d-mute worm???

borg · Post by **borg** » Fri Aug 06, 2004 5:18 am

just received an email from d-mute with nothing more than an attachment 'information.scr' .
i suspect this is not what it seems it is, so i dumped the mail in the bin right away.

anyone else?

Immanuel · Post by **Immanuel** » Fri Aug 06, 2004 5:21 am

I get shit from all over the world almost daily.
The thing is, that unless you are pretty much into MIME codes, you will probably have no idea, wether it was sent from D-Mute. Could come from anyone with you and d-mute in his address book (or other ways).

outlook sucks

valis · Post by **valis** » Fri Aug 06, 2004 5:39 am

Unfortunately MS products aren't the only ones with vulnerabilities, they just currently present the largest bullseye for script kiddies & spammers to compromise.

Most of these worms will scan your address book and several other common info storage locations looking for such info, and Immanuel is correct in that they typically disguise themselves as coming from a random email address in their pool of info they've gathered.

MaoMusique · Post by **MaoMusique** » Fri Aug 06, 2004 7:49 am

It's exactly that.
Check your machine, Because virus used your address and that of D-Mute.
A person possessing these 2 addresses is needed, Or you or d-mute or other.
@+

D-Mute · Post by **D-Mute** » Fri Aug 06, 2004 9:38 am

All our computers are regularly scanned for virus...no virus found yet...

But it could be a good name for a new device

Loup

at0m · Post by **at0m** » Sat Aug 07, 2004 9:21 am

Been getting similar emails lately, but from user AT spacef to at0mic AT telenet .be .
I asked Mehdi, but that user doesn't exist. Anyone have both adresses in their adressbook? If so, check your machine for the Win32/Bagle.AG@mm virus, it just won't stop emailing me.

All viri by email are blocked by my provider btw, I just get the reports ( no headers or IP in there...) Maybe I should switch the filter off, check the originator's IP and see if he's got the Messenger Service running. Finally a good use to that service

Mehdi_T · Post by **Mehdi_T** » Sat Aug 07, 2004 5:42 pm

yeah, the spacef.com e mails do not exist anymore, or at least, I do not manage them anymore (they shouldn't exist, i doubt someone else is using them anyway).
+ I ran AVG and Norton antivirus, after viri database upgrade, and I have no virus on any of my machines ...
+ my email adress book begins with user with no email (blank) so a mass mailer should not work (if i beleive a trick given by atomic if i remember well)
In the past I even received virii from planetz emails or other scope developpers & designers.
I do not know where it comes from

[ This Message was edited by: Mehdi_T on 2004-08-07 18:52 ]

at0m · Post by **at0m** » Sat Aug 07, 2004 11:11 pm

It's them machines, Mehdi, them machines

Mehdi_T · Post by **Mehdi_T** » Sun Aug 08, 2004 3:58 pm

and when you think you control them...
Nice idea for a device name though (Atomic-Terminator.dev , the rise of the machine )
(Still haven't found what it could be though but if you have an idea....

)

[ This Message was edited by: Mehdi_T on 2004-08-08 18:56 ]

Immanuel · Post by **Immanuel** » Mon Aug 09, 2004 1:46 am

Saw tooth tremolo, which distorts more and more when reaching the end of it's cycle - also, if it is saw down. Slow speeds needed.

I never thought of this before, and I am shure some good Modularian could do it pretty easily, but that was my idea, when you said Atomic-Terminator.dev

astroman · Post by **astroman** » Mon Aug 09, 2004 5:52 am

On 2004-08-08 16:58, Mehdi_T wrote:
...(Still haven't found what it could be though but if you have an idea....

if you run a mailserver you can fake any sender name AT somewhere.
It just doesn't co-relate with the sender's (as appearing in the fake) real IP adress, but who's looking down the complete trace ?

There is no special system behind this - it just happens by data collecting of spammers and clowns that those items are mixed up.
From time to time I receive a note about a bouncing email with a 'virus' sent by me to someone - I just ignore and trash the stuff.

cheers, tom

Mehdi_T · Post by **Mehdi_T** » Tue Aug 10, 2004 6:47 pm

http://www.lavasoftusa.com/software/adaware/
or download at http://www.download.com/3000-2144-10045 ... tag=button
finds and removes spyware, spammailer, suspect cookies etc..

samplaire · Post by **samplaire** » Wed Aug 11, 2004 12:14 pm

Ad aware works great (though it doesn't remove everything) but it's PC not Mac and Andy uses a MAc, I belive (though he's got a PC laptop?). I don't want to start another PC/Mac battle but surfing the internet is painless here. No worms, no trojans, no no. If you by chance try to open an email attachement it's 90% pif or exe or any other win32 stuff - it once occured to me to open such s**t and the only reaction was a warning "this is not a win32 compatible machine", hehe. In the last 6 years I had only ONE virus! No firewalls, no spyware checkers etc. While on my son's PC I had the sasser right after a fresh install and first internet connection!!! So if you want a trouble free browser-computer, buy an old iMac for, say, 200 bucks or so. You will live in a holy peace and silence, belive me. Aha! and I don't know about the OSX - it's better to have OS 9 or older. Please, don't read it as a PC/Mac war - it's only a suggestion...

valis · Post by **valis** » Wed Aug 11, 2004 1:00 pm

Lol, I've been using Pc's since 1987 (first compaq luggable) and I've yet to have a virus. In fact the only spyware I've ever had was installed by Real and AIM (aol instant messenger comes with WildTangent now). Also I should mention that I've never had a virus on any of my macs either... ;p

BingoTheClowno · Post by **BingoTheClowno** » Wed Aug 11, 2004 1:38 pm

I know in Outlook Express there is a Blocked Senders list option that allows anyone to ban an IP or domain name. This works very well for me at the moment. The first domain I added was the hotmail domain (lots of abusers came from there or they had their email address spoofed!).
But for spyware removal, try pcOrion (www.pcorion.com), Pest Patrol etc.

[ This Message was edited by: BingoTheClowno on 2004-08-11 14:43 ]

samplaire · Post by **samplaire** » Wed Aug 11, 2004 2:11 pm

On the PC I tried also SpyBot which is good but there is one thing that makes me sit down and cry: SearchAssistant - I was fighting it for the last 2 weeks with no results

. This makes me freeze wnen I type or read the name: SearchAssistant.... feeeeeee. You know what I'm talking about, don't you? The one that places insted of about:blank. It's like cancer - you have to clean your whole PC to get rid of it! If, say, there are 9 files/registry entries regarding it in your system then you have to remove all 9. Otherwise you get it rebuilt in a second!!!!

This SA is so annoying for many reasons: mainly because it reads the addresses you type as well as all the words you type in search engines and then it gives you constant popup adds regarding the things you typed. This resulted in my case in anti spyware ads! Funny, isn't it? No, for me not anymore

I have to format the disk and install all my son's games on the machine (20, 30 or so). So the advise about getting an iMac was from the depths of my heart, really. Oh, and the iMac is all in one machine (CPU+monitor)

samplaire · Post by **samplaire** » Wed Aug 11, 2004 2:13 pm

On 2004-08-11 14:38, BingoTheClowno wrote:
I know in Outlook Express there is a Blocked Senders list option that allows anyone to ban an IP or domain name. This works very well for me at the moment.

Good advise but there are more and more domains to be banned everyday. I thought it was mainly telestra in my case but now it gets different everyday...