Mexico Connect
Forums  > General > General Forum


heathesq

May 23, 2004, 6:45 AM

Post #1 of 16 (14662 views)

Shortcut

Aggresive virii

Can't Post | Private Reply
How do you like my hacker latin? Anyway, for a week now I have been receiving intriging messages from strangers asking me to open a file. They are using my mexconnect address. If you do a reply, it turns out to be undeliverable and because I am curious I tested one and it was stopped by Norton.

Are others getting this stuff? Any way the Mexconnect wizards can block this?

Roger Heath



Papirex


May 23, 2004, 9:51 AM

Post #2 of 16 (14631 views)

Shortcut

Re: [heathesq] Aggresive virii

Can't Post | Private Reply
For the last week I have been receiving 2 to 4 messages per day containing viruses, via my Mexconnect Email address. Norton has caught them all. The first few had “Music” in the subject line. The next few had “Document” for the subject line. Then the next few had “Word document” for the subject line. Those first few Emails all contained the Netsky virus The last couple of them had a new subject line, but I have forgotten what it is, Norton did not specify what they contained, only that they would be harmful to my computer.

Norton recommended that I change my configuration preferences to automatically quarantine Email containing viruses, instead of giving me the option of quarantining them. I did that. Norton also provides a link so you can see which Email contains the virus. If you get a lot of Email, that is handy so you know which one to delete from your inbox.

I have been wondering if anyone else has been getting viruses sent to them via Mexconnect Mail too. I only use Mexconnect Email for my personal mail. I use Hotmail for my “throw away” address for registrations, credit card purchases, etc.

I have been concerned about how the vandal got my Mexconnect address. There are only two relatively distant relatives in my address book that have been a little irresponsible regarding Email. One of them signed me up for “Free movie tickets”, I get trash mail at least once a week now about how to get free tickets, with her name as the sender. The other person has signed me up to receive “ The prayer of the day, Poem of the day, latest urban myth of the day”, etc., also with her name as the sender. I have configured my Email client to automatically send their mail to the deleted items folder. I always open the deleted items folder to see what it contains before I delete everything in it. Once in a while there is something that I do want to save.

When Mexconnect first required registration, before the paid subscriptions started, several members immediately complained of receiving lots of spam via their Mexconnect accounts. It seemed obvious that someone was harvesting our addresses. I had listed my Mexconnect Email address in my personal profile. I immediately removed it, it was only up for one day. I did not receive any spam at that time via Mexconnect. I feel that if anyone wants to contact me, they can always send a private message using that feature in Mexconnect.

This is a little worrisome to me. I wonder if someone has figured out a new way to harvest Mexconnect Email addresses?

Rex


"The supreme happiness of life is the conviction that we are loved" - Victor Hugo


DavidMcL


May 23, 2004, 11:05 AM

Post #3 of 16 (14619 views)

Shortcut

Re: [RexC] Aggresive virii

Can't Post | Private Reply
Hola!

This is a repeat - with modifications - of an earlier virus.

However the question here is the apparent harvesting of email addresses and use of the mexconnect.com server to send spam mail.

The current practice is to not to harvest addresses - too time consuming.
Instead, random domain names - like mexconnect.com - are used as fake mail servers and then a program inserts a complete list of likely addresses in front of the @mexconnect.com address.
The program then identifies and removes addresses that do not get identified as non-existant. The resulting list is then used for continued spamming.

Thus your address may end up being used as a fake "sender" for spam. As well you may end up being the recipient of spam - even if you have NEVER used the address!. For example - in the extreme - I have some @mexconnect.com addresses that I reserved and have never been used. These addresses have "sent" spam emails, - to themselves!

This process is happening to Domain names everywhere - not just MXC.

Sadly, this type of activity will continue until the system gets around to forcing only legitimate addresses and mail servers to be allowed to pass through servers.

Until that utopian day arrives, the best defense is an effective anti-virus program - constantly updated to ensure current virus definitions AND a quality anti-spam program on your computer.

I have always championed Eudora for email over Outlook - and it now includes an effective and trainable spam filter system.


David
David McL
WebJefe

(This post was edited by DavidMcL on May 23, 2004, 11:10 AM)


wendy devlin

May 23, 2004, 12:02 PM

Post #4 of 16 (14602 views)

Shortcut

Re: [DavidMcL] Aggresive virii

Can't Post | Private Reply
David,is there any way to disable the Mexconnect E-mail when
not needed,or not wanted for the time being.

Thanks Wendy


Papirex


May 23, 2004, 1:21 PM

Post #5 of 16 (14587 views)

Shortcut

Re: [DavidMcL] Aggresive virii

Can't Post | Private Reply
Thanks for the reply David. It is a comfort, a small comfort, but a comfort none the less to believe that I haven’t been individually targeted. The attempts to infect my computer this past week have been so persistent, it was surprising.

Your advice regarding a person protecting their computer is good. I use Norton antivirus, Zone Alarm Pro, and Pest Patrol.. I keep them up to date and my subscriptions current. Whenever I run the Shields Up program to test my security, my computer always is invisible. It is a non existent computer to an attacker.

Of course the minute we let our guard down, the weasels will get in.

Rex
"The supreme happiness of life is the conviction that we are loved" - Victor Hugo


thfarrell


May 23, 2004, 2:40 PM

Post #6 of 16 (14569 views)

Shortcut

Re: [heathesq] Aggresive virii

Can't Post | Private Reply
Hi...

Several people have expressed this kind of worry:

> They are using my mexconnect address.

> messages per day containing viruses,
> via my Mexconnect Email address.

Typically, these messages are coming from the computer of someone you know, someone who has a virus on their computer. It is almost never a case of anyone being specifically targeted.

Imagine this scenario: You are "person B". Person A knows both B and C and has communicated with both of them via email. B and C may not know each other at all, or they might know each other well - doesn't matter.

Person A gets a virus on their computer. The virus scans Person A's computer for email addresses and finds B's address and C's as well. It then makes up a virus-laden message, randomly and automatically.

It then sends the message to Person B and puts Person C's return-address on it.

If Person B (or his/her company or email server) checks to see who sent it, they'll think, wrongly, that it came from Person C. They may even get in touch with C to scold them!

For example, say I've got both your mexconnect address and my Mom's on my computer, since I've corresponded with both of you. If *I* get this virus, you may get a message that *appears* to be from my Mom that says "important notice, please open right away!". If you know my Mom, you may open the message, since you think you know the sender.

Bottom line - never open attachments you don't expect in advance, even if they seem to be from someone you know. Check by phone or with a reply email to ask if the supposed sender is the actual sender.

tom
---
"Beauty is in the i of the Beholder"
(Julia Mandelbrot)


DavidMcL


May 23, 2004, 3:39 PM

Post #7 of 16 (14552 views)

Shortcut

Re: [RexC] Aggresive virii

Can't Post | Private Reply
This last week has been hell for everyone - the new virus was released a week ago on Saturday and since then I have been averaging around two hundered infected emails per day - but then my situation is a touch unique. The millions of dollars in lost productivity time for small businesses who do not have the assets to deal with type of problem is truly a crime.

David
David McL
WebJefe


DavidMcL


May 23, 2004, 3:41 PM

Post #8 of 16 (14550 views)

Shortcut

Re: [wendy devlin] Aggresive virii

Can't Post | Private Reply
Hola Wendy - I am not certain what you are specifically asking - let me know and I will see what can be accomplished from my end.

Saludos

David
David McL
WebJefe


DavidMcL


May 23, 2004, 3:42 PM

Post #9 of 16 (14550 views)

Shortcut

Re: [thfarrell] Aggresive virii

Can't Post | Private Reply
Excellent advice!

David
David McL
WebJefe


Esteban

May 23, 2004, 5:27 PM

Post #10 of 16 (14526 views)

Shortcut

Re: [DavidMcL] Aggresive virii

Can't Post | Private Reply
I think she may want to have her mexconnect mail forwarded to a null file... Is that possible?


lmaxine

May 23, 2004, 5:34 PM

Post #11 of 16 (14522 views)

Shortcut

Re: [heathesq] Aggresive virii

Can't Post | Private Reply
I'm getting lots of those on my Outlook prodigy address. Between Mailwasher and Norton, I've had no problem recognizing and getting rid of them.
"He upon whose heart the dust of Mexico has lain will find no peace in any other land." Malcolm Lowry


mepsi

May 23, 2004, 5:45 PM

Post #12 of 16 (14519 views)

Shortcut

Re: [DavidMcL] Aggresive virii

Can't Post |
I'm running 75 to 100 spam emails a day on Mexconnect. I've had to give up using it and I don't open anything that comes in unless it's from one of the few friends who doesn't have my primary email address.

By no means should any of you respond to this junk in any way, including "opt ouy" or "unsubscribe," both of which will alert the sender that they have reached a viable mail box.

David, did you get anything out of the email and website I sent you last week?

Monte


Papirex


May 24, 2004, 3:04 PM

Post #13 of 16 (14441 views)

Shortcut

Re: [DavidMcL] Aggresive virii

Can't Post | Private Reply
An interesting thing happened this afternoon. I woke my laptop up from hibernation, and a box immediately popped up. It was from Norton telling me that my computer had the Netsky virus. It said Norton could not repair it. It did not say it had been quarantined.

This was quite a surprise, as Norton has been picking off all the Emails I had been getting containing that virus last week. As I was reading the information, a larger page opened up from Symantec. It said they have created a repair program to remove the Netsky virus from computers.

There was a link to download the repair program, FxNetsky.exe at: http://securityresponse.symantec.com/avcenter/fxnetsky.exe The instructions said to download it to the desktop, or a file that can easily be found, or to removable media, known to be virus free. Since the file is only 111 KB, I downloaded it to a floppy. I think it might be a good disk to have on hand if these attacks keep up.

There were elaborate instructions for Administrators of networks, but for home users it was pretty straightforward. After downloading the program, disconnect from the Internet. ME and XP users must disable System Restore. Run the removal tool from the disk. Restart. Run the removal tool again. ME and XP users re-enable System Restore. Go online and run Live Update. When I ran live update, I was a little surprised that some updates were downloaded. I have automatic updates enabled, and Norton usually keeps my antivirus program updated with all current updates.

The strange part of all this was that each time I ran the removal disk, I got the message at finish that the Netsky virus was not found on my computer. Better safe than sorry anyway. I feel a little better now, knowing that I have the removal disk in case of a real infection.

I don’t know if someone that does not use Norton anti virus can use the removal disk or not. When I downloaded it, I was not asked for my key code, or any other ID. Maybe Symantec interrogated my PC, I don’t know. It might be worth a try to download it for anyone using a different anti virus program if your own program doesn’t come up with a fix for removing this virus. If nothing else, running this program may give you peace of mind, knowing you do not have this virus.

I hope no one needs to use this info, but maybe it will help someone.

Rex






"The supreme happiness of life is the conviction that we are loved" - Victor Hugo


Carol Schmidt


May 24, 2004, 10:04 PM

Post #14 of 16 (14398 views)

Shortcut

Re: [RexC] Aggresive virii

Can't Post | Private Reply
I'm having to share my partner's computer since mine has a virus that does not allow access to any virus repair software. Norton scans kept telling me I was fine, but I had small clues something was wrong--my delete key stopped working, I could no longer delete a page from the right hand upper X, etc.

Finally yesterday I got a notice that all my messages to friends and relatives on AOL were being rejected because I was a spammer, in nicer words. I couldn't even write to my sister!

I figured out my machine was sending out who knows how many emails via a virus and no wonder AOL stopped me. I tried Panda and various other recommended virus scan and repair programs but this virus won't let me into them.

I guess a visit to a repair person is ahead, next check. Until then, I'm on my partner's computer. What kind of monsters get their jollies out of creating and spreading viruses?

Carol Schmidt


Papirex


May 24, 2004, 10:46 PM

Post #15 of 16 (14394 views)

Shortcut

Re: [Carol Schmidt] Aggresive virii

Can't Post | Private Reply
Carol, I was having some of the same problems as you were having for the last two days before I got the message that I had the Netsky virus. It only happened when I clicked on the Links button on my home page though. Then everything but my curser froze. Clicking on the X in the upper right corner did nothing, etc.

I don’t know what OS you are using, but I use Windows 2000 Professional. It has The Task Manager function to exit programs that are not responding. I press the Ctrl/Alt/Delete keys, and it usually pops right up. It was taking 2 or 3 minutes for it to appear for the last couple of days. When I would click on the program that was not responding to end it, it was taking another 2 or 3 minutes before it would end. Frustrating.

Until I got the notice about the Netsky Fixtool today, I was thinking that I might need to use the Repair Console function in W2K to repair, or reload my OS. Everything is functioning normally now.

Since you do use Norton, you might want to download the Netsky Fixtool from Norton to a floppy using your partners computer (assuming it's not an Apple), then run it on your own computer. You start the program in the Control panel. I'm assuming that your curser still functions and that you can access and use the functions in Control Panel. I provided a link and simplified instructions on how to download and use the Fixtool in my post above.

Of course, you may not have the Netsky Virus, but if you do it will be removed. If not, at least you can rule it out as the cause of your problem.

Good luck, Rex


"The supreme happiness of life is the conviction that we are loved" - Victor Hugo

(This post was edited by RexC on May 24, 2004, 11:48 PM)


Papirex


May 25, 2004, 8:31 AM

Post #16 of 16 (14353 views)

Shortcut

Re: [Carol Schmidt] Aggresive virii

Can't Post | Private Reply
Sorry Carol, I meant to say that you start the Fixtool program using My computer, not The Control Panel. I should never write posts late at night.

Rex
"The supreme happiness of life is the conviction that we are loved" - Victor Hugo
 
 
Search for (advanced search) Powered by Gossamer Forum v.1.2.4