Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

how to deal with spam and virii

  • 28-06-2001 7:32am
    #1
    Registered Users, Registered Users 2 Posts: 2,752 ✭✭✭


    got this bloody email from HAHA with a virus attached again this week...from haha@sexyfun.net.

    1.checked the "REAL" headers on the mail using file,properties while email was open.

    2.got the ip from that, and searched for its owner here: http://www.arin.net/whois/index.html

    3.eventually found out it was owned by esatclear.ie, so sent a mail to abuse@esatclear.ie (standard address used to deal with spam)



Comments

  • Closed Accounts Posts: 1,193 ✭✭✭Kix


    <font face="Verdana, Arial" size="2">Originally posted by yankinlk:
    got this bloody email from HAHA with a virus attached again this week...from haha@sexyfun.net
    ...
    so sent a mail to abuse@esatclear.ie
    </font>

    Hi Yankinlk,

    Hybris, for that is it's name, is a self forwarding email worm. I'm afraid like most social diseases, you got it from a friend wink.gif

    Some mate of yours can't resist attachments with such aluring titles as "dwarf4you.exe" and "sexy virgin.scr". They opened the worm attachment it when it arrived in their inbox. Hybris woke up and automatically mailed itself to everyone the schmuck had in his address book, including you.

    Not malicious though, at least not on his part.

    It's not a nice worm thought, I seem to remember that it's one which replaces or patches your Windows sockets DLL, to remove the worm fully you have to replace WSOCK32.DLL with the original from your setup disks. Don't take my word for it though as my memory isn't the best. Try:

    http://www.symantec.com/avcenter/index.html

    for more reliable removal info.

    K


  • Closed Accounts Posts: 1,193 ✭✭✭Kix


    Yankinlk,

    Actually, I just remembered. If you look for an email sent at the same time as the Hybris one you'll find out who sent it to you. It doesn't sent itself out automatically, it waits until you send an email to someone and then sends a copy of itself to the same person in a seperate email. Sould be easy then to find out who the culprit is.

    K


  • Registered Users, Registered Users 2 Posts: 677 ✭✭✭The_Scary_Man



    Original Message
    From: <leather@iol.ie>
    Sent: Wednesday, June 27, 2001 7:10 PM
    Subject: virgins!!


    famous pleasure anal girls black Suzete cheerleader celebrity rape
    fist-****ing&teens hardcore pleasure
    black girls!cumshot!Xuxa hot virgins pleasure anal&girls Raquel Darian
    fist-****ing!
    horny hottest
    gay Xena oral!sado SM horny

    I got this one today with a Xena.exe file attached. I also got a similar one a while back from celebrity.rape@iol.ie, forwarded it on to iol.


    And then in a moment of absolute clarity he realised that there was nothing, not because everything had ceased to exist but rather that it had never been there to begin with.
    Free Your Mind.


  • Registered Users, Registered Users 2 Posts: 2,752 ✭✭✭yankinlk


    cheers for info kix...heres a clue from the headers, what ya make of it?

    From Wed, 27 Jun 2001 15:06:47 -0700
    Received: from [194.165.165.76] by hotmail.com (3.2) with ESMTP id MHotMailBD03A39700C840043122C2A5A54C04390; Wed, 27 Jun 2001 15:05:33 -0700
    From: Hahaha <hahaha@sexyfun.net>
    Subject: Snowhite and the Seven Dwarfs - The REAL story!
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="--VE7W5YZ0DQZ"


  • Registered Users, Registered Users 2 Posts: 78,580 ✭✭✭✭Victor


    Well my policy is not to use MS address books (the single gratest target of virii). Keep address, by keeping all your messages in and out and then just respond to an old message if you don't want to re-type the address.

    Then it's only the muppets at work that open attachments are your problem, not 50 p-ed off customers.

    Too many freaks, not enough circuses.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,752 ✭✭✭yankinlk


    nice one kix...two people emailed me from hotmail around that same time...i sent a warning message to them both and one replied that he gets that email all the time and opens it, but nothing happens. lol


  • Registered Users, Registered Users 2 Posts: 15,544 ✭✭✭✭Supercell


    I've lost count of how many times i've got this mail, and to be honest its not really the senders fault(can't blame someone for stupidity??!!ie keeping their virus scanner updated)...check out

    http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html

    Have a weather station?, why not join the Ireland Weather Network - http://irelandweather.eu/



  • Closed Accounts Posts: 1,193 ✭✭✭Kix


    Yankinlk, you're more than welcome. Apart from being a programmer/software manager, I'm also part-time sys admin (hat cupboard is full) and I have to deal with these things all the time.

    Mind you, people round here are surprisingly savvy about virii and I don't think that anyone has ever actually run the attachment. That's what you get in a company 90% made-up of engineers and scientists! smile.gif


  • Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭Hecate


    forward all those headers and ip addy's to abuse@iol.ie or abuse@esatclear.ie.

    They'll be able to see who was issued with those ip's based on the time the mail was sent.


Advertisement