PDA

View Full Version : Virus - I-Worm/Bagz.D


Phobia
02-01-2005, 01:56 AM
This thing is killing my 37forever.org email.

I can receive several hundred of these messages per day.
I am responding to your last email in the attached file.
I had a delivery problem with your inbox, so maybe you'll receive this now.

Here's the full header of one of them:
Return-path: <oliver.gu@qazyst.com>
Envelope-to: spampreventionmeasure@73forever.org
Delivery-date: Tue, 01 Feb 2005 01:43:09 -0600
Received: from [68.103.72.32] (helo=127.0.0.1)
by host.todotown.com with esmtp (Exim 4.43)
id 1CvsgJ-0003wL-D2
for spampreventionmeasure@73forever.org; Tue, 01 Feb 2005 01:42:42 -0600
SUBJECT: Money
FROM: oliver.gu@qazyst.com
TO: spampreventionmeasure@73forever.org
DATE: [[ Tue, 01 Feb 2005 1:42:44 AM ]]
MIME-Version: 1.0
AVG seems to catch them, but it's still a major PITA because each attachment is sizable and when I'm getting that many of them, it's a real PITA.

htismaqe
02-01-2005, 09:07 AM
Is qazyst.com forged, or is it FQDN?

Phobia
02-01-2005, 10:20 AM
No, they're legit addys. Mine appears often as well. It's like somebody has spoofed my address and is sending out virus shit.

ROYC75
02-01-2005, 10:22 AM
No, they're legit addys. Mine appears often as well. It's like somebody has spoofed my address and is sending out virus shit.

Reports are in, it is. That's the way it is spreading, according to symantec.

htismaqe
02-01-2005, 10:29 AM
If it's using your email address, is it possible that your machine is infected?

ROYC75
02-01-2005, 10:36 AM
If it's using your email address, is it possible that your machine is infected?


According to my pc man here, it's possible, he says no. It copys a neutral email addy and starts sending them out.

He works on the side here, his regular job is Head of electronics at a very large aluminum plant down here.

He also handles 5 or 6 medium size business here pc work.

He explained it to me today, I'm not really smart enough to tell you how it works.

He did say that right now there are around 500 new virius's and malware scripts being written each month.

The 3 my daughter has on here pc , he has heard of yet. It's going to be an adventure to clean it , maybe as far as starting from scratch.

Phobia
02-01-2005, 10:47 AM
If it's using your email address, is it possible that your machine is infected?

No, but it's possible that my password may have been compromised due to nefarious means. I'm going to change it right now.

htismaqe
02-01-2005, 10:48 AM
According to my pc man here, it's possible, he says no. It copys a neutral email addy and starts sending them out.

He works on the side here, his regular job is Head of electronics at a very large aluminum plant down here.

He also handles 5 or 6 medium size business here pc work.

He explained it to me today, I'm not really smart enough to tell you how it works.

He did say that right now there are around 500 new virius's and malware scripts being written each month.

The 3 my daughter has on here pc , he has heard of yet. It's going to be an adventure to clean it , maybe as far as starting from scratch.

I design IP security systems for a living. I could go spend an hour and read up on the virus and figure it out, but I decided to save time and just ask him instead...

:thumb:

htismaqe
02-01-2005, 10:50 AM
No, but it's possible that my password may have been compromised due to nefarious means. I'm going to change it right now.

If I get some time here, I'll go research the virus and see where in the propagation stream you are...

ROYC75
02-01-2005, 10:52 AM
http://www.sophos.com/virusinfo/analyses/w32bagzd.html

Name W32/Bagz-D
Type Worm

How it spreads Email attachments

Affected operating systems Windows

Side effects Turns off anti-virus applications
Sends itself to email addresses found on the infected computer
Forges the sender's email address
Uses its own emailing engine
Downloads code from the internet

Aliases I-Worm.Bagz.d

ROYC75
02-01-2005, 10:54 AM
It also gives instructions to take care of it.

I can find this shit, I'm not smart enough to understand it all and do it !

Phobia
02-01-2005, 10:57 AM
It also gives instructions to take care of it.

I can find this shit, I'm not smart enough to understand it all and do it !

I don't HAVE the virus. I'm merely the unfortunate victim of hundreds daily messages containing the virus attachment. Sometimes the attachment is 9 Meg, so you can see how that would become a giant PITA when I'm receiving 50 of them at a time.

ROYC75
02-01-2005, 11:04 AM
I don't HAVE the virus. I'm merely the unfortunate victim of hundreds daily messages containing the virus attachment. Sometimes the attachment is 9 Meg, so you can see how that would become a giant PITA when I'm receiving 50 of them at a time.

I understand that, a victim that could be a casualty if you open the worm up. :D

I was getting a bunch of junk on a couple of business email accounts .

htismaqe
02-01-2005, 11:13 AM
I don't HAVE the virus. I'm merely the unfortunate victim of hundreds daily messages containing the virus attachment. Sometimes the attachment is 9 Meg, so you can see how that would become a giant PITA when I'm receiving 50 of them at a time.

Unfortunately, there's probably not much you can do.

You should sign up for a network-based scanning service from your ISP...that would get rid of it.

Phobia
02-01-2005, 11:33 AM
Unfortunately, there's probably not much you can do.

You should sign up for a network-based scanning service from your ISP...that would get rid of it.

Except it's through my 37 Forever address. Which is hosted on this server. Heh.

ROYC75
02-01-2005, 11:39 AM
Except it's through my 37 Forever address. Which is hosted on this server. Heh.

Which , I haven't gotten any of them yet ?

Crossing fingers !

htismaqe
02-01-2005, 11:44 AM
Except it's through my 37 Forever address. Which is hosted on this server. Heh.

How many email users do we have coming through here?

I could probably get us on board with MessageLabs...

Phobia
02-01-2005, 11:59 AM
As far as I know, less than 10. I'm by far the heaviest user. The other accounts are rarely used.

htismaqe
02-01-2005, 12:00 PM
As far as I know, less than 10. I'm by far the heaviest user. The other accounts are rarely used.

It would be about $30 a month.

It would probably help the server load a bit too, if the messages are freaking 9M...

Phobia
02-01-2005, 12:06 PM
It would be about $30 a month.

It would probably help the server load a bit too, if the messages are freaking 9M...

I think I like free better. This problem just started to get bad the past couple days. When I get access, I'm going to dink with the mail settings on the server and see if I can solve anything.

htismaqe
02-01-2005, 12:11 PM
I think I like free better. This problem just started to get bad the past couple days. When I get access, I'm going to dink with the mail settings on the server and see if I can solve anything.

Well, it depends on whether or not it's impacting overall server performance.

I'll take it up with Kyle and see what he says.