forum.defcon.org

CompGeek replied

February 4, 2004, 11:39
Bulk folders...

I have several email accounts...and it seems that anytime you subscribe to an email newsletter or have to input your email address on the web anywhere, you get slammed with bulk crap mail. It could also just be where garble trash mail goes by default.....not sure.

But I have seen the same issue across Lycos, Yahoo, Netscape, and Hotmail.

Best rule of thumb in my opinion, is always dump the bulk mail without even looking at it.

99.9999999999999999% it's marketing crap.

But this seems to be the norm across any free email services.
Leave a comment:
ch0l0man replied

January 30, 2004, 13:32
W32/MyDoom-B
Leave a comment:
astcell replied

January 30, 2004, 13:10
That's easy to fix if you know anything about lmhost files.
Leave a comment:
noid replied

January 30, 2004, 11:21
Another interesting MyDoom.b twist. Apparently it also blocks you from hitting most AV sites (symantec, etc).
Leave a comment:
lil_freak replied

January 30, 2004, 10:58
Originally posted by astcell

Last time MS knew they were going to be hit they simply removed windowsupdate.com and nothing happened. Howeverm that is like not keeping money at the bank so it cannot be robbed. :>
.

MS should have done more though. It seems as if MyDoom likes to take out IE. So, hopefuly everyone uses Netscape or something else other than IE to access the internet.

Also, if you do get MyDoom, make sure that all of your TCP & UDP Bridge Ports are checked because it likes to try and open an access to them.

You can close these ports so MyDoom can not gain access, however may be looking at a lot of ports.
Leave a comment:
lil_freak replied

January 30, 2004, 10:41
Originally posted by iduru

That probably wasn't MyDoom that you opened last week as it just surfaced on tuesday...

...and back to lurking I go.

The MyDoom email came out before Tuesday, it was out by Jan. 22, but had not started to spread world wide till Monday Jan 26. causing most of it damage.
Leave a comment:
Qu|rk replied

January 30, 2004, 10:12
Very valid point, this attack is going to be different I do believe though. Last time they tried bandwidth attacks, which were stopped at fiber routers via filtering before they got close. This time all they know is that windows is targeted in some form, no specific target declared in regards to windows.... and with the GET requests they're using, I'm surprised they didn't take a different approach and use DRDoS - I dont condone it, nor am I giving ideas but its something to consider when trying to find the one behind it.

Qu|rk
Leave a comment:
astcell replied

January 30, 2004, 09:40
Last time MS knew they were going to be hit they simply removed windowsupdate.com and nothing happened. Howeverm that is like not keeping money at the bank so it cannot be robbed. :>

I have received hundreds of these virii now, thank heavens they go to one folder in e-mail and Sophos catches them as they land. I only wish my ISP caught them instead of simply defanging them.
Leave a comment:
Qu|rk replied

January 30, 2004, 06:40
MyDoom.a isnt bad, many good fixes out for it. Its Mydoom.b which was recently discovered in china(18ish hours ago), is highly polymorphic and as of this morning, no antivirus has released or issued any cleaners or a/v updates for. I have yet to see the source, but I would like to find the bastard that wrote it, 250k would allow me to invest in a T-3 at the house! - if you're running *nix, you can stop all the spam if you have spamassassin installed, just modify it to deny all mail with attachments that have
an attachment of 22,528 bytes, and all .zip files unless in the trusted users list. I also did a bit of port blocking, TCP 3127-3198
specifically so any stupid users on the network I administer dont get it and participate in the DoS attack.

Sidenote: I think Microsoft will be fine with what will occur, if they make the logical choice in how to divert bandwidth and all the GET requests they will receive.
Leave a comment:
iduru replied

January 30, 2004, 02:36
That probably wasn't MyDoom that you opened last week as it just surfaced on tuesday...

...and back to lurking I go.
Leave a comment:
EeeekPenguins replied

January 29, 2004, 21:46
I opened one a week or so ago but deleted almost right away. I havent noticed any changes on my computer but I will go to one of the anti-virus folks and have it fixed. Thanks Astcell.
Leave a comment:
astcell replied

January 29, 2004, 20:10
I hope you did not view them. What you have there is the MyDoom virus. The successor, MyDoom-B, will not even have to be clicked on top open.

Go to any of the anti-virus folks to download a free zapper for the MyDoom virus just to make sure you are safe.

By the way, catch the dude who wrote the code and you can be over a quarter million dollars richer.
Leave a comment:
EeeekPenguins started a topic Odd e-mails

January 29, 2004, 19:45
Odd e-mails

Latley I have been recieving odd e-mails in my yahoo account in my bulk folder. These e-mails are from people I dont know and either have the subject of "Hi","Hello", or just jarbeled letters. They also have something attached to them. I have been getting 5+ a day. It seems like it must be some sort of worm (MSBlaster?) because all of the e-mails are coming from adresses that dont sound as if they are web based. If anyone has any suggestions please let me know or if they have an idea of what all of this is.
Tags: None

Announcement

Odd e-mails

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Odd e-mails