[aldo_14]

does anyone know what this virus is, and more specifically how it's 'caught'?  I've been getting bounced back emails saying they contained this, but I've run a few AV scans without finding anything on my system.... so I'm trying to identify if I'm infected or if my mail address is being spoofed by the virus on another machine....

Unfortunately, I can't really find any good info by searching on google (and there seems to be nowt on the symantec website), so any advice is welcome (well, duh, seeing as I'm asking for it......).

Oh, and NB:  I'm not daft enough to open any attachments I don't send myself, so I can;t see how i could have caught it that way.... but without knowing the virus infection method, I can;t be sure.

EDIT: http://www.f-secure.com/v-descs/netsky_d.shtml might be it.... but feck knows i could have caught it, and I'm sure it would have been picked up on my last scan, as me AVG database is the newest....sigh.

[WMCoolmon]

I hear it's a Trojan virus. I'm pretty sure it's been running around for a long time now, started by some guy in Italy.

The easiest way to tell if you have it is to check your USER.IQ file and look at the contents...if it contains a value such as "low" you probably have the virus.

The easiest fix is to close your DMAS port, then download and install the latest antivirus util from GNUB.

[Sandwich]

Dude. Wake up.

Faking a bounce-back email is one of the surest ways to get someone to open the email.

Either that, or more likely, your address was randomly generated and used in the spoofed "To:" field. Either way, you're likely not infected.

[Lonestar]

Put your computer in Safe Mode then run the scan, it will find more viruses that way.

[aldo_14]

Think I've tracked it down..... it's being bounced off a website who seem to have bought my name from a spam list.  They had a similar thing a month or so ago, when all the 'remove' replies were resent to eveyone on the mailing list with a spoofed 'to' field.

What i don;t know, is how they got my email - because it's my Uni one and AFAIK it's never been shown on a public forum, etc.

[Kazan]

UNIs like to sell their ugrads@*.edu and grads@*.edu lists -- when you agreed to use their system you agreed to this

[aldo_14]

Originally posted by Kazan
UNIs like to sell their ugrads@*.edu and grads@*.edu lists -- when you agreed to use their system you agreed to this

I'm not sure that's legal in the Uk, tho.  I'm 99% sure Strathclyde doesn;t do it anyways - they're not even allowed to put our emails on departmental webpages because of the Data Protection Act (plus there's nothing in the CoU form regarding it).   I can only assume I must have put my email in my siggy when I first joined or summat, without thinking it would be picked up.

'tis not a major issue, anyways - I graduate in July, so I won't even have the account anymore.

[StratComm]

It really depends on the institution though.  I have never gotten spam on my school account, ever.  Then again, my friends down 15-501 get it all the time (though whether by selling of a list or their own lack of internet sense I do not know).  It's more likely been picked up from an aquaintence's address book or a mail list that you belong to, either by being on some insecure site or by a similar virus.  Any time your address has been spoofed from, your address is out.

[Lonestar]

ALL YOUR ADDRESSES ARE BELONG TO US!

[karajorma]

Did you ever send anything that might have been forwarded on?

Lots of people don't bother removing addresses when forwarding and if they eventually end up in the hands of a spammer it's easy to collect and add them to their lists.

[aldo_14]

Originally posted by karajorma
Did you ever send anything that might have been forwarded on?

Lots of people don't bother removing addresses when forwarding and if they eventually end up in the hands of a spammer it's easy to collect and add them to their lists.

Doubt it.... may have been something as stupid as putting my email on my old siggy at the VBB - especially as the email is to the old CS server (cs.strath) and not the one introduced in 3 years or so ago (cis.strath).

Odds are, it'll be something stupid and my fault

[WMCoolmon]

Err, you mean you weren't joking around in the first post? Sorry man, I thought it was a late April Fool's joke

[StratComm]

Those pesky chain letters are monsterous for collecting e-mail addresses as well.  Even if you have no part in them, as long as one person in the list forwards it on all of the addresses are carried along with it.

As to the virus, it does seem to be a Netski variant.  Norton has a tool on their website that removes it quite painlessly.

[Kazan]

he;s probably not infected

[kasperl]

Originally posted by StratComm
Those pesky chain letters are monsterous for collecting e-mail addresses as well.  Even if you have no part in them, as long as one person in the list forwards it on all of the addresses are carried along with it.

As to the virus, it does seem to be a Netski variant.  Norton has a tool on their website that removes it quite painlessly.

amen.

i always send people who send me chain letters a rather lengthy copy&paste about how this helps spammers and virus writers, and some people actually find the BCC field. oth, i get a lot of chain letter anyway.

[aldo_14]

I'm not...i forgot the uni mailserver does it's own virus scan on the email, so if I did have one all my emails would be rejected and sys support would give me a bollocking.