On 6 Jun 2003 at 13:39, janet paterson wrote:
> hi all
>
> FYI
> i'll bet dollars to donuts
> the original of this (at 99670k) was a virus
>
Your donuts are in the mail...
06/06/2003 12:59:57 PM,Virus scanner,W32.Bugbear.B@mm,Quarantined...
may have been...
New Variant of BUGBEAR - PE_BUGBEAR.B (Medium Risk)
PE_BUGBEAR.B is a destructive, file-infecting variant of WORM_BUGBEAR.A that affects Windows 95, 98, ME, NT, 2000, and
XP platforms.
The "attachment" was initially detected as ""suspicious" by Zone Labs software firewall.
Note: ZoneAlarm Pro comes preconfigured with 46 attachment types that can carry worms or other harmful code. By
default, ZoneAlarm Pro quarantines all of these attachment types.
IN any case... Norton Pro 2003 Anti-Virus then further quarantined the quarantined attachment and I manually deleted
it.
> NB
> my advice is chronically and perpetually
> change all your e-mail software settings to
> "open attachments automatically?" = NEVER
>
and... Further Advice... Check for Windows Updates often...
http://v4.windowsupdate.microsoft.com/en/default.asp
Some worms uses SMTP commands to obtain an SMTP server to propagate. The worm sends an email using the Incorrect MIME
Header Exploit which causes Internet Explorer to automatically execute the email attachment without the recipient
opening it.
Latest Security Patches from Microsoft negate this Security breach...
>
> FWIW
> not so much
> for the effectiveness of
> spam attackers and assassins!
>
ONE more point of interest...
The From: line indicates this eMail is from "Brightline" <[log in to unmask]>
Does raj (brightline) suddenly have an email address on Kathrynne Holden's server? Doubtful...
the raw data in the header says....
X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Return-Path: <[log in to unmask]>
Received: from mx1.eastlink.ca (nx.eastlink.ca [24.222.0.30])
by mail.novus-tele.net (8.9.3/8.9.3) with ESMTP id LAA12208
for <[log in to unmask]>; Fri, 6 Jun 2003 11:00:18 -0700
Received: from raj-computer ([24.222.243.126])
by mx1.eastlink.ca (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13
2003)) with SMTP id <[log in to unmask]> for
[log in to unmask]; Fri, 06 Jun 2003 14:08:08 -0300 (ADT)
Date: Fri, 06 Jun 2003 14:07:56 -0300 (ADT)
Date-warning: Date header was inserted by mx1.eastlink.ca
From: Brightline <[log in to unmask]>
Subject: Re: Re: FELDENKRAIS METHOD
Message-id: <[log in to unmask]>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_kKHRl7f6WmPAVA+kZViMfg)"
HHHHHHHHHHHHHHHhhhhhhhhhhhhhhhhhhhhhhmmmmmmmm...
RAJ.... Your 'puter has a bad bug...
a.) it originated on raj's PC at his eastlink.ca server... not Kathrynne's... (ie: Brightline
<[log in to unmask]> was "spoofed")
b.) it was sent to individual addresses in raj's address book...
c.) interesting that no data appears to identify the mailer software... is it blocked by this bug?
( raj uses Microsoft Outlook Express 6.00.2800.1158 , which is susceptible to this virus...)
d.) ( janet uses QUALCOMM Windows Eudora Light Version 3.0.6 (16) as her choice of eMail client software... , which is
NOT susceptible to this virus... I use Pegasus Mail for Windows (v4.11) for the same reason...)
e.) SpamAssassin 2.55 did not transfer the attachment on janet's PC in any case...
f.) I don't think this went to the PARKINSN LIST ( John C.'s software prolly stopped it... wasn't received in any
case...)
g.) raj... you should consider virus protection right away...
cheers ....... murray
>
> janet
> former PIE-net listserv-owner listserv-nerdette-elfette
> current self-taught web-spinner site-builder
>
> ---------------------------------------------------
> At 13:26 2003/06/06 -0400, janet paterson wrote:
> >Return-path: <[log in to unmask]>
> >Envelope-to: [log in to unmask]
> >Delivery-date: Fri, 06 Jun 2003 17:12:40 +0000
> >Received: from nx.eastlink.ca ([24.222.0.30] helo=mx1.eastlink.ca)
> > by keymaster.look.ca with esmtp (Exim 4.20)
> > id 19OKlb-0001lR-Nk
> > for [log in to unmask]; Fri, 06 Jun 2003 17:12:39 +0000
> >Received: from raj-computer ([24.222.243.126])
> > by mx1.eastlink.ca (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13
> > 2003)) with SMTP id <[log in to unmask]> for
> >[log in to unmask];
> > Fri, 06 Jun 2003 14:08:03 -0300 (ADT)
> >Date: Fri, 06 Jun 2003 14:07:56 -0300 (ADT)
> >Date-warning: Date header was inserted by mx1.eastlink.ca
> >From: Brightline <[log in to unmask]>
> >Message-id: <[log in to unmask]>
> >MIME-version: 1.0
> >Bcc:
> >X-SA-Exim-Mail-From: [log in to unmask]
> >Subject: Re: Re: FELDENKRAIS METHOD
> >Content-type: multipart/mixed;
> boundary="Boundary_(ID_tfL619Yd02hH+qH5FLLXqA)"
> >X-Spam-Status: No, hits=3.0 required=6.5
> > tests=MICROSOFT_EXECUTABLE,MISSING_HEADERS,QUOTED_EMAIL_TEXT,
> > SUBJ_HAS_SPACES,UPPERCASE_25_50
> > version=2.55
> >X-Spam-Level: ***
> >X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
> >X-SA-Exim-Version: 3.0 (built Mon Jun 2 17:21:47 GMT 2003)
> >X-SA-Exim-Scanned: Yes
> >
> >I saw a TV program on gthis issue. But, I could no find any info on this in
> >the internet.
> >
> >----- Original Message -----
> >From: "M.Schild" <[log in to unmask]>
> >To: <[log in to unmask]>
> >Sent: Tuesday, April 23, 2002 11:36 AM
> >Subject: Re: FELDENKRAIS METHOD
> >
> >
> >> A few PWPs on the french list use Feldenkrais and say it is helpful
> >> Maryse cg John 73,13
> >>
> >>
> >> >HAS ANYONE HAD ANY EXPERIENCE OF THE FELDENKRAIS METHOD OF ASSISTING WITH
> >
> >
> >
> >WARNING: The remainder of this message has not been transferred.
> >The estimated size of this message is 99670 bytes.
> >Click on the server retrieve icon above and check mail again to get the
> >whole thing. If the server retrieve icon is not showing, then this message
> >is no longer on the server.
>
> janet paterson: an akinetic rigid subtype, albeit primarily perky, parky
> pd: 56-41-37 cd: 56-44-43 tel: 613-256-8340 email: [log in to unmask]
> my newsletter: http://groups.yahoo.com/group/newvoicenews/
> my website: http://www.geocities.com/janet313/
>
> ----------------------------------------------------------------------
> To sign-off Parkinsn send a message to: mailto:[log in to unmask]
> In the body of the message put: signoff parkinsn
* * *
Murray Charters <[log in to unmask]>
http://www.geocities.com/murraycharters/
----------------------------------------------------------------------
To sign-off Parkinsn send a message to: mailto:[log in to unmask]
In the body of the message put: signoff parkinsn
