Question:
Hi all, I just wanted to make sure everyone was on the lookout for email-borne viruses. I have gotten at least 3 and as many as 6 attempts a day at infecting my PC. Norton catches them but just wanted to warn folks to watch out for .pif and .scr files (in addition of course to the ones you’re used to looking out for.) best, kcat
Response:
Hey thanks KCat. I too have had 5 attacks and my server caught them before even sending them to me. But there have been a number of times that my Norton has hit attack lately too. Esp in the early evenings. Do you know a site to go to, to find where ports are from. Like I get attacked and Norton say. It came from 34.535464.335433 port and Heck I have no clue as to where that is? Can you help me here. Stupid me.. janers
Response:
In article <asf0dugmgf2fvs9e4sfk5cf8uc13mhg…@4ax.com>, KCat <kcdoc…@ghg.net> wrote >Hi all, >I just wanted to make sure everyone was on the lookout for email-borne >viruses.
I am. I get two a week! >I have gotten at least 3 and as many as 6 attempts a day at infecting >my PC.
Huh – you must be better known than me. Sulk. >Norton catches them but just wanted to warn folks to watch out >for .pif and .scr files (in addition of course to the ones you’re used >to looking out for.)
If you use windows, it’s worth opening windows (not Internet!) explorer then going to View Options and set it to NOT "hide extensions for known file types". Then, if someone sends you a file and it has TWO extensions – eg look-at-this.jpg.bat or readme.txt.pif – you should be Very Suspicious Indeed. If you do ‘hide extensions’ then the examples above would show as look- at-this.jpg and readme.txt and you might be tempted to open them, which would do nasty things to your computer. I have mine set to ’show all files’ too, which does produce some interesting stuff 
— Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
In article <AQXz8.96$FL3.14…@cletus.bright.net>, Janers <rojak…@bright.net> wrote >Hey thanks KCat. I too have had 5 attacks and my server caught them >before even sending them to me. But there have been a number of times >that my Norton has hit attack lately too. Esp in the early evenings. >Do you know a site to go to, to find where ports are from. Like I get >attacked and Norton say. It came from 34.535464.335433 port and Heck I >have no clue as to where that is? Can you help me here.
Try http://www.symantec.com who have a test-me routine and loads of info. You may have to pick a quiet time to visit… However I do not believe that is a port – every port I’ve seen is a single number from 1 to 65536. Not a clue on what it is, though! — Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
KCat, are these in attachments from people you know? Wende "KCat" <kcdoc…@ghg.net> wrote in message
news:asf0dugmgf2fvs9e4sfk5cf8uc13mhgfp8@4ax.com… – Hide quoted text — Show quoted text -> Hi all, > I just wanted to make sure everyone was on the lookout for email-borne > viruses. > I have gotten at least 3 and as many as 6 attempts a day at infecting > my PC. Norton catches them but just wanted to warn folks to watch out > for .pif and .scr files (in addition of course to the ones you’re used > to looking out for.) > best, > kcat
Response:
Hey Andy My Norton pops up when there is a security attack from a virus or Trojan horse? It was NOT the number I mentioned, that was just a number. But this number.. 63.233.91.11 was one of them that showed that someone was trying to access my computer through a back door or something. It does not mean that IT was a bad attack but that someone maybe trying to access. Heck I am not sure of this mumbo jumbo stuff. So I just have mine set for high security…or what ever that word is? LOL And keep Norton updated with auto updates and files. so far so good. janers thanks Andy
Response:
I have had several instances of virus attacks lately. So, now I have my email program set to immediately put any email with an attachment in the Deleted Items and I just "Empty Deleted Items" without even looking. Is that sufficient? KathyA2
Response:
On Wed, 01 May 2002 21:26:10 GMT, "Wende" <n…@cox.net> wrote: > KCat, are these in attachments from people you know? Wende
thus far no. The are from unknowns. I delete anything I don’t recognize. This means I may have deleted emails that weren’t obvious newbies needing help. 
Usually I catch those though. Some spammers (therefore virus hacks?) have some way of detecting part of your name and putting it in the subject or even the author field. So be aware of that as well. I love the ones that say things like "Docknickal" or something equally silly that I suppose is supposed to fool me. to Andy: I’ve got the setting for file ext. thanks for the reminder though – can’t be too careful these days. I think the difference in the frequency of attacks is that my ISP is [insert derogatory description] when it comes to security and spam. they like to send us "updates" which basically says "this is spam, spam is inevitable, it’s not our problem, here’s a site you can go to to buy anti-spam software. Suck it up. and thank you for your business!" grrrrr… I still haven’t installed the anti-spam freeware I downloaded. Paranoid that it will cause other problems. We all know how wonderfully stable Windows is. <snort> Oh… btb, it’s amazing how fast PS and IL and such run when you give them enough memory! :)
Response:
No. That will help with viruses that are attachments but not with email that comes in an HTML code. Viruses can be encrypted in there so if you have friends that write on pretty stationary etc. you could still have a problem. Besides if you dump every attachment you just might miss something good!!! Bev "KathyA2" <abbe…@earthlink.net> wrote in message
news:j20A8.67$ce4.11032@newsread1.prod.itd.earthlink.net… – Hide quoted text — Show quoted text -> I have had several instances of virus attacks lately. So, now I have my > email program set to immediately put any email with an attachment in the > Deleted Items and I just "Empty Deleted Items" without even looking. Is > that sufficient? > KathyA2
Response:
"Janers" <rojak…@bright.net> wrote in news:AaZz8.104$FL3.15047@cletus.bright.net: > 63.233.91.11
Qwest Communications (NETBLK-NET-QWEST-63BLKS) 950 17th St. Suite 1900 Denver, CO 80202 US Netname: NET-QWEST-63BLKS Netblock: 63.232.0.0 – 63.235.255.255 Maintainer: QWDL Coordinator: Qwest, NOC (QN-ARIN) DIAProdMa…@qwestip.net 1-703-363-3001 (FAX) 1-703-363-3177 — Most of the worlds great discoveries are made with a cry, not of "Eureka!" but "That’s funny".
Response:
In article <j20A8.67$ce4.11…@newsread1.prod.itd.earthlink.net>, KathyA2 <abbe…@earthlink.net> wrote >I have had several instances of virus attacks lately. So, now I have my >email program set to immediately put any email with an attachment in the >Deleted Items and I just "Empty Deleted Items" without even looking. Is >that sufficient?
I’d say it is more than sufficient for attachment viruses [1] – it should certainly delete viruses, but it also means you cannot receive emails with photos of grandchildren/flowers/kittens/whatever, or notes from meetings, or from people who have signature files. If that suits you, great. I have to take the risk, as I *want* to receive some attachments [2] – so I have assorted antivirus programs. [1] but not for HTML ones as Bev has pointed out [2] even the 4 megabyte ones, or some of them — Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
In article <qm31du4cutt6mh33vnp573u4n6apcor…@4ax.com>, KCat <kcdoc…@ghg.net> wrote [ >to Andy: I've got the setting for file ext. thanks for the reminder >though - can't be too careful these days. I think the difference in >the frequency of attacks is that my ISP is [insert derogatory >description] when it comes to security and spam. they like to send us >"updates" which basically says "this is spam, spam is inevitable, it’s >not our problem, here’s a site you can go to to buy anti-spam >software. Suck it up. and thank you for your business!"
There’s said to be a case winding its way through the courts, in which some spammer is suing some ISP on the grounds that the umpteenth amendment to the USA Constitution protects his right of free speech… Personally, I’d prefer to censor my own mail than to have someone else do it for me. But I’d want to continue the ability to do "bulk censoring", where I decide that "on balance and for me" I freely choose NOT to receive anything from certain countries. >grrrrr… >I still haven’t installed the anti-spam freeware I downloaded. >Paranoid that it will cause other problems.
Not paranoid [well not here ] – just realistic. >We all know how >wonderfully stable Windows is. <snort> >Oh… btb, it’s amazing how fast PS and IL and such run when you give >them enough memory! :)
A hint to the wise.. — Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
In article <S3Zz8.3680$MS5.211…@news2.east.cox.net>, Wende <n…@cox.net> wrote > KCat, are these in attachments from people you know? Wende
It doesn’t matter – their computer could be infected, and they might not know anything about it until their friends start complaining. — Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
In article <AaZz8.104$FL3.15…@cletus.bright.net>, Janers <rojak…@bright.net> wrote >Hey Andy >My Norton pops up when there is a security attack from a virus or Trojan >horse?
Good – it’s doing its job >It was NOT the number I mentioned, that was just a number. >But this number.. 63.233.91.11 was one of them that showed that >someone was trying to access my computer through a back door or >something.
Ah – that’s an "I P Address" – like a phone number for the internet. There’s a (sort of) phone book, and you can look up these numbers and see who they belong to…. whois -h whois.arin.net 63.233.91.11 Qwest Communications (NETBLK-NET-QWEST-63BLKS) 950 17th St. Suite 1900 Denver, CO 80202 US Netname: NET-QWEST-63BLKS Netblock: 63.232.0.0 – 63.235.255.255 Maintainer: QWDL Coordinator: Qwest, NOC (QN-ARIN) DIAProdMa…@qwestip.net 1-703-363-3001 (FAX) 1-703-363-3177 >It does not mean that IT was a bad attack but that someone maybe trying >to access.
Yes – WHY they wanted access is another question. — Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
Most viruses I’ve caught over the years have come from friends. They didn’t know about it, it just happens and when it does it happens so fast!! The only one that was not caught from someone I know was picked up while surfing the web. And considering where I was surfing, mostly mom and pop type small retailers the odds are they had no idea their site was infected. Bev "Andy" <a…@kitzbuhel.demon.co.uk> wrote in message
news:mkC3MTB9MR08Ew+k@kitzbuhel.demon.co.uk… – Hide quoted text — Show quoted text -> In article <S3Zz8.3680$MS5.211…@news2.east.cox.net>, Wende > <n…@cox.net> wrote > > KCat, are these in attachments from people you know? Wende > It doesn’t matter – their computer could be infected, and they might not > know anything about it until their friends start complaining. > — > Andy [Editor, Austrian Philatelic Society] > For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> > For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> > For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
And where do I find this "phone book" thingy for looking up such addresses? Is there a site? Awe come on now, I need to be kept busy today LOL thanks janers
Response:
In article <POcA8.336$FL3.29…@cletus.bright.net>, Janers <rojak…@bright.net> wrote >And where do I find this "phone book" thingy for looking up such >addresses? >Is there a site? Awe come on now, I need to be kept busy today LOL
The one I use is at http://www.demon.net/external/ which is provided by my ISP, then type the 4-part number in the 3rd box and submit it. It links to elsewhere so if you can find the elsewhere that would be more direct. Also I don’t know if it works for you as an outside customer – try it and tell me! — Andy [Editor, Austrian Philatelic Society] For Austrian philately <URL:http://www.kitzbuhel.demon.co.uk/austamps> For Lupus <URL:http://www.kitzbuhel.demon.co.uk/lupus> For my other interests <URL:http://www.kitzbuhel.demon.co.uk>
Response:
okey dokey Andy. did it, and it worked. The same thing Timothy L told me it was. Right there big an fancy LOL So next attack I write down numbers and find out thanks alot janers
Response:
"Janers" <rojak…@bright.net> wrote in news:00hA8.349$FL3.31934@cletus.bright.net: > okey dokey Andy. > did it, and it worked. The same thing Timothy L told me it was. > Right there big an fancy LOL > So next attack I write down numbers and find out > thanks alot > janers
I used Sam Spade <samspade.org> to get that info. Another good tool is NetDemon <www.netdemon.net>. A good site for finding out where spam comes from and sending complaints is Spam Cop <www.spamcop.net>, this site parses the headers for you and forwards the complaints to the appropriate abuse@. Figuring out where the e-mail came from is not easy. Spammers have figured out how to obfuscate the route that the mail took to you. I can’t say that using these tools and reporting spam will help reduce the amount you get. In fact when I used them it seems the spam increased. I am lucky, when I moved to my present ISP about 2yrs ago the amount of spam I receive dropped to near zero, I hink partly because the ISP does not sell the address and partly because I gained the knowledge to not put my address aout there to be harvested in Usenet. The address that you see here is to an active account just to trap spam. I do check it every 2-3 days to check for legitimate mail and to delete the spam. — Most of the worlds great discoveries are made with a cry, not of "Eureka!" but "That’s funny".
If you like this post and would like to receive updates from this blog, please subscribe our feed.