Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm being bombarded by Netsky variants


  • Please log in to reply
5 replies to this topic

#1 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:04 PM

Posted 23 May 2004 - 06:27 PM

I have two email accounts, Hotmail and my POP3 account, which is only known to about three people! In the last three days I have received about 20 emails a day into the POP3 account, with either attachments, or just suspect mails with "mail delivery failure" in the subject line. These have mainly been quarantined automatically by AVG, and all have been deleted without opening. They contain variants of the Netsky virus.
I am running XP Pro, with AVG, ZAPro, SS&D, Spyware Blaster, IE Spyad, Spyware Guard, Ad-aware and pestPatrol.
Is there any particular reason why my POP3 account is being targeted, and is there any way I can stop it?

Help please!

Luci2a :thumbsup:

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 23 May 2004 - 08:14 PM

Hi there luci2a,
Well, if they're coming from your pop3 address and only 3 people know it (given that they don't forward your messages), the easiest thing to do is change your address. Then you might want to investigate who was infected that's allowing your address to be spoofed. Either just talk to them about it or only give the new address to one at a time. Or, better yet, if your ISP allows you to have three addresses, set up an address for each individual, i.e., only give the address to one individual--then when you get spoofed return mail you'll know where the leak is.

The thing about people

is they change

when they walk away.--Mipso


#3 luci2a

luci2a
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:04 PM

Posted 24 May 2004 - 02:25 AM

Thanks Papakid. That sounds a good idea, but I'll have to do some searching around to see whether my ISP will permit this. One of the three knowing my pop3 address is actually the ISP, who send me a monthly statement. It couldn't be something to do with them, could it? (Breathe.com)

#4 luci2a

luci2a
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:04 PM

Posted 29 May 2004 - 04:37 AM

Well, I have set up some new addresses, I am allowed five by my ISP. I am not sure whether I can disconnect the problem one until I hear from them that they will use one of my new ones for billing info etc.
I have now identified my daughter's school as a possible culprit. The addresses in the "from" line are all from girls in the sixth form, who are given their own accounts. My own daughter's pc is clean. I have emailed the IT people at school to let them know that somebody has an infected friend somewhere!

Today, although I hadn't had any new mail overnight, AVG picked up Netsky Q on the drive, and it could not be healed. An online scan with Housecall picked up Netsky P, Joke Flipped and Joke geschenk A. Housecall allowed me to delete the files, and AVG is now clear.

How is it getting in? I am not opening any mail that I am not sure about, I never d/load stuff without saving and scanning, and I am completely up to date with patches, AV and antispyware. I think I have the lot!

(Including, unfortunately, the ZA version5!)

Luci2a

#5 Guest_Plimsol_*

Guest_Plimsol_*

  • Guests
  • OFFLINE
  •  

Posted 29 May 2004 - 04:11 PM

Do you remember what file was infected?

When they are being detected are they being detectedin attachments octually on your computer?

#6 luci2a

luci2a
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK

Posted 10 June 2004 - 04:40 AM

Hi Plimsol

Sorry for not replying sooner, but I have been away for a few days. I think I have sorted it out now. I cannot change my email account without cancelling it completely, so I have installed Mailwasher to screen the pop3 account, which I think will do the trick. Looking round the forums out there it seems I am not alone in suddenly getting virus-laden spam to a little-used account.
My pc is currently clear of infection - I think the infected files were just in the attachments.

Thanks for all your help at BC - what a nice place to come to!

Luci2a :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users