Re: I-Worm.NetSky.t
From: Barry N. Wainwright (barry_at_barryw.net.INVALID)
Date: 04/08/04
- Next message: Barry N. Wainwright: "Re: Moving calendar & address book between computers not on network"
- Previous message: Andy: "Address Book - Phone Number Formatting"
- In reply to: Cyrus: "I-Worm.NetSky.t"
- Next in thread: JasonMeyer: "Re: I-Worm.NetSky.t"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 08 Apr 2004 15:34:21 +0100
On 7/4/04 6:42 pm, in article
263a0b97.0404070942.41479184@posting.google.com, "Cyrus" <cyrus6@wanadoo.fr>
wrote:
> I am using microsoft Entourage on a Mac with OS X.3
>
> I know that I have a "I-Worm.NetSky.t" or some other king that is
> sending messages from my accounts, and I keep also getting messgaes
> with ".pif" attachments.
>
> I wnatd to know how can I find an remove this Worm from my computer.
>
> I appreciate your assistance.
>
> Best regards,
>
> Cyrus
Full details on the virus are found here:
<http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.t@mm.htm
l>
Note especially the bit that says:
> Systems Affected:
> Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server
> 2003, Windows XP
No mention of the Mac in there!
Macs are not affected, your computer is not infected.
It may appear that your computer is sending out these viruses, especially
when you get the bounces from bad addresses or systems that have rejected
the mail because it is infected. However, these emails are bneing sent out
by an infected windows machine, not yours. When an infected machine starts
sending viruses out, it will choose, at random, an email address stored on
the infected machine and will use this to forge the 'from' address and
return path. This way, the source of the infection is masked (to the
uninitiated) and is less likely to be identified and cleaned up.
The PIF files you are getting are likely from the same original source -
these are the infected emails being sent out by any one af a bazillion
windows viruses, including netsky. They are being sent to you because your
email address is listed in an infected computer's address book.
If one of the bounce backs returns the message with all headers intact it is
sometimes possible to trace the originating IP address from the routing
information. You can use any one of a dozen network look up tools to
identify the originating host, and so possibly the originating, infected,
machine. Then, you can send an email highlighting the URL posted above and
ask them to clean their act up.
-- Barry Wainwright Microsoft MVP (see http://mvp.support.microsoft.com for details) Seen the Entourage FAQ pages? - Check them out: <http://www.entourage.mvps.org/toc.html> Please post responses to this newsgroup. If I ask you to contact me off-list, remove '.INVALID' from email address before replying.
- Next message: Barry N. Wainwright: "Re: Moving calendar & address book between computers not on network"
- Previous message: Andy: "Address Book - Phone Number Formatting"
- In reply to: Cyrus: "I-Worm.NetSky.t"
- Next in thread: JasonMeyer: "Re: I-Worm.NetSky.t"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
