NavList:
A Community Devoted to the Preservation and Practice of Celestial Navigation and Other Methods of Traditional Wayfinding
Re: Warning: Virus Attacks "From" Webkahuna
From: Gerard Mittelstaedt
Date: 2004 Mar 22, 19:12 -0600
From: Gerard Mittelstaedt
Date: 2004 Mar 22, 19:12 -0600
Hi, The final note "from the Webkahuna team" matches a note on a series of virus/worm type attacks we've had at work lately. It seems that the worm/virus software can ferret out your domain name, and attach something sounding official to it to attempt to fool you into opening the viral payload. We run our own mail server, and have our own domain at work. The message you show below looks like the same sort of format as the one's we have been getting. Best advice... when in doubt, don't open it. I very much doubt that it is coming from Webkahuna at all. Gerard Mittelstaedt McAllen, TX Jared Sherman wrote: > > I hate to mention viruses on any list but I just received what sure LOOKED > like a legitimate "returned mail" from the Nav-L list server, WEBKAHUNA, > which claimed it was rejecting my posts because too many of them contained > viruses. (Knock wood, I've always managed to keep a clean system, going on > 20 years now.) > > I can guess that "every" member of the list will get this message, it is a > very common spoof but folks keep falling for it...so PLEASE, IF YOU GET A > MESSAGE LIKE THIS, DO NOT OPEN THE ATTACHMENT! > > It is probably being sent out by a LIST MEMBER who is unaware their computer > is a "zombie" running attack software. > > ==================================================== > > Return-Path:> Received: from tugen (catv-5062c994.catv.broadband.hu [80.98.201.148]) > by aloha.webkahuna.com (8.11.4/8.11.4) with SMTP id i2MJXvC06220 > for <20040321233658.RLKY8554.viefep16-int.chello.at@olelo.webkahuna.com>; > Mon, 22 Mar 2004 13:33:57 -0600 > Date: Mon, 22 Mar 2004 20:38:54 +0100 > To: 20040321233658.RLKY8554.viefep16-int.chello.at@olelo.webkahuna.com > Subject: Notify about using the e-mail account. > From: support@webkahuna.com > Message-ID: > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------rrxfqmxqyjjcfdprkuvb" > > ----------rrxfqmxqyjjcfdprkuvb > Content-Type: text/plain; charset="us-ascii" > Content-Transfer-Encoding: 7bit > > Hello user of Webkahuna.com e-mail server, > > Our antivirus software has detected a large ammount of viruses outgoing > from your email account, you may use our free anti-virus tool to clean up > your computer software. > > For further details see the attach. > > For security reasons attached file is password protected. The password is > "83724". > > Best wishes, > The Webkahuna.com team > http://www.webkahuna.com > > [trojan payload removed] -- --------------- Gerard Mittelstaedt mitt@hiline.net McAllen, Texas USA