adhawkins Posted November 28, 2005 Posted November 28, 2005 I dont let it auto-delete the messages, it just marks them for deletion and I can override it if I get what looks like a genuine email. Aha. That's Ok then (Almost) exactly what my Spam filter does too... Andy Quote
Martin Keene Posted November 28, 2005 Posted November 28, 2005 I don't remember telling them, and until all this started, it had never been called into service before... Quote
Martin Keene Posted November 28, 2005 Posted November 28, 2005 How would you go about changing it? Edited to add: All scanned and I'm clean. So who is it then... Quote
CateringVan Posted November 28, 2005 Posted November 28, 2005 Can anything be done about the trash, or do you just have to wait for them to get bored? I doubt they realise they have a problem, it installs its own mail engine on the infected PC then harvests email addresses from the victims computer. Without running a virus scan you'd probably never notice it was there. We just have to hope that the victim does a scan and gets rid of it sooner rather than later There are more details about this than you'll ever need to know on Symantec's website. Quote
adhawkins Posted November 28, 2005 Posted November 28, 2005 If you have a firewall installed, it's generally a good idea to block outgoing connections to port 25 except to your ISPs mail server. I don't know if these engines will connect to your ISPs smart host or whether they'll go direct. If they go direct, at least if you do get infected, you won't be able to send it out to anyone else... Andy Quote
CateringVan Posted November 28, 2005 Posted November 28, 2005 It looks like its spreading, the latest one I've had didnt come from the ntl address but from elsewhere :- Received: from 81.104.202.75 (HELO dlnokwl.uk) (81.104.202.75) by mta824.mail.ukl.yahoo.com with SMTP; Mon, 28 Nov 2005 17:25:39 +0000 Quote
CateringVan Posted November 28, 2005 Posted November 28, 2005 Actually, cancel that - I just checked the ip address of the original emails and its the same (81.104.202.75) Quote
adhawkins Posted November 28, 2005 Posted November 28, 2005 It looks like its spreading, the latest one I've had didnt come from the ntl address but from elsewhere :- Received: from 81.104.202.75 (HELO dlnokwl.uk) (81.104.202.75) by mta824.mail.ukl.yahoo.com with SMTP; Mon, 28 Nov 2005 17:25:39 +0000 That's still an NTL address. cpc2-cmbg5-6-0-cust75.cmbg.cable.ntl.com. The bit in brackets is how that system identified itself. It looks like this particular one is sending direct to the recipient's MX record. As such, blocking outgoing connections to port 25 to anything except your ISPs smart hosts will stop it in its tracks. Andy Quote
CateringVan Posted November 28, 2005 Posted November 28, 2005 Obviously Yahoo's mail system isnt as clever and is more trusting than Pipex's .... Quote
Arm Posted November 28, 2005 Posted November 28, 2005 Would their PC not be acting a little strange or running slightly slower whilst it sends out this junk ? Quote
adhawkins Posted November 28, 2005 Posted November 28, 2005 Not necessarily. You might find the internet is a bit slow (if it's generating enough traffic to swamp the upload, then downloads would be like treacle). Apart from that, the processor usage is unlikely to be noticeable on a 'modern' PC. Andy Quote
RobC Posted November 28, 2005 Posted November 28, 2005 I havn't had anything else all night ? which is wierd ? but running the symantec W32.sober remover.... just incase... can not halm anything Quote
wookie Posted November 28, 2005 Posted November 28, 2005 can someone reckomend anti virus software for a mac? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.