In Jim's words "Right now, it is isolated to the Norton AntiSpam folder", so
it would seem that Norton identified it correctly! Have to give Norton the
nod when it does something (anything?) right.
Piers
-----Original Message-----
From: Chuck Norcutt [mailto:chucknorcutt@xxxxxxxxxxxxxxxx]
Sent: 13 July 2010 12:09
To: Olympus Camera Discussion
Subject: Re: [OM] George's (classicVW) computerapparently infectedwith
avirus
I didn't think about it right away but, since I agree that the email itself
does not contain a virue, I'm wondering what criterion was used by Jim's
copy of Norton to consign the incoming mail to the virus vault.
Chuck Norcutt
Piers Hemy wrote:
> Indeed yes, Chuck, someone has an infection of some sort, and it looks
> likely that is George. Whether or not it is a virus is hard to say -
> but what is being distributed as a result of the infection appears not
> to be a virus, just a rogue email. But I would guess that propagation
> of the infection is achieved by visiting the website linked to in the
rogue emails.
> The site has not been blacklisted by the checker I looked at
> (www.urlvoid.com) but the whois data suggest that an individual in
> Moscow owns the site. Who knows what his plans might be?
>
> Piers
>
> -----Original Message-----
> From: Chuck Norcutt [mailto:chucknorcutt@xxxxxxxxxxxxxxxx]
> Sent: 13 July 2010 01:55
> To: Olympus Camera Discussion
> Subject: Re: [OM] George's (classicVW) computerapparently infectedwith
> avirus
>
> Thanks. But is there not some infected machine somewhere on some list
> member's machine that is providing the source of the addresses? Or is
> the swiping of the addresses remote in time and place from the current
mailings?
> I go bonkers trying to read the headers.
>
> Chuck Norcutt
>
>
> Piers Hemy wrote:
>> I agree with you, Chuck, the email itself looks harmless, there is
>> simply a link to another website, which would explain why various AV
>> products do not pick it up.
>>
>> But it's a bit more subtle than you described, as I did not receive
>> anything from George. Apparently "I" sent the message to someone with
>> an email service run by Tigertech, who duly rejected it for Spam
>> content, and returned it to the list bounce address (which is at
>> thomasclausen.net). It looks like several others were also returned,
>> as I received an advisory to the effect that several bounces had been
> received.
>> Inspecting the headers of the one message retirned to me, I see
>> everal addresses beginning with "O", including a few old list
>> addresses, and Moose (olymoose). I assume that Moose had exchanged
>> email with George at some stage in the past, as have I.
>>
>> >From the perspective of the recipients, it appears to be no more
>> >than
>>> a
>> further spam source, which so far seems to be trivial in volume
>> compared to all the other stuff that I get (which is a fraction of
>> what I could get if I didn't have a few lines of defence).
>>
>> Piers
>>
>> -----Original Message-----
>> From: Chuck Norcutt [mailto:chucknorcutt@xxxxxxxxxxxxxxxx]
>> Sent: 12 July 2010 20:06
>> To: Olympus Camera Discussion
>> Subject: Re: [OM] George's (classicVW) computerapparently
>> infectedwith avirus
>>
>> If it's the same thing as I saw (it was on the list) there was no
>> harm in opening the email. I think the harm might come from clicking
>> on the link in the mail.
>>
>> Chuck Norcutt
>>
>>
>> Jim Nichols wrote:
>>> Chuck,
>>> Right now, it is isolated to the Norton AntiSpam folder. I am a
>>> little bit afraid to try to examine it, for fear of infecting my
>>> computer. What, specifically, should I look for?
>>> Jim Nichols
>>> Tullahoma, TN USA
>>> ----- Original Message -----
>>> From: "Chuck Norcutt" <chucknorcutt@xxxxxxxxxxxxxxxx>
>>> To: "Olympus Camera Discussion" <olympus@xxxxxxxxxxxxxxxxx>
>>> Sent: Monday, July 12, 2010 12:52 PM
>>> Subject: Re: [OM] George's (classicVW) computer apparently
>>> infectedwith avirus
>>>
>>>
>>>> George (and the others) may be very interested to hear that. He
>>>> has been using a new machine with supposedly a new copy of Norton
>>>> AV which did not pick up the infection. On my advice he also tried
>>>> a copy of Avast! which didn't pick anything up either. He'd
>>>> probably be appreciative of your version numbers (code and data)
>>>>
>>>> Chuck Norcutt
>>>>
>>>>
>>>> Jim Nichols wrote:
>>>>> I just checked, and found it in my Norton AntiSpam Folder, as well.
>>>>> It was dated July 10.
>>>>>
>>>>> Jim Nichols
>>>>> Tullahoma, TN USA
>>>>> ----- Original Message -----
>>>>> From: "Charles Geilfuss" <charles.geilfuss@xxxxxxxxx>
>>>>> To: "Olympus Camera Discussion" <olympus@xxxxxxxxxxxxxxxxx>
>>>>> Sent: Monday, July 12, 2010 12:19 PM
>>>>> Subject: Re: [OM] George's (classicVW) computer apparently
>>>>> infected with avirus
>>>>>
>>>>>
>>>>>> I just noticed that I have received the same e-mail from
>>>>>> ClassicVW at my hospital address that I used to use for the OM List.
>>>>>>
>>>>>> Charlie
>>>>>>
>>>>>> On Mon, Jul 12, 2010 at 11:13 AM, Charles Geilfuss <
>>>>>> charles.geilfuss@xxxxxxxxx> wrote:
>>>>>>
>>>>>>> John,
>>>>>>> Would you be willing to let them know so we can correct
>>>>>>> the situation? Thanks.
>>>>>>>
>>>>>>> Charlie
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Jul 12, 2010 at 10:04 AM, John Hermanson
>>>>>>> <omtech1@xxxxxxxxxxx>wrote:
>>>>>>>
>>>>>>>> I've gotten that link with the return addresses of 2 other list
>>>>>>>> members besides George.
>>>>>>>> ___________________________________
>>>>>>>> John Hermanson | CPS, Inc.
>>>>>>>> 21 South Ln., Huntington NY 11743
>>>>>>>> 631-424-2121 | www.zuiko.com
>>>>>>>> Olympus OM Service since 1977
>>>>>>>> Gallery: www.zuiko.com/album/index.html
>>>>>>>>
>>>>>>>>
>>>>>>>> Chuck Norcutt wrote:
>>>>>>>>> Based on the last (no subject) email from ClassicVW it would
>>>>>>>>> appear his machine is infected with a virus. Don't click on
>>>>>>>>> the included link.
>>>>>>>>>
>>>>>>>>> Chuck Norcutt
>>>>>>>> --
>>>>>>>> _______________________________________________________________
>>>>>>>> _
>>>>>>>> _
>>>>>>>> Options:
>>>>>>>> http://lists.thomasclausen.net/mailman/listinfo/olympus
>>>>>>>> Archives:
>>>>>>>> http://lists.thomasclausen.net/mailman/private/olympus/
>>>>>>>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>>>>>>>
>>>>>>>>
>>>>>> --
>>>>>> _________________________________________________________________
>>>>>> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>>>>>> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>>>>>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>>>>>
>>>>>>
>>>> --
>>>> _________________________________________________________________
>>>> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>>>> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>>>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>>>
>>>>
> --
> _________________________________________________________________
> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
> Themed Olympus Photo Exhibition: http://www.tope.nl/
>
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|