Aces High Bulletin Board
General Forums => The O' Club => Topic started by: JB73 on November 02, 2003, 10:56:53 PM
-
i have gotten 10 emails today from weird places with this same message:
ScanMail for Microsoft Exchange has detected virus-infected attachment(s).
Sender = Microsoft
Recipient(s) = packers-outlist@dmi2.dminteractive.com
Subject = Use this patch immediately !
Scanning Time = 11/01/2003 12:31:27
Engine/Pattern = 6.640-1001/669
Action on virus found:
The attachment patch.exe contains PE_DUMARU.A virus. ScanMail has Deleted it.
Warning to recipient. ScanMail has detected a virus.
WTF is this?!?!??!
i did a full scan and nothing. but still these from all sorts of odd addresses coming to me
anyone know whats up?
-
If your e-mail addy is on someones computer who has a virus could also be a possibility.
What the virus will do is "mask" itself by spoofing a false return e-mail address using any address it finds on the host computer.
So technically it might not be you who's sending the e-mail's. But either way carefull cause you've had contact with the "infected" computer before.
-BM
-
but is this "notification" i got "legit"... a real server sending a reply to an addy it got a virus from? (ie virus masked sender addy to mine so this exchange server thinks im sending out the viruses)?
reminder .. like i said i got like 10 of these all with basically the same message some had an *.exe attachment (no i didnt open it or anything they are all deleted out of trash bin too) but all were from "exchange server" or something.
-
No its not a legitimate replay... that "Patch" is the virus
________
This virus infects .EXE files using Alternate Data Stream (ADS). It searches the entire system for target executables but is only able to infect files in the root directory.
It propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine. It arrives on email with the following format:
From: "Microsoft" security@microsoft.com
Subject: Use this patch immediately !
Message body: Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe
It drops a Trojan detected as TROJ_NAROD.A, which connects to IRC via port 6667 to allow remote users to manipulate infected systems. This Trojan allows remote users to perform a Denial of Service (DoS) attack against other machines using infected systems.
______________
Virus Report and Removal Instructions (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_DUMARU.A)
-BM
-
yeah .. just found this:
http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=dumaru
its odd though cause i KNOW im clean... wonder who i know that isnt? (not an AH player cause these came to an addy noone in AH has.. its my personal addy)
-
Originally posted by JB73
yeah .. just found this:
http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=dumaru
its odd though cause i KNOW im clean... wonder who i know that isnt? (not an AH player cause these came to an addy noone in AH has.. its my personal addy)
Anyone who has your addy in their address book.
-
Sings the virous song .....
Somebooooooooody Youuuuuuuu knoooooow has it ....
Annnn theeeeeeeere trying to give it toooooo yoooooou oooo OOO !!!
AN of coursssssse theeeeeey have nooooooo ideaerrrrrrrrrrrr that they have iTTTTTTTTT !!! OOOOOOO OOOO.....