Post #138,237
1/27/04 11:26:38 PM
|
Re: Not a virus scam
Nope, that was it. Of course it looked like it was from e-fax, its header is forged. ZIP file attachment. It's always about 31-32k in size (small so lots of them can be rapidly mailed).
-drl
|
Post #138,239
1/27/04 11:36:53 PM
|
Re: Not a virus scam
It is an efx document and not a zip or exe file. It is 8K in size, not 31-32K in size. I also was not fool enough to open it just in case there is an EFax exploit.
It also has my EFax number in the header, a spoofed email would not have that. How could a virus find my EFax number and forge the headers with it? Unless it infected the EFax servers and found my email with my EFax number, and I highly doubt that.
I can email my EFax number to you. Feel free to send a Fax to it and I will let you know if Yahoo/SBC says the virus scanner is down and it fills the email with the number you used to send from. Hurry up before the scanner gets fixed. :)
"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"
|
Post #138,241
1/27/04 11:39:16 PM
|
Yahoo posted a notice
On all the groups lists pages saying that their virus scanning software was disabled from the new virus, plus their mail and group service is running really really slow with delays due to same.
It's real, not a scam.
Nightowl >8#
"To become different from what we are, we must have some awareness of what we are."
Eric Hoffer
|
Post #138,242
1/27/04 11:53:13 PM
|
Re: Yahoo posted a notice
As I pointed out, the email I received had the very words "scanner down" - it was the worm, I opened it and looked at it. I do things for myself. If you get a message that is 31k is size with an attachment, that is the worm, period. There are no telling how many variants with differing "social engineering" phrases for the unwary (you).
-drl
|
Post #138,252
1/28/04 1:05:49 AM
|
I'm not denying you got a virus
I'm just saying it's also true that Yahoo is having serious problems.
And I'm not unwary, I'm very careful. I haven't gotten one single virus mail, I get very little spam.
Nightowl >8#
"To become different from what we are, we must have some awareness of what we are."
Eric Hoffer
|
Post #138,270
1/28/04 8:10:18 AM
|
No doubt you did get a message like that with a virus
because the scanner was broken, and it let the virus through. As I have stated I have gotten email like that which did not scan positive for the virus like an 8K EFax attachment. Also it does that for people with a 59 byte signature file. It seems any sort of attachment email gets that message with the original message embedded inside of it. There most likely is a bogus email with the virus that also says something like that as well. Title is ""Alert: Virus Scan Unavailable, Attachment Not Scanned" [test]" where [test] is the name of the original email with the attachment. Test contains "ATT00224.TXT (59 B)" which is a really small file. Off of the [link|http://groups.yahoo.com/|http://groups.yahoo.com/] page for members is an important notice, clicking on this notice goes to this web site: [link|http://groups.yahoo.com/local/service.html|http://groups.yahoo....ocal/service.html]
Based on an advisory posted by a leading anti-virus company, Groups will temporarily reject messages with the following subject lines:
* test
* hi
* hello
* Mail Delivery System
* Mail Transaction Failed
* Server Report
* Status
* Error
Notice it does not include "Alert: Virus Scan Unavailable...".
"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"
|
Post #138,243
1/27/04 11:59:32 PM
1/28/04 12:11:04 AM
|
BTW
The worm is passed into the bulk mail folder. No scanning is necessary and none is performed for simple mail delivery. This is the real message posted on Yahoo groups:
Dear Yahoo! Groups Members,
Due to a recent outbreak of computer viruses being transmitted via email messages, Yahoo! Groups is experiencing delays in delivering group messages. To improve performance, and to help reduce the spread of viruses, Yahoo! Groups has had to temporarily reject some messages.
Based on an advisory posted by a leading anti-virus company, Groups will temporarily reject messages with the following subject lines:
test
hi
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error
If you have attempted to post a message to Yahoo! Groups and have received a rejection notice with a link to this page, your computer may have been infected. If you are confident that your computer is not infected but your message was rejected, please try posting a new message with a subject line which is different than those listed above.
We can assure you that this is only a temporary measure and hope to restore message delivery to normal as soon as possible.
The only thing that appears on Groups pages is a link at the top center called "Service Announcement", pointing to the text above. If you are getting redirected as indicated above, you are infected.
-drl
Edited by deSitter
Jan. 28, 2004, 12:11:04 AM EST
|
Post #138,253
1/28/04 1:10:08 AM
1/28/04 1:18:04 AM
|
I"m not infected at all
All I've gotten through Yahoo since this morning are group posts and one letter from my Aunt.
I clear my Bulk Mail folder, I had all of two spams in it, and they were deleted this morning. No more have arrived since.
And I NEVER open an attachment without John around, so I wouldn't get infected that way, plus I don't use conventional mail programs or browsers.
I haven't been redirected at all, and the message I was referring to was in the "MY GROUPS" page, not just any group page. If you are a member of any Yahoo group, that is where the message appears, on the list of your groups.
EDIT: I checked and didn't see it there, interesting, but members of my group said it was there. I do have the Service Announcment link though, maybe it's different cause I'm a moderator/owner.
Anyway, I'm fine, no viruses here or even slightly suspicious mails.
Nightowl >8#
"To become different from what we are, we must have some awareness of what we are."
Eric Hoffer
Edited by Nightowl
Jan. 28, 2004, 01:18:04 AM EST
|
