Author |
Message |
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Mon Jul 01, 2002 12:58 pm (21 years, 9 months ago) |
|
Over the last 2 days I have received 3 bounced emails that I have not actually sent.
they have all been received from:
modem-63.lynx.dialup.pol.co.uk ([217.135.192.63]
modem-1653.lion.dialup.pol.co.uk ([217.135.166.117]
which according to the IP atlas is in Leeds
messages include this and then a page or so of nonsense
Quote: | This message has been rejected because it has an apparently executable attachment end.exe This is a virus prevention measure.
This message has been rejected because it has an apparently executable attachment RTF_WP5.bat This is a virus prevention measure.
This message has been rejected because it has an apparently executable attachment setup.exe This is a virus prevention measure. |
The last one also contains this, which appears to be a virus, I'm not sure about the other 2
Quote: | W32.Elkern is a dangerous virus that can infect on Win98/Me/2000/XP.<br>
Symantec give you the W32.Elkern removal tools |
Any ideas why I would get the emails?
Make that 4 as I type I just got another one from the same place. but again a slightly different email. |
|
|
|
|
Justin
4WebHelp Addict
Joined: 07 Jan 2002
Posts: 1060
|
Posted:
Mon Jul 01, 2002 2:15 pm (21 years, 9 months ago) |
|
POL.co.uk is Freeserve by the way, don't know if it helps you though....... |
|
|
|
|
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Mon Jul 01, 2002 2:26 pm (21 years, 9 months ago) |
|
Yeah, I tried typing in www.pol.co.uk and got sent to Energis.
Quote: | Energis Squared is a backbone ISP. We host a number of virtual ISP's including Freeserve, Greatxscape, Jungle. This means that we own the network space on which the accounts of our customers' end users are hosted. For this reason we deal with abuse issues relating to our network. |
but I see the Freeserve connection in this quote from the autoresponder I got sent when I emailed Energis's abuse contact email (not that I really class this as abuse). They say they have a 2 week backlog of problems so not expecting a response anytime soon! |
|
|
|
|
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Sat Jul 06, 2002 2:20 pm (21 years, 9 months ago) |
|
The apparently 'bounced' emails have continued to arrive, I now have about 10.
I have also received another email from the pol.co.uk domain containing a pornographic image (don't worry I wont be posting that as an example ), this one coming straight to me rather than being bounced.
Is my email in some way being used to send spam? I'm wondering how many are being sent and arriving at their destination without bouncing back.
Still no word from Energis/freeserve!
Is there anything my host can do to stop this happening?
Thanks |
|
|
|
|
Justin
4WebHelp Addict
Joined: 07 Jan 2002
Posts: 1060
|
Posted:
Sat Jul 06, 2002 2:31 pm (21 years, 9 months ago) |
|
Darren wrote: | The apparently 'bounced' emails have continued to arrive, I now have about 10.
I have also received another email from the pol.co.uk domain containing a pornographic image (don't worry I wont be posting that as an example ), this one coming straight to me rather than being bounced.
Is my email in some way being used to send spam? I'm wondering how many are being sent and arriving at their destination without bouncing back.
Still no word from Energis/freeserve!
Is there anything my host can do to stop this happening?
Thanks |
I get a lot of this to my Hotmail account, and found out it was someone that was infected with Klez, which sends all these emails out, they always have an attachment right? |
|
|
|
|
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Sat Jul 06, 2002 4:04 pm (21 years, 9 months ago) |
|
Justin, I think you have hit the nail squarely on the head!!
I just looked up Klez on Symantec and my problem fits the MO perfectly.
- It has a random subject most of those I have received are on the list
- It attaches a random file along with the virus, which all mine have
- and they look like I have sent them because it uses email spoofing. Making it look like I have been sending out viruses.
the good news though:
Quote: | Systems Not Affected: Macintosh, Unix, Linux |
heres the link on symantec if anyones interested:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html
I wonder who the poor infected person is that has my email in their address book? |
|
|
|
|
Ben
Senior WebHelper
Joined: 08 Jan 2002
Posts: 431
Location: Liverpool - UK
|
Posted:
Sat Jul 06, 2002 4:26 pm (21 years, 9 months ago) |
|
Some tool who was infected with it kept on hitting me about 10 times a minute with it
Had about 700 emails in my inbox in the end... Poor plesk2
In the end I had to set my mail client to delete anything from the server from this address |
________________________________ Ben Scott
Red and White Kop |
|
|
|
Darren
Team Member
Joined: 05 Feb 2002
Posts: 549
Location: London
|
Posted:
Tue Jul 09, 2002 5:40 pm (21 years, 9 months ago) |
|
Problem solved.
Energis confirmed that it was the klez virus. They have tracked the infected account down, locked there outgoing mail facility and instructed them how to disinfect there computer.
All is well, until the next time |
|
|
|
|
Ben
Senior WebHelper
Joined: 08 Jan 2002
Posts: 431
Location: Liverpool - UK
|
Posted:
Tue Jul 09, 2002 7:17 pm (21 years, 9 months ago) |
|
Energis have a top abuse department... shame other ISPs dont |
________________________________ Ben Scott
Red and White Kop |
|
|
|
|
Page generation time: 0.247592 seconds :: 18 queries executed :: All Times are GMT
Powered by
phpBB 2.0
© 2001, 2002 phpBB Group :: Based on an FI Theme