Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 21 Sep 2003 14:09:48 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Timothy Luoma <freebsd@tntluoma.com>
Cc:        "freebsd-mobile@freebsd.org" <freebsd-mobile@freebsd.org>
Subject:   Re: Someone on list with latest virus?
Message-ID:  <20030921130948.GA49370@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <oprvungnwenva4ua@smtpx.operamail.com>
References:  <oprvungnwenva4ua@smtpx.operamail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Sep 21, 2003 at 08:25:25AM -0400, Timothy Luoma wrote:

> This email address (freebsd@tntluoma.com) started to receive the virus no=
t=20
> long after I used it to post to this freebsd-(questions|mobile).  Since=
=20
> the address was just created and has only been used for these two lists,=
=20
> it seems a good guess that someone here is infected.
>=20
> I don't know if the headers would be useful in tracking down who it is=20
> (may be more than one even) but here they are, FWIW.

It's an interesting virus.  Seems to hit people roughly proportionate
to their exposure on usenet / the web / IRC / mailing lists.  Which is
targetting exactly the sort of articulate, outspoken person who would
be the most likely to publicise fixes and complain to ISPs...=20

Anyhow, yes, it's quite likely there are several people on these lists
who have been infected.  Then there are the people who have access to
a mail-to-news gateway carrying these lists, of which there are
several archived on Google groups.  And then there are people who have
been hit through KaZaA or IRC or through a shared disk with an
infected machine.  If any one of those happens to have your e-mail
address in a mailbox or similar file then you're going to get hit.

See:

    http://www.sophos.com/virusinfo/analyses/w32gibef.html

    http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.h=
tml

(Although Symantec's estimate of the number of infections is laughable)

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/baMcdtESqEQa7a0RArLdAKCCf/k2EAhh41eDttWhx8PR53IuXwCfR+aX
E2flPJ9Vb1aClj0Z/PYIOGE=
=q85b
-----END PGP SIGNATURE-----

--k+w/mQv8wyuph6w0--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030921130948.GA49370>