Matrix Games Forums

Forums  Register  Login  Photo Gallery  Member List  Search  Calendars  FAQ 

My Profile  Inbox  Address Book  My Subscription  My Forums  Log Out

Recieving Very strange emails

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Current Games From Matrix.] >> [World War II] >> Steel Panthers World At War & Mega Campaigns >> Recieving Very strange emails Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Recieving Very strange emails - 4/21/2002 6:14:06 AM   
Alby


Posts: 4855
Joined: 4/29/2000
From: Greenwood, Indiana
Status: offline
Last few days, I have been recieving very strange emails with some kind of attachements included. I am asked to open the file as soon as the emaol arrives, Wierd!
All the emails are from the sp comminity, some have even shown up as "returned mail not delivered"
Which is strange because they are emails I NEVER sent and to some people who I do not even know, but recognize them from the spwaw community.
Has anyone else had this going on??
Like is there a mailing list out there that somehow we all got on??
Anyway, be advised, could be some rotten poop in Denmark, if you get my meaning
Alby

_____________________________


Post #: 1
- 4/21/2002 7:32:34 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
What you have just described is how a virus is propagated. If you open the attachment - which is usually an exe file - it will in turn infect your system.

If you do not have an anti-viral program - if you do not check ALL your incoming mail with it - you are asking for a viral infection. Usualliy, the viruses take over your e-mail system and start sending themselves to people in your address book. As sort of a nasty bonus, someo of them completely wreck your operating system and destroy all operating system files. Some of them hide for days and weeks in your system folder - sometimes in the registry - waiting for a certain time or event to be the trigger.

I had a virus mailed to me from an unknown source a couple of weeks ago - I wouldn't be surprised if this was the same criminal at work.

If you don't guard against viruses you will eventually pay for the neglect. You can read more about the subject on many websites. The one a good number of us on this forum use - because we believe it is the best - is: http://www.avp.ch/ Read and judge for yourself.

Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to Alby)
Post #: 2
- 4/21/2002 8:20:07 AM   
ZoomBoy27


Posts: 75
Joined: 8/13/2001
From: Vancouver BC Canada
Status: offline
One option I've heard of to corral the sending of worm viruses from your own machine(since they usually use MS Outlook addressbook) is to put a bogus entry in your address book

I think it's zero-zero-zero-
0000
or something like that
Anyway, tt will be the 1st one accessed and if entered INCORRECTLY !! (there should be an error in the address that gets caught right away) That should let you know that there's an error and your machine is e-mailing all by itself

Maybe others can expand on this and correct me.

ZoomBoy

(in reply to Alby)
Post #: 3
something did happen - 4/21/2002 8:50:11 AM   
Alby


Posts: 4855
Joined: 4/29/2000
From: Greenwood, Indiana
Status: offline
Well one of them did do something in my case, evrything began to run real slow on my PC and my mcafee virus shield would not start up as normally it did before when windows started up.
reformatted and evrything seems fine now, But beware
Yes any info on the address book thing would be a great help!!

_____________________________



(in reply to Alby)
Post #: 4
- 4/21/2002 9:08:30 AM   
Big Bill

 

Posts: 177
Joined: 3/24/2001
From: LI. NY. , USA
Status: offline
You have to update your virus profiles AT LEAST weekly. Also the latest version of Norton Antivirus checks your outgoing mail for virus' before Outlook sends.

(in reply to Alby)
Post #: 5
- 4/21/2002 9:42:27 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
Swiss AVP updates daily, normally excluding Sundays but I have downloaded updates on Sunday - and I have received replies to service requests at would be 2 - 3 AM European time on a weekend.

Anything less than daily updates will not protect the user. Today's update brings the Siwss AVP to 53,568 files. Kapersky have been consistently ahead of Norton and McAffee - sometimes as much as 48 hours.

To each his own. To me, it is worth the trouble to d/l daily updates and perform sweeps two and three times a day. I have found it pays off in keeping viruses off my system.

Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to Alby)
Post #: 6
- 4/21/2002 3:40:11 PM   
Resisti


Posts: 1351
Joined: 1/22/2001
From: Livorno, Italy
Status: offline
You have received, and according to the descriptions you made, infected, too, by a virus called W32.Klez, or one of its variants.
When activated, it try to shut down any antivirus program installed on the victim's pc.
There's an alert on Warfare HQ site,too, about this; look:

Virus Alert by Scipio

Folks, keep your Virus Protection updated! I have received several infected mails in the last two days, all has as appendix a picture from warfarehq, usually a ladder image, that opens itself. Danger, this appendix is infected with the iframe.exploid or a w32.klez virus!!! An updated Norton can identify them.

However, I recomment to deactivate the preview of your email program and delete all suspicious mails.

_____________________________

Federico "Resisti" Doveri

(in reply to Alby)
Post #: 7
- 4/21/2002 6:15:51 PM   
Warrior


Posts: 1808
Joined: 11/2/2000
From: West Palm Beach, FL USA
Status: offline
You don't need to open the attachment for this one to bite you. I just received the third sent, and McAfee caught it immediately. I update my anti-virus program daily.

_____________________________

Retreat is NOT an option.



(in reply to Alby)
Post #: 8
- 4/21/2002 9:08:25 PM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
I think this started as much as two or three weeks ago - I got an e-mail with a subject line that was suspicious and sure enough it was carrying a virus.

In my case, the sender appeared to be using an Italain alias. No one else reported anything at the time, so we let it go without announcing it on the forum. I thought then - feel stronger about it now - that someone is preyng on WAW forum members.

Eternal vigilance is the price of freedom. Those who don't have an AVP and use it on a daily basis are doing the same thing as going out at night, leaving all the lights on and the front door propped open - an invitation to criminals.

Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to Alby)
Post #: 9
- 4/22/2002 6:23:57 AM   
Gen.Hoepner


Posts: 3645
Joined: 9/4/2001
From: italy
Status: offline
OH!!!!! But what about hotmail?I have several e-mail addresses,one of which is an Hotmail....i run it with the others on outlook express..but on it Norton doesn't work........

(in reply to Alby)
Post #: 10
- 4/22/2002 6:59:56 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
You pays yer money - you takes yer cherce. If your system can be infected without even opening the e-mail - apparently it can, acording to Kapersky - then you are going to have to do a sweep of the \Windows folder anyway. Specifically the section where the e-mail folders are located, the \System folder and you had also better check the registry.

If you can't do this with the AVP you have now, it would seem to me it is not doing the job.

You can check

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

in the registy manually to see if it contains:

Krn132 = %System%\Krn132.exe

- as one example of the measures you can take on your own. Kapersky offers a free removal program for several current viruses - you can't beat the price.

Read up on viruses. Lack of knowledge in this area will leave you open to destruction of every file on your HD - also leave you vulnerable to passing on the virus to anyone who happens to be unlucky enough to be in your address book. I would rather not either of these happen.

Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to Alby)
Post #: 11
More Emails! - 4/22/2002 8:19:28 AM   
Alby


Posts: 4855
Joined: 4/29/2000
From: Greenwood, Indiana
Status: offline
The "attachment" emails started up again today!!
had 2 of them in my inbox, when I deleted them, I alomost immediately recived the "email returned" message again!
But my outbox showed no outgoing email!
We gotta find out who is behind this crap!!!!!!!!
how about it? any ideas on what we can do here??:mad:

_____________________________



(in reply to Alby)
Post #: 12
- 4/22/2002 8:32:56 AM   
Gen.Hoepner


Posts: 3645
Joined: 9/4/2001
From: italy
Status: offline
I got my first one just few minutes ago.My norton AVP caught it.I sent it to SERC.....let's see what they'll say about that....

(in reply to Alby)
Post #: 13
- 4/22/2002 8:37:03 AM   
Alby


Posts: 4855
Joined: 4/29/2000
From: Greenwood, Indiana
Status: offline
Got mine just within the last hour myself

_____________________________



(in reply to Alby)
Post #: 14
- 4/22/2002 9:05:34 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
Who or what is SERC?

Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to Alby)
Post #: 15
- 4/22/2002 5:31:58 PM   
JVRyk5

 

Posts: 33
Joined: 4/14/2002
From: Finland
Status: offline
Finding out original virus-sender is not going to happen. What these buggers do, is copy your addressbook and replicate themselves to all who you have in it.
So if one in SP community has a virus in his machine, it will send itself to all PBEM patrners, and so on.
Interpols cybercowboys are tracking these morons who manufacture these things and sometimes they DO catch them, like two Philipinians couple years back, whose virus caused 1,3 billion euros worth damage. Personaly hope they were send to salt mines working the bill of.

(in reply to Alby)
Post #: 16
Another thing you have not considered - 4/22/2002 7:32:39 PM   
Gary Tatro

 

Posts: 1213
Joined: 2/1/2002
From: MA, US
Status: offline
Is that if you have a cable modem or a DSL line and it is not firewalled certain unmoral individuals can hack into your computer and use your computer as a slave and pretty much do anything then want with it. Like send e-mails to other people with viruses attached, without your knowledge, or use your computer as a base of operations to do other hacking.

There is a nice little Web site called ZoneAlarm.com that give you a free firewall to down load and install on your computer that will protect you from such miscreants.

I did it when I found one day after I had upgraded to a Cable modem when I went to shut my computer down and it said that there was someone loged into it and if I shut it down I would disconnect them. This scared the hell out of me and I installed a firewall the nexted day.

Gary

_____________________________

"Are you going to do something or just stand there and bleed"

(in reply to Alby)
Post #: 17
- 4/22/2002 9:15:45 PM   
Gen.Hoepner


Posts: 3645
Joined: 9/4/2001
From: italy
Status: offline
SERC stands for.....wwll,i do not know exactly...BTW it is the analisys center of Nortnon...they answered to my inquiry sayin that the file corrupted by this virus cannot be reapired with the normal antivirus system.....they give a free tool to eliminate the problem......the tool link is
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

hope this helps

(in reply to Alby)
Post #: 18
- 4/23/2002 5:26:09 AM   
Alby


Posts: 4855
Joined: 4/29/2000
From: Greenwood, Indiana
Status: offline
[QUOTE]Originally posted by JVRyk5
[B]Finding out original virus-sender is not going to happen. What these buggers do, is copy your addressbook and replicate themselves to all who you have in it.
So if one in SP community has a virus in his machine, it will send itself to all PBEM patrners, and so on.
[/B][/QUOTE]

But, when I recieve thes "returned email" things, they are people who are not in my address book, so apparently, its from someone elses mailing list I would presume...

_____________________________



(in reply to Alby)
Post #: 19
- 4/23/2002 7:29:30 AM   
tohoku

 

Posts: 415
Joined: 3/18/2002
From: at lunch, thanks.
Status: offline
[QUOTE]Originally posted by Bing

If you don't guard against viruses you will eventually pay for the neglect. You can read more about the subject on many websites. The one a good number of us on this forum use - because we believe it is the best - is: http://www.avp.ch/ Read and judge for yourself.
[/QUOTE]



Use *nix or a Mac.

At the very least, don't use Microsoft products! There's a reason OE is known as Outbreak Express...




tohoku
YMMV
Debian box emulating Win98SE for games
(faster and more stable than the old native system!)

(in reply to Alby)
Post #: 20
- 4/23/2002 3:19:26 PM   
tiggwigg

 

Posts: 118
Joined: 5/17/2001
From: Australia
Status: offline
Alby, your comments indicate you don't know how a virus worm works...this is NOT an external attack on the SPWAW community...it is a virus being propagated internally by members of the community...they activate the virus/worm and send it to each other.

The worm/virus is usually delivered as an attachment to an email and is a program disguised as a harmless atachement.

When the innocent recipient of the email clicks on the attachment, it starts the program. The program (commonly called a payload), does things to your computer. Usually, it copies itself onto your computer hard-drive and runs everytime you start your computer. It then sends a copy of the original email with virus attachment to everyone in your Outlook address book...if nasty it will do something like delete all files on your computer or change names of files.

This particular virus, known as KLEZ, does all these things...it uses a security failure in Outlook/Internet Explorer to run itself automatically without you having to open the attachment. If you have the latest IE updates installed, then this security loop-hole should be closed...but this doesn't stop you opening the attachment.

The KLEZ virus is currently the number network virus/worm problem. It requires both an anti virus application and a KLEZ removal program to fix...

As has been said...always have your anti-virus software up to date...also have the latest IE update...and importantly, know what makes an email suspicious and if in doubt, then delete it first...it is easier for your buddy to re-send his email than for you to clean up your computer...NEVER open an email, even from someone you trust, if there is the slightest doubt that it is not 100% clean.

(in reply to Alby)
Post #: 21
- 4/23/2002 7:03:34 PM   
ruxius

 

Posts: 909
Joined: 5/5/2000
From: ITALY
Status: offline
Right..your post exactly described what happened..
I was out for a while and when coming back here I found that a spam attack was launched by a sick person...he has been banned but which was his name ?
I would like to know if I ever spoke with him...

Anyone knows his name ?

_____________________________

Italian Soldier,German Discipline!

(in reply to Alby)
Post #: 22
- 4/23/2002 7:38:36 PM   
Tommy

 

Posts: 232
Joined: 5/31/2000
From: In that brush, behind you; raising a PIAT to my sh
Status: offline
[QUOTE]Originally posted by tiggwigg
[B][snip]

The KLEZ virus is currently the number network virus/worm problem. It requires both an anti virus application and a KLEZ removal program to fix...

As has been said...always have your anti-virus software up to date...also have the latest IE update...and importantly, know what makes an email suspicious and if in doubt, then delete it first...it is easier for your buddy to re-send his email than for you to clean up your computer...NEVER open an email, even from someone you trust, if there is the slightest doubt that it is not 100% clean. [/B][/QUOTE]

Tiggwigg,

Excellent advice. The KLEZ is not effective against a PC which has all of the Windows (IE, Outlook & Norton Antivirus) updates installed. I am just finishing cleaning up 2 PCs that were infected by KLEZ. (No - not this one!).

BTW, a bit of caution on that advice about a "KLEZ removal program". I don't beleive there is a real one. There is a fake one around which actually infects the PC even worse, it's a trojan. As far as I could tell, you can't "remove & repair" the KLEZ worm (and it's virus sub-payload). You can delete all files containing the worm, then re-install all of the apps you just disabled.

One more note, McAfee was on the 2 infected PCs; the KLEZ wiped it out first thing ( like a sniper bullet to the head of the Company Commander). I rebuilt the PCs with Norton Antivirus and it survived the counterattack and wiped out the KLEZ.

I wonder if this all started a few days ago, remember my post about the strange email in Polish?
[URL=http://www.matrixgames.com/forums/showthread.php?s=&threadid=18289]Caution: A hack attempt?[/URL]

Tommy

(in reply to Alby)
Post #: 23
- 4/23/2002 8:46:48 PM   
Shetty

 

Posts: 5
Joined: 4/15/2002
From: Germany
Status: offline
If you want an eMail-Program that is save compared to MS Outlook Express, download Eudora at [url]www.eudora.com.[/url] It is free, and can not so easily used for a viral infection, since it doesn't automatically open every attachment like Outlook does.

By the way, Bing, what does your signature mean?

_____________________________

"This is MY street!"

(in reply to Alby)
Post #: 24
- 4/23/2002 9:17:10 PM   
Tommy

 

Posts: 232
Joined: 5/31/2000
From: In that brush, behind you; raising a PIAT to my sh
Status: offline
[QUOTE]Originally posted by Shetty
[B]

By the way, Bing, what does your signature mean? [/B][/QUOTE]


and a 1, and a 2:

Big, bad, Leroy Brown
Baddest man in the whole **** town

Must get that voice fixed someday!;)
Tommy

(in reply to Alby)
Post #: 25
- 4/23/2002 9:27:54 PM   
Shetty

 

Posts: 5
Joined: 4/15/2002
From: Germany
Status: offline
Oh, now I understand...was it translated by Altavista?

_____________________________

"This is MY street!"

(in reply to Alby)
Post #: 26
Thanks Bing - 4/24/2002 6:08:39 AM   
Mojo

 

Posts: 915
Joined: 2/6/2002
From: Portland, Oregon USA
Status: offline
I bought an AVP from Kaspersky. If you think having your troops hit a mine at 2 am will cause you to jump you should have seen me when that alarm went off.

I'm still having Java problems which they are helping me with but at least the computer is clean and I'm back on line.

BTW Bing what are you running as a firewall and what was that anti spyware product you recommended?

Oh and before y'all start treating me like Typhoid Mary I didn't have Klez so you didn't get it from me. << Insert smilie face here cause java ain't working>>

_____________________________

If something's not working you might want to tunk it a dite.
Mojo's Mom

(in reply to Alby)
Post #: 27
- 4/24/2002 6:56:44 AM   
Big Bill

 

Posts: 177
Joined: 3/24/2001
From: LI. NY. , USA
Status: offline
shetty Outlook Express can be configured NOT to automaticlly open attachments

Mojo I use Zone Alarm as a firewall and it seems to be doing a good job on my XP system.

I downloaded a spyware and cookie removal program ( forget the name) but it seemed to bog things down ( not speed) with pop up warnings etc. If your still interested I'll try to get you the name

(in reply to Alby)
Post #: 28
- 4/24/2002 7:27:35 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
Mojo: Am running naked - no firewall. I tried BlackIce, ZoneAlarm and Tiny Personal Firewall - they were all finicky and gave me dozens of intrusion "attempts" that didn't exist. I dont let the cable IP run 24/7 - only when I am surfing or doing e-mail. Running off USB, the software that crashed Bill Gate's demo on national TV. So I shut down, unplug the modem and restart for realtime app running, reverse the process for air time.

Not recommending this for anyone - I am willing to take the chance. The way I see it, outright intrusions are minor compared to spyware and e-mail viruses - there is even a new class of virus you get from just visiting a site. Benign and all, but it IS a virus and is classified as such.

I wouldn't dream of operating more than 48 hours without cleaning out the Internet Temp files - all the way, from the command line.

For spyware detection and killing I use Ad-Aware from http://www.majorgeek.com/index2.html - a temporary redirect while they get straightened around. I've had three cases of spyware detected in the last couple of months - Ad-Aware does a good job and now has a Net-based auto update exe available.

I use Cookie Pal - not the least bit intrusive, allows me to organize cookies and permanently bar whatever sites I want from installing cookies.

All of the pop-up killers I've used are the same: They kill important pop-ups for Internet shopping and password entry. I just don't buy anything advertised via pop-up and try not to go to the sites that harrass the user with multiple pop-ups.

Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to Alby)
Post #: 29
- 4/24/2002 7:46:09 AM   
Mojo

 

Posts: 915
Joined: 2/6/2002
From: Portland, Oregon USA
Status: offline
[QUOTE]Originally posted by Bing
[B]Mojo: Am running naked.... [/B][/QUOTE]


<> Hey Nature-boy at least put on a loin cloth huh? (Images too frightening to consider.)

One little trick I've seen with the pop ups is that they change the little "close button" thingie so that it connects you with their site instead of closing the window. That really chafes my hide boy. Want to start a flame fest with me just do that.

Kaspersky Labs AVP seems to work great and their customer support has gone way beyond the call of duty helping me with this. Lot's of hand holding and patient step by step help.

Thanks for the advice and help. You too Big Bill. Maybe I'll hold off on the firewall and just continue to run nekkid too.

(in reply to Alby)
Post #: 30
Page:   [1] 2   next >   >>
All Forums >> [Current Games From Matrix.] >> [World War II] >> Steel Panthers World At War & Mega Campaigns >> Recieving Very strange emails Page: [1] 2   next >   >>
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

1.203