 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeArticlesDiving DestinationsLearning Scuba DivingMarine LifeMiscellaneousDiscussion GroupsGeneralScuba EquipmentScuba LocationsAustralian ScubaUK ScubaDirectoryScuba Clubs |
Scuba Forum / General / September 2003My e-mail address
As some may know, I've been having a terrible problem with my e-mail. Specifically, I've been getting so many messages from people infected with the W32.Swen.A virus that legitimate messages have bounced because I'm at my ISPs volume limits. Because of this, I've had to take extreme steps to block those messages. The good news is that the steps have been effective. The bad news is that they will block everybody not already in my address book on the ISP server. The worst news is that there's no way to copy my normal Outlook Express or Outlook addressbooks into the ISP server. I've got to do it manually. I'm putting people in the address book as quickly as possible, but until I've got everyone in, some of you may get bounced message notices. According to Earthlink, those that do, will receive some very simple form that, when complete, will allow your messages to be delivered. The theory is that spammers and virus invections won't fill out the forms. Friends will. In order to avoid disappointing Earthlink (not to mention me), if you get one of the messages, please fill out thr form. Anything important enough to send to me personally, is important enough for me to want to see it. If you don't get the message or fill out the form, all is not lost. Supposedly, I'll get a daily report on all messages diverted into a suspect folder and be able to retrieve those of value manually. It's a bother to everybody, but it's a necessary bother for me. -- Lee Bell, CID All the evidence points to the information being gathered from newsgroups. People who have not paid any attention to what everybody has been saying for the last two years and were stupid enough to open the attachment are the ones spreading it. The good news is that a twit on another group did just that and said he would reformat his computer to fix the problem. He hasn't been heard from in days. http://grc.com/dcom/intro.htm is one of the best places to see if you are part of the problem > As some may know, I've been having a terrible problem with my e-mail. > Specifically, I've been getting so many messages from people infected with [quoted text clipped - 22 lines] > -- > Lee Bell, CID > http://grc.com/dcom/intro.htm is one of the best places to see if you are > part of the problem /me smacks head on wall at the mention of "that" site being mentioned in a security related post. Gibson is nothing more than a self publicist with limited if any knowledge. "All the evidence points to the information being gathered from newsgroups." The virus searches through .dbx files amongst others so it gets its addresses that way. Usenet, normal email and so on use this format via Outlook Express so if the person has read the group the emails posted to it will be on their machine. rec.sport.rugby-union and several others i frequent also have the problem. My personal account now has near 2,000 messages (virus and bounce) and as a result is totally unusable. My yahoo-groups only email address had its first 4 today - the only way that got through is by people on the lists im on being infected and having the data mined. This microsoft site has their details and links to other AV makers pages with information: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/viru s/alerts/swen.asp To keep it on topic. Dive link, i returned from my weekend away of non diving (boat engine died) to delete 400 of the things. Managed a pityful 1 day of diving in all of september due to weather and boat problems. > > http://grc.com/dcom/intro.htm is one of the best places to see if you are > > part of the problem > > /me smacks head on wall at the mention of "that" site being mentioned in a > security related post. Gibson is nothing more than a self publicist with > limited if any knowledge. And you can document this in what way? > "All the evidence points to the information being gathered from newsgroups." > > The virus searches through .dbx files amongst others so it gets its > addresses that way. Usenet, normal email and so on use this format via > Outlook Express so if the person has read the group the emails posted to it > will be on their machine. Possibly but people who do not use Usenet are reporting *far* less problems. The two sites that I collect all the email for but don't use for usenet have barely been touched. > rec.sport.rugby-union and several others i frequent also have the problem. They all do. > My personal account now has near 2,000 messages (virus and bounce) and as a > result is totally unusable. My yahoo-groups only email address had its > first 4 today - the only way that got through is by people on the lists im > on being infected and having the data mined. 2000? You've hardly been touched. > This microsoft site has their details and links to other AV makers pages > with information: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ virus/alerts/swen.asp > To keep it on topic. Dive link, i returned from my weekend away of non > diving (boat engine died) to delete 400 of the things. Managed a pityful 1 > day of diving in all of september due to weather and boat problems. > Possibly but people who do not use Usenet are > reporting *far* less problems. I haven't received a single one of the infected emails... I receive tons of other spam each day though, but through judicious use of the blocked senders list, I've cut it down to just a few each day... Yeah, I'm blocking entire domains instead of just specific users, but I don't think I'm going to be receiving any legitimate email from anyone in some oddball .de domain anyway... >> http://grc.com/dcom/intro.htm is one of the best places to see if you are >> part of the problem >/me smacks head on wall at the mention of "that" site being mentioned in a >security related post. Gibson is nothing more than a self publicist with >limited if any knowledge. It's amazing how many people get a hard on the minute Gibson's name is mentioned. And how insignificant most of them are in comparison. He did Spinrite back in the 80s...you've done...??  SignatureJason O'Rourke www.jor.com > As some may know, I've been having a terrible problem with my e-mail. > Specifically, I've been getting so many messages from people infected with [quoted text clipped - 5 lines] > normal Outlook Express or Outlook addressbooks into the ISP server. I've > got to do it manually. Not to jump on you, but that's a shitty solution. In the past 4 days I've gotten 1573 virus emails, and every one of them has been easily filtered and dumped into the trash folder by 12 simple Outlook Express mail rules. They're easy to filter. I can give you more info if you want. Jon "Jon C" <jon@jonnythan.com> entertained us with: :Not to jump on you, but that's a shitty solution. In the past 4 days I've :gotten 1573 virus emails, and every one of them has been easily filtered and :dumped into the trash folder by 12 simple Outlook Express mail rules. :They're easy to filter. I can give you more info if you want. Where possible, it is better to filter them at the server, especially if you do not have a high speed connection. Even if you use Outlook Express to delete from the server, you still have to download all those headers. Now if I can only figure out how to filter them at the server. My ISP also pre-scans them, which makes it harder to filter. Dan Bracuk As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've got the inclination. The Best of Rec.Scuba http://www.pathcom.com/~bracuk/RecScuba/ Simple, a program like MailWasher will allow you to do all the filtering you need. http://www.firetrust.com/home/ > "Jon C" <jon@jonnythan.com> entertained us with: > :Not to jump on you, but that's a shitty solution. In the past 4 days I've [quoted text clipped - 17 lines] > http://www.newsfeeds.com - The #1 Newsgroup Service in the World! > -----== Over 100,000 Newsgroups - 19 Different Servers! =----- > Simple, a program like MailWasher will allow you to do all the filtering you > need. If I could filter on the name of the attachment, I could catch pretty much all the problem messages, but I can't. I could filter on anything with an attachment, but I get messages where the attachment is the essential element of the message. I've tried filtering on every combination of from and subject which helped, but still didn't catch messages that came through with no from line and/or no subject. Even if I could filter all of the message, it would not solve my problem. The volume of messages is exceeding my allowance and, before I can filter anything, my important messages are being bounced. FYI, I've also added a new email address as well. The new one is lee dot bell at ix dot netcom dot com instead of leebell at ix dot netcom dot com. I'll start accessing both addresses in the morning. Lee "Lee Bell" <leebell@ix.remove.netcom.com> entertained us with: :If I could filter on the name of the attachment, I could catch pretty much :all the problem messages, but I can't. They seem to be about as random as the senders and subjects. Not sure that would work. Dan Bracuk As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've got the inclination. The Best of Rec.Scuba http://www.pathcom.com/~bracuk/RecScuba/ > :If I could filter on the name of the attachment, I could catch pretty much > :all the problem messages, but I can't. > They seem to be about as random as the senders and subjects. Not sure that > would work. Most, if not all of the ones I'm getting are called Norton Antivirus Deleted1.txt If I could get rid of all messages contained that file, I would not worry about handling the rest. For what it's worth, I'm running a computer on my service pretty much 24/7 until this thing goes away. Earthlink can't or won't filter viruses at the server, not a good move for a major ISP. When I restricted mail to those in my address book, things actually got worse. I didn't have to separate my good mail from the bad because in only a few hours, I reached my limit and stopped getting any mail at all, good or bad. While no mail may be better than bad mail, it's not something I'm inclined to pay an ISP for. So, on the theory that it will take longer to fill my two 80 gig hard drives than to fill my 10 meg allocation on the ISP server, I'm letting everything through to the local level and deleting it here. The filter I built to help is now catching the majority of the virus originated messages. I just kept adding terms to it until it caught more than it let past. God help me if anybody names MS, Micorsoft, Administrator or anything similar actually sends me something important. Out of 49 messages received in the hour it took me to turn off the computer I use for personal stuff in the office and travel to the computer I use for personal stuff at home, it diverted 45 of them directly to the delete folder. Two of the remaining 4 were actually messages to me. 8^) Lee > Out of 49 messages received in the hour it >took me to turn off the computer I use for personal stuff in the office and >travel to the computer I use for personal stuff at home, it diverted 45 of >them directly to the delete folder. Two of the remaining 4 were actually >messages to me. 8^) That's what I'm doing, too. Any ideas about how this will eventually be resolved? -HW "Skip" Weldon Columbia, SC > That's what I'm doing, too. > Any ideas about how this will eventually be resolved? The guys I know that are in this business indicate that most viruses of this type have an expiration date. They eventually die of their own accord. Beyond that, I don't know. Tracking down the responsible party and cutting him or her up into very small pieces has a certain appeal. Lee > Tracking down the responsible party and cutting >him or her up into very small pieces has a certain appeal. Plan B would be to take him down to 120', cut his air hose, and let me watch. -HW "Skip" Weldon Columbia, SC It's too quick and does not provide enough personal interaction. -- Lee Bell, CID > > Tracking down the responsible party and cutting > >him or her up into very small pieces has a certain appeal. [quoted text clipped - 4 lines] > -HW "Skip" Weldon > Columbia, SC > It's too quick and does not provide enough personal interaction. Someone will be along shortly to point out that this is where the rebreather would come into its own... ...take them down to 120', chain them to the wreck, then sit back and watch... ...on a 12l (Alu 80) in blind panic mode should be about 10 - 20mins worth of fun!! Sure you can't get a day off Tuesday or Wednesday, Lee? ;-) CAS -- PADI AOW? Get Rescue Training on UKRS Course #1 - http://calumscott.port5.com/ukrs/rescue_diver_2003 Temperature @ Stoney? Find it or share it @ http://stoneytemps.port5.com/ "Lee Bell" <leebell@ix.netcom.com> entertained us with: :The guys I know that are in this business indicate that most viruses of this :type have an expiration date. Which has nothing to do with the current one. Dan Bracuk As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've got the inclination. The Best of Rec.Scuba http://www.pathcom.com/~bracuk/RecScuba/ > :The guys I know that are in this business indicate that most viruses of this > :type have an expiration date. > > Which has nothing to do with the current one. Do you know that or are you simply making it up? > > Out of 49 messages received in the hour it > >took me to turn off the computer I use for personal stuff in the office and [quoted text clipped - 7 lines] > -HW "Skip" Weldon > Columbia, SC boiling acid and/or napalm sounds good to me... >> Out of 49 messages received in the hour it >>took me to turn off the computer I use for personal stuff in the office and [quoted text clipped - 7 lines] > -HW "Skip" Weldon > Columbia, SC my filters are (1) if it isn't to me or one of my addresses - dump it (2) if it goes to the email address in my reply-to header - dump it (2) is temporarily necessary and will probably get removed in a week or two. DaveP. SignaturePretend to spank me -- I'm a pseudo-masochist! > "Jon C" <jon@jonnythan.com> entertained us with: > :Not to jump on you, but that's a shitty solution. In the past 4 days I've > :gotten 1573 virus emails, and every one of them has been easily filtered and > :dumped into the trash folder by 12 simple Outlook Express mail rules. > :They're easy to filter. I can give you more info if you want. It is a shitty solution, but it beats having messages I'm supposed to be receiving related to the Dive With Greg event bounce because my quota fills in less than an an hour, sometimes much less. The higher level of security blocks messages at the server, at least letting me retrive the ones I want before I delete the rest. Lee > > "Jon C" <jon@jonnythan.com> entertained us with: > > :Not to jump on you, but that's a shitty solution. In the past 4 days [quoted text clipped - 11 lines] > > Lee If you are on earthlink, you may find that the "suspect mail" goes into a folder that also uses up your quota. Signature--Chandler >> It is a shitty solution, but it beats having messages I'm supposed to be >> receiving related to the Dive With Greg event bounce because my quota fills >> in less than an an hour, sometimes much less. The higher level of security >> blocks messages at the server, at least letting me retrive the ones I want >> before I delete the rest. >If you are on earthlink, you may find that the "suspect mail" goes into >a folder that also uses up your quota. Yes, and if you're using Yahoo Mail, with the virus sending about 50 spams to me every 15 minutes, it fills up my mailbox, bouncing other messages back to sender. Plus, with Yahoo, there is no filter to delete spam at server, so even if I use filters, it backs up in my deleted file, which also fills my box. Yahoo's solution: Buy the premium service with more space. Not a bad business plan. (For Yahoo.) Of course, if I thought enough people would fall for that, I'd be more likely to buy their stock than their premium service. <grin> -HW "Skip" Weldon Columbia, SC "HW \"Skip\" Weldon" <skip5700@yahoo.com> entertained us with: :Yes, and if you're using Yahoo Mail, with the virus sending about 50 :spams to me every 15 minutes, it fills up my mailbox, bouncing other [quoted text clipped - 7 lines] :Of course, if I thought enough people would fall for that, I'd be more :likely to buy their stock than their premium service. <grin> I have a free Yahoo account and am grateful that they are willing to provide that service at no cost to me. I also think it is quite appropriate that they are willing to provide something better to those who are willing to pay for it. I don't see anybody falling for anything. Dan Bracuk As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've got the inclination. The Best of Rec.Scuba http://www.pathcom.com/~bracuk/RecScuba/ >:Yahoo's solution: Buy the premium service with more space. >:Not a bad business plan. (For Yahoo.) [quoted text clipped - 6 lines] >are willing to provide something better to those who are willing to pay for it. >I don't see anybody falling for anything. Hmm... maybe I'll rethink buying the stock. -HW "Skip" Weldon Columbia, SC >Not to jump on you, but that's a shitty solution. In the past 4 days I've >gotten 1573 virus emails, and every one of them has been easily filtered and >dumped into the trash folder by 12 simple Outlook Express mail rules. >They're easy to filter. I can give you more info if you want. I gotta laugh at your phrase "12 simple mail rules." When it takes that many to deal with a single worm, god help you by the end of the year. All real mail will be nuked by then. SignatureJason O'Rourke www.jor.com > >Not to jump on you, but that's a shitty solution. In the past 4 days I've > >gotten 1573 virus emails, and every one of them has been easily filtered and [quoted text clipped - 5 lines] > When it takes that many to deal with a single worm, god help you by > the end of the year. All real mail will be nuked by then. I laughed at that too, actually. The thing is that this particular virus has so many variations on the same email. I've filtered "Undeliverable to," "Undeliverable mail to," "Undelivered mail to," etc. > As some may know, I've been having a terrible problem with my e-mail. Me too. Some f'er cross-posted to half a dozen OT newsgroups. Why? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.