Date: Sun, 21 Sep 2003 14:09:48 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Timothy Luoma <freebsd@tntluoma.com> Cc: "freebsd-mobile@freebsd.org" <freebsd-mobile@freebsd.org> Subject: Re: Someone on list with latest virus? Message-ID: <20030921130948.GA49370@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <oprvungnwenva4ua@smtpx.operamail.com> References: <oprvungnwenva4ua@smtpx.operamail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 21, 2003 at 08:25:25AM -0400, Timothy Luoma wrote: > This email address (freebsd@tntluoma.com) started to receive the virus no= t=20 > long after I used it to post to this freebsd-(questions|mobile). Since= =20 > the address was just created and has only been used for these two lists,= =20 > it seems a good guess that someone here is infected. >=20 > I don't know if the headers would be useful in tracking down who it is=20 > (may be more than one even) but here they are, FWIW. It's an interesting virus. Seems to hit people roughly proportionate to their exposure on usenet / the web / IRC / mailing lists. Which is targetting exactly the sort of articulate, outspoken person who would be the most likely to publicise fixes and complain to ISPs...=20 Anyhow, yes, it's quite likely there are several people on these lists who have been infected. Then there are the people who have access to a mail-to-news gateway carrying these lists, of which there are several archived on Google groups. And then there are people who have been hit through KaZaA or IRC or through a shared disk with an infected machine. If any one of those happens to have your e-mail address in a mailbox or similar file then you're going to get hit. See: http://www.sophos.com/virusinfo/analyses/w32gibef.html http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.h= tml (Although Symantec's estimate of the number of infections is laughable) Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/baMcdtESqEQa7a0RArLdAKCCf/k2EAhh41eDttWhx8PR53IuXwCfR+aX E2flPJ9Vb1aClj0Z/PYIOGE= =q85b -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030921130948.GA49370>