From owner-freebsd-questions@FreeBSD.ORG Sun Sep 21 06:10:07 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3E1916A4BF; Sun, 21 Sep 2003 06:10:07 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 935AC43FFB; Sun, 21 Sep 2003 06:10:05 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h8LD9nJK049581 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 21 Sep 2003 14:10:00 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h8LD9mcJ049576; Sun, 21 Sep 2003 14:09:48 +0100 (BST) (envelope-from matthew) Date: Sun, 21 Sep 2003 14:09:48 +0100 From: Matthew Seaman To: Timothy Luoma Message-ID: <20030921130948.GA49370@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Timothy Luoma , "freebsd-mobile@freebsd.org" , "freebsd-questions@freebsd.org" References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-10.5 required=5.0 tests=AWL,BAYES_01,EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, SUSPICIOUS_RECIPS,USER_AGENT_MUTT autolearn=ham version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: "freebsd-questions@freebsd.org" cc: "freebsd-mobile@freebsd.org" Subject: Re: Someone on list with latest virus? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Sep 2003 13:10:07 -0000 --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 21, 2003 at 08:25:25AM -0400, Timothy Luoma wrote: > This email address (freebsd@tntluoma.com) started to receive the virus no= t=20 > long after I used it to post to this freebsd-(questions|mobile). Since= =20 > the address was just created and has only been used for these two lists,= =20 > it seems a good guess that someone here is infected. >=20 > I don't know if the headers would be useful in tracking down who it is=20 > (may be more than one even) but here they are, FWIW. It's an interesting virus. Seems to hit people roughly proportionate to their exposure on usenet / the web / IRC / mailing lists. Which is targetting exactly the sort of articulate, outspoken person who would be the most likely to publicise fixes and complain to ISPs...=20 Anyhow, yes, it's quite likely there are several people on these lists who have been infected. Then there are the people who have access to a mail-to-news gateway carrying these lists, of which there are several archived on Google groups. And then there are people who have been hit through KaZaA or IRC or through a shared disk with an infected machine. If any one of those happens to have your e-mail address in a mailbox or similar file then you're going to get hit. See: http://www.sophos.com/virusinfo/analyses/w32gibef.html http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.h= tml (Although Symantec's estimate of the number of infections is laughable) Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/baMcdtESqEQa7a0RArLdAKCCf/k2EAhh41eDttWhx8PR53IuXwCfR+aX E2flPJ9Vb1aClj0Z/PYIOGE= =q85b -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0--