re:W32NetSky@Bmm

Discussion in 'malware problems & news' started by spins4, Apr 16, 2004.

Thread Status:
Not open for further replies.
  1. spins4

    spins4 Registered Member

    Joined:
    Jan 25, 2004
    Posts:
    15
    Location:
    Ontario, Canada
    I keep getting returned emails from mail administrator like the one as follows:
    VIRUS ALERT
    Our content checker found
    viruses: W32/NetSky.B@mm [Orion], I-Worm.NetSky.b [AVP]
    banned name: details.doc.pif
    in email presumably from you (<deleted@sympatico.ca>), to the following recipient:
    -> [i]deleted[/i]@friscobay.com

    Please check your system for viruses,
    or ask your system administrator to do so.

    Delivery of the email was stopped!


    For your reference, here are headers from your email:
    ------------------------- BEGIN HEADERS -----------------------------
    Return-Path: <deleted@sympatico.ca>
    Received: from friscobay.com (CPE0060672d5147-CM400026201708.cpe.net.cable.rogers.com [24.103.36.72])
    by voyager.friscobay.com (Postfix) with SMTP id 0B250432342
    for <deleted@friscobay.com>; Wed, 14 Apr 2004 10:42:58 -0400 (EDT)
    From: deleted@sympatico.ca
    To: deleted@friscobay.com
    Subject: hello
    Date: Wed, 14 Apr 2004 10:42:48 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="33730127"
    Message-Id: <20040414144258.0B250432342@voyager.friscobay.com>
    -------------------------- END HEADERS ------------------------------



    --------------------------------------------------------------------------------


    Received: from friscobay.com (CPE0060672d5147-CM400026201708.cpe.net.cable.rogers.com [24.103.36.72])
    by voyager.friscobay.com (Postfix) with SMTP id 0B250432342
    for <deleted@friscobay.com>; Wed, 14 Apr 2004 10:42:58 -0400 (EDT)
    From: deleted@sympatico.ca
    To: deleted@friscobay.com
    Subject: hello
    Date: Wed, 14 Apr 2004 10:42:48 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="33730127"
    Message-Id: <20040414144258.0B250432342@voyager.friscobay.com>

    It comes with an attachment:"Delivery error report.dat(318 bytes)"
    No one has sent this email from my house, nor does the name sound familiar. I have scanned with NAV, and double checked with trend online and nothing has come re a netsky virus. Any ideas what this is? They come several times a week from recipients I don't know. Any ideas?
     
    Last edited by a moderator: Apr 16, 2004
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re: W32NetSky@Bmm

    Hi spins4,

    The problem is that someone that has your email-address stored on his computer is infected with this virus.
    This virus is capable of "spoofing" the sender address.
    In other words, it pretends to come from you, but in reality it comes from the infected computer.

    NOTE: This is why you should be more careful about posting your email-address. Some viruses are capable of getting addresses out of the Temporary internet files, where yours would end up if someone read the site where you posted it. That is why I removed the addresses in your post. The other one is that spambots could be active here as well.

    Regards,

    Pieter
     
  3. spins4

    spins4 Registered Member

    Joined:
    Jan 25, 2004
    Posts:
    15
    Location:
    Ontario, Canada
    Re: W32NetSky@Bmm

    Pieter - Can I block further emails from these people?? Can I stop it from happening again? Thankyou for your quick reply!
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re: W32NetSky@Bmm

    Hi spins4,

    Not much you can do about it.
    Blcoking mail from that server will probably effectively block emails from everyone using friscobay.com
    I think a spamfiltering application can be used to get rid of the viruswarning emails. Are you using one?

    Regards,

    Pieter
     
  5. spins4

    spins4 Registered Member

    Joined:
    Jan 25, 2004
    Posts:
    15
    Location:
    Ontario, Canada
    Re: W32NetSky@Bmm

    I'm using SpamBully so I'll try adding their address to the bounce.
     
Thread Status:
Not open for further replies.