RE: Returned Mails

["Jason Haith" <jhaith () genesissys com>]

There are a couple ways to check if it is you with the virus.

1. Download one of Symantecs Virus Removal Tools for the W32.Netsky.C@mm
virus. They seem to work pretty good at catching a virus if you've been
infected.
2. Or you can open a sniffer on your computer and watch and look for any
emails/data mysteriously being sent from your computer. I've had more luck
with this method. Sniphere is a simple and small download that will do this
(www.securesphere.net).

Jason Haith
Systems Administrator
Genesis Systems
5712 S. 77th St
Omaha, NE 68127
Email: jhaith () genesissys com



-----Original Message-----
From: Guru4u Support [mailto:support () guru4u co uk]
Sent: Monday, April 26, 2004 12:56 PM
To: security-basics () securityfocus com
Subject: Returned Mails


Hi,

This is probably a stupid question but I could do with some confirmation
of what I think is happening. I've been receiving a lot of 'return' emails
claiming
they have been returned as I have a virus. Example below:


A virus was found in a message sent by this
account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: W32.Netsky.C@mm
File Attachment: posting.txt.com
Attachment Status: deleted

--- Original message information follows ---

From: *************@guru4u.co.uk
To: ********.com
Date: Fri, 23 Apr 2004 23:32:12 +0100
Subject: SPAM: the truth?
Received: from netcel.com ([80.42.154.232])
 by nospam.netcel.com (SAVSMTP 3.1.0.29) with SMTP id M2004042323185126674
 for ********.com>; Fri, 23 Apr 2004 23:18:52 +0100



I have up to now guessed these were down to 'someone' else's pc infected
with netsky or mydoom but after a lull I have been bombarded with loads
of such mails over the course of the day.

I would just like some reassurance that this is indeed due to other
people infected boxes rather mine. I have of course run several full
system scans with Norton av with the latest definitions etc and do use a
firewall, Spybot etc.

I've googled and this starts to confirm my suspicions but isn't authorative.

Thanks in advance,

Guru



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------