Help with virus that is killing me

Discussion in 'malware problems & news' started by JayK, Jan 5, 2003.

Thread Status:
Not open for further replies.
  1. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I've being bombarded by virus email from one source. I'm getting about 4-5 per day and it's bugging me since it filling my email account..

    The virus is klez h.. Any sugguestions on what I can do?
    The from header is forged, so the best i can do is trace it to the mailserver.

    What should I do?

    Help..
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Well, you could start by telling us what email and AV program you're using; whether you're using anything like MailWasher; whether you've checked with your provider to see if they offer any kind of server AV service.... Pete
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi JayK

    Sounds familiar for me. I got excellent advices from Wilders. I downloaded "SpamPunisher". It´s a tool for tracing email source, wheather it is forged or not. It is not your fault if it is forged, so if you even try to report for email viruses and spam as well, you have done no wrong. ISP`s are mostly friendly and grateful for reports. They do take appropriate measures. But, if it happens to be forged, you even tried....

    But sure you have to always think that the sender might not have sent the worm purpously, poor him/her too.

    Without any special software like SpamPunisher do like this way :

    1. So, you need full headers of the email first, the best for that is ofcourse, how come, MailWasher. If it doesn´t support your email account for a reason or another, take a look if your email account itself have the option " show full headers ". Copy and paste full headers on a fresh email you compose.

    2. Pick the first IP # shown between [ ]. go finding out who is ISP for this particular IP, I use this:
    http://www.dnsstuff.com

    3. Pick the abuse email address on " to" field.

    4. Add this text as subject: One of your users is sending SPAM! ( as well viruses, worms, trying to access your computer etc)

    5. Add this text as first line on the email :
    One of your users is sending SPAM. Take appropriate measures, please.

    6. Send the email, keep copy of it just in case.

    You will have an answer

    Be well *Ari*

    SpamPunisher:
    http://www.techtv.com/callforhelp/freefile/story/0,24330,3367334,00.html
     
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I guess I'm not clear about what I'm asking...

    I'm not in any danger of being infected (er..let's see a 100K+ file with a scr,pif attachments, wow I better open it!!) , so knowing what AV I'm using doesnt seem relevant.

    Knowing what email client I use (as long as it's not Outlook) is not relevant either. Sure I can do filtering even by headers before download, but that doesn't stop my mail account at the server from being flooded.

    Mailwasher doesn't help too. Sure I don't need to download the email, but it still clogs my email account ..

    Krusty

    Thanks for your advice. I already know the stuff you mentioned. I'm even certain (as certain as you can be by studying the return path and automated spam checkers concur) which ISP (hopefully it's his ISP and not that an open relay) to complain to, what I need is advice on the wording of the complaint.

    I don't think a general spam complaint email is going to cut it, since this is virus mail? Do you think I should attach all the virus mails too? Probably without the attachments..
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    JayK,

    A short, factual text will do, written under a copy and paste from the full header, send it to abuse@ispname.

    Indeed - just mention you can provide them if necessary.

    regards.

    paul
     
  6. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    For months I had the same problem, x-infected emails, all the same, on one day, day in day out.

    Have killed all emails directly on the email-server itself, and the problem was solved.
     
  7. Adiel

    Adiel Guest

    It depends on what kind of service you are using...i mean i use hotmail and i was having the same problem..so i created a "custom filter"..because all those mails coming to me had something common in thier subject..so i told hotmail to delete immediately all those mails that have these words in thier subject..now my life is much better...but as i said it depends on your mail service that they provide you with this option or not...
     
  8. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Krusty:

    Well your post helped me. [not from the virus point, but getting that program for tracing email headers.]

    Will get it when I get home and check it out. :) Thanks!

    The thing I don't understand is why ISP's do not filter emails with such OBVIOUS viruses like Klez. I really can't!!

    My ISP filters out stuff for me and I have ever only actually had 1 virus hit my inbox [promptly picked up by AV and deleted almost instantly].

    I have had plenty of emails delivered of course but always with infected attachments deleted. Never see them. Just a notification of such and such a virus deleted.

    Anyway, Krusty nice post.
    Cheers.
     
  9. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    As long internet excists there is a discussion about why an ISP filters or filters not emails on dangerous stuff.

    Personally I don't care about (not) filtering emails by my ISP because I'm well-protected (I think ;) ),but IMO should EVERY ISP offer the possibility to filter emails.
     
  10. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI Smokey.

    Yes, they should, but even if there is debate on the pros/cons of ISP's being "watchdogs" for YOUR email, they should at least filter the obvious virri out first.

    I mean Klez, come on, even Stevie Wonder could "see" those coming.

    I can understand if people get "suspicious" attachments deleted without their express permission, but a vast majority of stuff that was deleted by my ISP were from people I did not even know, so could not care less.

    However, that's just me, I really do not get anywhere near as many emails as some may, and it does not effect me to any extent at all.

    Although having said that, I have tried to submit a suspicious attachment to my AV vendor once, only to have an email come back from THEM that a suspicious attachment was deleted, would I care to resend it, lol. Until I learnt I had to send it internally from the program itself. It went out ok but was benign, anyway.

    Cheers.
     
  11. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Just a little note about some of the discussion here.
    Recently my ISP(a small, local outfit), installed a proxy server, an AV program for emails, and installed spam filtering software. The nice feature he added for spam filtering is that it adds "Possible Spam" to the Subject line.
    To me thats a nice compromise between doing nothing, and arbitrarily junking my email that might possibly be spam.
    In Poco, I can have that keyword sent automatically to the junk folder, and I can quickly go thru that folder every day or so and make sure it didn't junk something I need to see.
    A point I would like to make is, if my small local ISP can spend the time and money to try to give me a little added protection, so can yours. You can email them and ask for such features and maybe they will listen.
    In a newsletter from MY ISP recently, he stated that their trouble calls from virus infestations had dropped dramatically since installing the AV protection.
     
  12. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi root:

    Yep, now THAT would be a nice compromise.

    At least it would "alert" you to possible trouble, but at the same time not delete anything you may deem to be necessary and wanted.

    Cheers.
     
Loading...
Thread Status:
Not open for further replies.