[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [APML] Virus with APML subject recieved...

To: "Discussion of Film Astrophotography" <astro-photo@seds.org>
Subject: Re: [APML] Virus with APML subject recieved...
From: "Jeff Crilly" <jlcphoto@myrealbox.com>
Date: Tue, 1 Jul 2003 20:06:54 -0700
List-Archive: <http://seds.org/mailman/private/astro-photo>
List-Help: <mailto:astro-photo-request@seds.org?subject=help>
List-Id: Discussion of Film Astrophotography <astro-photo.seds.org>
List-Post: <mailto:astro-photo@seds.org>
List-Subscribe: <http://seds.org/mailman/listinfo/astro-photo>,<mailto:astro-photo-request@seds.org?subject=subscribe>
List-Unsubscribe: <http://seds.org/mailman/listinfo/astro-photo>,<mailto:astro-photo-request@seds.org?subject=unsubscribe>
References: <200307011729.h61HTvhw028030@seds.lpl.arizona.edu>
Reply-To: Discussion of Film Astrophotography <astro-photo@seds.org>
Sender: astro-photo-bounces@seds.org

Hmm...

Another minor note that folks should maybe look out for...

It seems this message possibly originated from someone on "nextgentel.com"
in norway.  The mail.broadpark.no seems legit.  Dunno for sure, but
possibly someone in norway is infected?

Also, keep in mind that this virus sends using an SMTP client
built into it.. ie. you wont see these messages in your "sent" folder
if the virus sends it.

(Also, fwiw, the headers note 17:10 UTC as the time this was sent.
My event log says my computer was turned on at 11am local time,
which is 18:00 UTC.  I'm pretty sure my computer was when this
was propagating.)

An easy way to see if you are infected is to check if you have oddly 
named programs in your start menu.

More info here including a link to a removal tool...
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html



> Return-Path: <jlcphoto@wi.rr.com>
> Received: from mtiwmhc14 ([127.0.0.1]) by mtiwmhc14.worldnet.att.net
>           (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP
>           id <20030701171050.JIUL25972.mtiwmhc14.worldnet.att.net@mtiwmhc14>
>           for <astropix@worldnet.att.net>; Tue, 1 Jul 2003 17:10:50 +0000
> Received: from mtiwmhc14.worldnet.att.net ([127.0.0.1])
>           by mtiwmhc14.worldnet.att.net
>           (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP
>           id 
> <20030701170755.JAGN25972.mtiwmhc14.worldnet.att.net@mtiwmhc14.worldnet.att.net>
>           for <astropix@worldnet.att.net>; Tue, 1 Jul 2003 17:07:55 +0000
> Received: from mail.broadpark.no ([217.13.4.2])
>           by mtiwmhc14.worldnet.att.net (mtiwmhc14) with ESMTP
>           id <2003070117075411400q8g2fe>; Tue, 1 Jul 2003 17:07:54 +0000
> Received: from byteheaven (68.80-202-100.nextgentel.com [80.202.100.68])
> by mail.broadpark.no (Postfix) with SMTP
> id 349EB786D8; Tue,  1 Jul 2003 19:07:47 +0200 (MEST)
> From: "Jeff Crilly" <jlcphoto@wi.rr.com>
> Subject:  Re: [APML] Question re efficient use of film vs Quality
> Message-Id: <20030701170747.349EB786D8@mail.broadpark.no>
> Date: Tue,  1 Jul 2003 19:07:47 +0200 (MEST)
> To: undisclosed-recipients:;
> Mime-Version: 1.0
> Content-Type: multipart/mixed;

_______________________________________________
Astro-Photo mailing list
Astro-Photo@seds.org
http://seds.org/mailman/listinfo/astro-photo

Follow-Ups:
- Re: [APML] Virus with APML subject recieved...SOLVED?!
  - From: "Joachim Plocinski" <joachimp@broadpark.no>
- Re: [APML] Virus with APML subject recieved...
  - From: "westergren" <westergren@netzero.net>

References:
- [APML] Virus with APML subject recieved...
  - From: astropix@att.net

Prev by Author: Re: [APML] Virus with APML subject recieved...
Next by Author: Re: [APML] Virus with APML subject recieved...
Prev by thread: Re: [APML] Virus with APML subject recieved...
Next by thread: Re: [APML] Virus with APML subject recieved...
Index(es):
- Author
- Thread