August 19, 2003

I'm Getting Bombarded With ...

I'm Getting Bombarded With Virus E-mails: If you've received any suspicious-looking e-mail from me, please let me know in the comments. Thanks! UPDATE: OK, this is now driving me batshit. Hundreds of infected e-mails an hour, all "re: Thanks!" and "Wicked screensaver!" Is there a machete for this worm? If I have another day like today I am bound to leap over the backyard fence like a bearded, raccoon-eyed zombie and brain the neighbor's horrendous yapping dogs, just for reasons of Closure. Please prevent caninicide today, and help me find the "patch" or whatever you kids are calling it nowadays.

Posted by at August 19, 2003 01:18 PM
Comments

If what you're getting are bounceback messages from antivirus programs, the good news is that you're probably not infected.

The bad news is that your email address has probably been harvested from the Internet and is being "spoofed" as a bogus sender of infected email that is actually coming from bad guys somewhere else.

What you're getting are the the bounce-back messages from the antivirus armor on the recipients' machines.

Further explanation here:

http://www.msnbc.com/news/954470.asp?0cv=CB20

Posted by: Mark at August 19, 2003 02:06 PM

I got a "suspicious-looking e-mail" from you. It said you were interested in "getting buzy with a goat." Is that what you're talking about?

Posted by: Ken Layne at August 19, 2003 05:03 PM

I got a bounceback message that I supposedly sent to someone at Vegetarian Dogs, whatever the heck that is. Thanks, Mark, for explaining why.

Posted by: Michael J. Totten at August 20, 2003 12:47 AM

Get messagefire.com... this stuff (and all the other spam) gets trapped by their server and never makes it chez Welch. $35 a year for Sanity and Cleanliness.

Posted by: henry at August 20, 2003 05:02 AM

This appears to be one of the bigger weeks for this stuff. If you have a nerd in your life or you yourself are a nerd (rank Cadet or above), you can go to Symantec and download "fix" programs. These are not as up-to-date as their paid software, but they seemed to have flushed the voodoo from this machine. The Symantecs of the world seem to have reasoned that they can best serve their customers by getting rid of viruses on everyone's computers, because we're all so promiscuous now. In the digital sense.

And in terms of the karmic implications of all this:

It's a safe bet that the guys who do this are troll-like, undersexed, undersocialized bitter male loners who feel the world owes them something. But that's not a bad thing! We need a few of those around, because their skills are going to be really usefull in Ashcroft America. To put it another way, I like to imagine that Hillary Goddam Rosen woke up this morning, kissed her sweety on the brow, stumbled to the desk only to find that she couldn't get HER motherfucking computer to work, either.

Seriously, there's a column in this for you. The distributed, subterranean intelligence which is such an expensive irritation to us now could be a tremendous blessing when the revolution comes.

Posted by: Cridland at August 20, 2003 09:05 AM

Don't most of these miserable virus dorks come from Denmark or someplace like that? Could we maybe blow up Denmark?

Posted by: JFT at August 20, 2003 09:13 AM

start here:

http://www.symantec.com/avcenter/

I've been helped by fixblast.exe and fixwelch.exe.

Hey! I just noticed that! Tiny planet.

Posted by: Cridland at August 20, 2003 09:34 AM

I have had the same problem with my work email address and my website email address. Hundreds of failed delivery messages a day.

Posted by: John Cole at August 20, 2003 10:21 AM

As noted, you're probably not infected, but it doesn't hurt to check.

I'm riding this out with Cloudmark's Spamnet, which removes the bounceback messages from your Inbox to a trash folder. It's great if you've got broadband, but hellish doing the email download over dial-up before Cloudmark can trash it.

Posted by: Scott Chaffin at August 20, 2003 10:25 AM

It's gotten to the point of me getting close to 50 of these an hour. Re: Your Details. Re: Your Application. What do people on dial-up do?

I send you this in order to have your advice.

Posted by: for journalists is that our e-mail addresses are easy for spammers to get hold of. We could solve this problem by putting all spammers to death, but some bleading hearts think that would be going a bit far.

Posted by: Jeremy Lott at August 20, 2003 11:36 AM

Machete == the Mozilla Thunderbird mail client and its bayesian e-mail filter.

http://texturizer.net/thunderbird/

Posted by: Xipe at August 20, 2003 12:42 PM

I second the comment about Cloudmark SpamNet. It's a terrific program, and has saved me so much time and trouble. There are drawbacks to it, like that you have to be using full Outlook.

There isn't a quick or easy fix for this. Most of the infected e-mails aren't coming from your machine - they're coming from other infected users.

One thing you can do is to turn off the preview pane. A lot of these viruses can infect you if you have that turned on, even if you haven't opened up the message in its own window.

My recommendation? Get a good antivirus program (I use F-Secure, but there are lots of good ones out there, except for McAfee, which is pukey), get one of these spam filters like SpamNet, and hope for the best.

But if you _really_ wanna be safe from viruses, install Linux. I've just finished installing Mandrake Linux 9.1 (Vive la France!), and it was totally painless. I was surprised. And the KDE windowing environment (Linux people don't like to use the term "windows," even if that's what this is) is in purty and easy to use.

Posted by: Douglas Arellanes at August 20, 2003 01:07 PM

Email virus? What email virus? I would like to take this opportunity to be smug and self-righteous. Years ago I decided to never rely on anyone but myself to handle my email. So I set up an email server and added some safe-guards. I never get email viruses and I seldom get spam.

I offer the following to the blog world. Get a few bloggers together. Buy a low end computer with pooled money (around 500Mhz, 512Meg RAM, 20 to 40 gig drive, though faster is always better). A router/firewall would also be a good idea. Get internet access for it with a static ip address (check speakeasy.net in whatever area the physical computer would be located).

I'll set it up as a mail server for any number of domains. Someone will need to get Linux installed first, then I can remotely configure the system (unless they are local. I'm in the San Francisco Bay area).

Basic configuration would be this:

1. Each mail domain would have their own administrator who can add and delete email accounts.

2. SpamAssassin would score emails so you can easily skip the junk. Optionally, it can be configured to refuse extremely high scoring emails.

3. Dangerous file attachments would be refused (e.g. refusing pif and scr stops sobig.f).

4. Bounceback messages from stupid viruses would be automatically deleted so there is no need to deal with them.

I'll set this up for free. Well, I'd at least want credit. Who knows, maybe a business would see my good work and offer a real job (stranger things have happened).

Posted by: Rossz at August 20, 2003 01:27 PM

Perhaps this is the same thing that happened to me a few weeks back.

One of my addresses that's on one of my various sites got harvested by some spammer as a reply address.

Over the course of a week I got several hundred spam returned messages that I never sent.

No virus on my machine, though. Just someone using my email address to market important products to hundreds of thousands of needy computer users.

Posted by: Joel at August 20, 2003 08:03 PM

Last night I got over fifty of them every hour for about 5 hrs.and then it seems my provider got a handle on it (earthlink) and I haven't had one all day.

Posted by: David D at August 20, 2003 10:49 PM

Check this one out - I got a ton of them in my Inbox yesterday. I noticed a couple (the screensaver one, natch) infected with a virus.

The thing that spooked me - one e-mail was spoofed with an old e-mail address of mine from the attbi.com domain that was cancelled in April and sent it to my Yahoo acount (above). My best guess is that whoever propagated that virus is probably trolling comment sites (here, Rantburg, LGF) for e-mail addresses.

Has anyone else seen this?

Posted by: Roger Bournival at August 21, 2003 12:23 PM

Mark - Sorry, I posted before I read yours (doh!).

Posted by: Roger Bournival at August 21, 2003 12:26 PM

They are mining our web sites. I use Symantec and it seems to be working. I did have that early EB Blaster; got rid of it by going to cntrl/alt/del and ending the task on it (stopped it from running) and then deleted it through the task bar from the start menu.

I think the entire web is hit today because it is slow, slow, slow. I use cable TV for internet and they supposedly fixed their server three days ago which might help too.

Posted by: Howard Veot at August 21, 2003 04:39 PM

This crap is getting by Norton anti-virus on my machine, in the sense that it strips out the virus attachment but still passes the rest of the message through, so I had to setup some filters to can the rest of the messages.

We should probably prevail on Os to install Spam Assassin on Nothing Special and let it handle this kinda stuff.

Posted by: Richard Bennett at August 22, 2003 04:34 AM
Post a comment









Remember personal info?






= true; } else { document.comments_form.bakecookie[1].checked = true; } //--> /body> e { document.comments_form.bakecookie[1].checked = true; } //--> /body> ments_form.bakecookie[1].checked = true; } //--> = true; } else { document.comments_form.bakecookie[1].checked = true; } //--> /body>