick and reliable way to trace viruses, worms, etc back to the originating "evil doer".

Brightnorm


----------



## _mike_ (Dec 3, 2003)

I'm with Tomas, I do not use Microsoft products either.

Mike


----------



## snakebite (Dec 3, 2003)

if norton is updated just delete them or better yet if using a bayes filter just reclassify them as junk.
popfile learns quickly.


----------



## iddibhai (Dec 3, 2003)

speaking of which, current subscription on NAV2002 is about to expire (using sysworks02, of which nav02 is a part of). i have the option of buying sysworks03 (w/ nav03) for 24$ or just nav04 for 26$, both with 1yr subscription (OEM disks). is there a compelling reason to get nav04 vs nav03?


----------



## BB (Dec 3, 2003)

Here is a good article that probably discribes how come your are receiving so many spam/virus emails.

I will also copy the article below as Yahoo links can disappear.

But, in summary, I don't think you have any problem with your machine at this time.

-Bill
[ QUOTE ]

By Bernhard Warner, European Internet Correspondent 

LONDON (Reuters) - Security experts have identified what they suspect to be the biggest culprit behind that seemingly unceasing torrent of e-mail spam messages and computer virus outbreaks. 

The unwitting culprit, they say, is the home user with a broadband, or always-on, connection. In fact, it could be you. 

Viruses and related "worms" typically target computers that run on Microsoft Windows and have a high-speed broadband connection. In the past six months, a new generation of bug has emerged that contains a so-called "trojan" program which discreetly installs itself into the innards of the PC. 


An effective "trojan" gives the author near complete control of a victimized machine -- almost always a computer that is not equipped with proper firewall and security software. 


The result is that the computer becomes a "zombie" ready to carry out any nefarious command. 


Once hit, a computer user would never suspect that through their machines flow waves of spam and e-mail-borne viruses, experts say. 


Some machines have even been commandeered to participate in debilitating "denial of service" attacks, sending a flood of data requests capable of knocking an internet company offline. 


The fast-spreading Sobig.F virus this summer was the first to do this, experts said. 


CHURCH-GOERS CAUGHT IN THE ACT 


Suresh Ramasubramanian, manager of Hong Kong-based e-mail filtering company Outblaze, said the volume of spam his firm has intercepted has exploded since Sobig.F emerged in August. 


Increasingly, it appears to be average home users whose PCs send out discounts for Viagra and *****-enlargement offers. "These are your typical church-going people," he said. 


With countries outlawing spam and even setting criminal penalties and fines, some industry observers wonder if ordinary computer users will get caught up in a dragnet. 


"Almost a third of all spam is being sent from hijacked, innocent computers," said Graham Cluley, of British virus and spam-filtering firm Sophos. 


"What happens if it's actually grandma or little Timmy's computer sending out the spam?" 


ONLINE BLACKMAIL 


British police recently warned that crime syndicates, many in Eastern Europe, are using denial of service attacks (news - web sites) to blackmail businesses, threatening to knock them offline unless they pay a small fee. 


These groups are honing their virus-writing skills to build up an army of machines to use at their beck and call, investigators say. For now, sending spam through an affected machine is more common. 

It is one of a series of new tricks spammers and virus writers have devised to obscure their tracks. Known spammers are often blocked by spam filters, thus making it crucial to mask their identity through a computer user with a clean record. 

Steve Linford, founder of the spam-fighting organization The Spamhaus Project, said his firm has gathered evidence of spammers hosting Web sites that hawk everything from prescription drugs to pornographic images to Russian brides on hundreds of thousands of Internet-connected PCs. 

A spammers' Web site hops from infected computer to infected computer in a digital version of cat-and-mouse. Linford estimates the ranks of machines capable of piggy-backing sex sites and the like grows by 100,000 machines per week. 

"Every time we trace to a Viagra web site now, the site will change location, sometimes every five to 10 minutes," he said. "It's a very popular spamming method." 


[/ QUOTE ]


----------

