Re: [PLUG] WARNING!!!

LeRoy Cressy on 25 Jan 2004 22:31:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] WARNING!!!

From: LeRoy Cressy <ldc@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] WARNING!!!

Date: Sun, 25 Jan 2004 17:29:13 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031107 Debian/1.5-3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Walt Mankowski wrote:
On Sun, Jan 25, 2004 at 02:58:28PM -0500, Stewart B Lone wrote:

Walt Mankowski wrote:

Interesting. I hadn't noticed that that message claimed to be from me. Of course this virus, and many like it, fake the sender address. I handle email on my Linux box using mutt, so there's no way I could have been infected by Bagle. Real messages from me to this list will always be signed by my GPG signature.

Walt
Hello Walt, I also got a message from my ISP today. The particulars are below if it helps:-

Thanks, but it doesn't help one bit. This virus FORGES EMAIL ADDRESSES. Including mine. I didn't send it. My box isn't infected. SOMEONE ELSE'S is.

Got it?

Walt
With the email address forging there must be a way to filter or block this worm. I noticed that the attached filename is random. I did a strings on both eoxmrx.exe and hgkykbhlx.exe.

I saw that both have the following strings that you could filter.

\bbeagle.exe beagle_beagle

These people who are both spamming and creating worms that harvest email addresses like this we must not blame the one who has had their address harvested. As a group we should block and help others who are being harassed by this menace.

- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ < FAX: 215-535-4285

gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA

For info on enigmail: http://lrcressy.com/linux/mozilla.pdf For info on gpg: http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFAFENCP+/m2oUBr+oRAs0nAKCWCVVGuQ40g9aOaldsvjE0XgyCsACeIGyK fw0/7P2R1YNIahiLOP+Z3pA= =ARTA -----END PGP SIGNATURE-----

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] WARNING!!!
From: gabriel rosenkoetter <gr@eclipsed.net>

References:

[PLUG] WARNING!!!
From: "Edmond Kerollis" <e.newed@verizon.net>

Re: [PLUG] WARNING!!!
From: Walt Mankowski <waltman@pobox.com>

Re: [PLUG] WARNING!!!
From: Stewart B Lone <592653589793238@snip.net>

Re: [PLUG] WARNING!!!
From: Walt Mankowski <waltman@pobox.com>

Prev by Date: Re: [PLUG] New thinkpad with sarge

Next by Date: Re: [PLUG] WARNING!!!

Previous by thread: Re: [PLUG] WARNING!!!

Next by thread: Re: [PLUG] WARNING!!!

Index(es):

Date

Thread