zip attachments
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: zip attachments

  1. #1
    Member
    Join Date
    Dec 2002
    Posts
    58

    zip attachments

    I don't know whether this was discussed here earlier as i am not regular here.

    I am getting a large number of .zip attachments nowadays from known and unknown addresses. The known address are from yahoogroups friends and i received a mail from mygroup-unsubscribe@yahoogroups today. I suspect some virus had infected yahoo groups.

    Also am getting mails saying that some server rejected my message bcoz it contains virus but actually those messages were not send by me. it happens only with my yahoo id.

    Is it a virus ?

    Thanks

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Is it a virus ?
    They very well could be. Any time you receive an attachment (zip or not) that you didn't know was coming, it is wise to check with the sender to see if they actually meant to send it to you. If they didn't send it, and or you don't know the sender then I would assume it to be maleware of some sort and just delete it.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Don't you have an up2date virusscanner? That should tell you if it's a virus or not.
    There are a few viruses lurking around that send their payload in a zipfile.

    Also note that alot of viruses fake the senders address. So somebody is sending viruses (probably without their knowledge) with your address as the sender. That's why you're getting the viruswarnings (which any descent admin should have turned off by now).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    I am getting a large number of .zip attachments nowadays from known and unknown addresses. The known address are from yahoogroups friends and i received a mail from mygroup-unsubscribe@yahoogroups today. I suspect some virus had infected yahoo groups.

    Also am getting mails saying that some server rejected my message bcoz it contains virus but actually those messages were not send by me. it happens only with my yahoo id.
    one or a couple of your friends have been infected with one of the many mass mailer virus's like Netsky.p and family (please note this is not the only virus/worm that works like this)

    The Virus searched the victems machine and found email addresses in various locations including emails and word documents.. It then went about sending emails containing itself using its own Smtp (email distribution) program.. but here is the twist.. when it creates the email using a random name (in some cases yours) and sends it to another Random name (sometime yours)..

    But then again it could be you thats infected.. have you scanned the machine recently.. as Sirdice asked..

    I now have a new recomendation.. a BartPE CD with the AV & spyware plugins.. (still working on this one) basic but it makes life a little easier..

    Cheers

    BTW: who recommended BartPE to me?.. or was it in a thread here.. thanks just the same..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Got 3 emails today from service@cinderblock, through my yahoo account. All had password protected zip attachments. I only looked at one, no prizes for guessing what i found.

    You guest it. Beagle.H@mm.

    Info:

    W32.Beagle.H@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. It also sends the attacker the port on which the backdoor listens, as well as the IP address. The email attachment is a randomly named .exe file inside a .zip file. The embedded .exe file is password-protected with a random password.

    http://securityresponse.symantec.com...agle.h@mm.html

    I new what i was doing when i took a look and i new what i would find. If you nead to ask the question, just delete them. One of the drawbacks to groups@yahoo and the like is you are going to get added to plentty of address books. It only takes one infected idiot to start the ball rolling.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    If you are looking for a good scanner with very good updates and a scanner that will automatically filter your email go with Kaspersky Virus scanner. You can get a free scanner at kaspersky.com.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Also am getting mails saying that some server rejected my message bcoz it contains virus but actually those messages were not send by me
    Sun, may be just a simple case of email spoofing. Usually the returned emails I've gotten back contain an expanded email header of the original offending email along with an explanation of why it was returned. If you look at the Received: fields, you can generally determine the true origin of the actual email most of the time. Personally though, I never had much luck tracing the path of the offending emails because there's people out there using proxies and telnetting into open mail servers which makes the investigation almost pointless.
    The only thing I can recommend to combat email spoofing is updated mail server logs (of emails you actually sent) coupled with maybe PGP or a Digital ID (Verisign for instance).
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    We have just been hit with about 25 of these ......and Norton CE 8.01 is not catching them.
    I manually downloaded the virus defs
    8/09/04

    Anyone else???

    Email appears to be coming from internal exchange users or absolute strangers.



    MLF

    Attachments are price.zip containing
    price.html and price.exe
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    morganlefay: It's the new Bagle.AQ see this thread.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    The email attachment is a password protected zip file. Hence Norton will not catch it untill after it has been unzipped. At least thats my experience. Norton upto now has always stripped infected attachments from my emails but those that i have recieved uptill now were not in a password protected compressed file.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •