[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Subject Index][Author Index]

Re: virus - bagle, not sasser

To: dinosaur@usc.edu;
Subject: Re: virus - bagle, not sasser
From: Colin McHenry <cmchenry@westserv.net.au>
Date: Fri, 07 May 2004 23:55:14 +1000
In-reply-to: <012E56F9-9FB6-11D8-827C-000A95C35BB6@blissnet.com>
References: <012E56F9-9FB6-11D8-827C-000A95C35BB6@blissnet.com>
Reply-to: cmchenry@westserv.net.au
Sender: owner-dinosaur@usc.edu

As one of the current offenders (apparently - along with Nick P), I should clarify this;

The Sasser worm is a problem, and anyone who hasn't updated their virus definitions or Miscrosoft updates should do so (if their computer hasn't stopped working by now). However, Sasser is not a mass mailing worm - it infects systems through live network/internet connections, not emails. The worm most likely to be responsible for the blank emails is Bagle, which is a mass mailing worm. For more info on this worm, check out the Symantec page; http://www.sarc.com/avcenter/venc/data/w32.beagle.x@mm.html

This worm has spread extensively over the edu.au domain over the last two weeks, and when I was taking the Sasser worm off my work computer on Monday I discovered that it had been infected with Bagle as well. Apologies to anyone who's been getting a load of virus emails from my account. However, it does spoof, so the blank emails that have been apparently eminating from my account since Monday are not from me - more likely, someone on the DML is infected and the worm is spoofing my email address.

You can tell a spoofed email because your email client will show it coming from the username rather than the full name - i.e. a spoof will show up as being from 'Cmchenry', whereas a proper email from me should appear as 'Colin McHenry' in your client.

And for those people who constantly get blank messages even for 'proper' emails, I have noticed that the fault can lie with the email client rather than the filter on the DML server. For instance, I am (for various reasons) running two email clients at the moment, Netscape (v7.1) and Outlook Express (v6). For whatever reason, Netscape turns a significant proportion of emails from the DML and vrtpaleo into 'blanks', whilst those same emails are fully visible in Outlook Express. I have no idea why this might be the case, but if every second email from the list is a blank, you might want to try a different client.

Cheers
Colin

P.S. And just so I muight not get into trouble from the Mary/Mickey monster, I finally got hold of Farlow and Pianka's 2003 Historical Biology paper (on Body Size Overlap, Habitat Partitioning and Living Space Requirements of Terrestrial Vertebrate Predators: Implications for the Paleoeecology of Large Theropod Dinosaurs). Top stuff - I don't recall it being discussed on the list, but anyone who likes the idea of their tyrannosaurids as tachymetabolic might want to check it out (although the best bit is about Australian goannas).

frank bliss wrote:

There have been a lot of blank emails. I am an IT guy, The sasser worm is becoming quite a problem world wide. The solution is to go to http://www.microsoft.com/security/incident/sasser.asp and read all about the fix. It takes a while if you have a dial up but broadband is not so painful. You definitely should research the issue and take action. Mac users need not worry. Frank Bliss


--
*****************
Colin McHenry
School of Environmental and Life Sciences (Geology)
University of Newcastle
Callaghan NSW 2308
Tel: +61 2 4921 5404
Fax: + 61 2 4921 6925

******************
Colin McHenry & Sarah Johnston
14 Summer Place
Merewether Heights  NSW 2291
+61 2 4963 2340
mob: 0423 081683

cmchenry@westserv.net.au
Colin.Mchenry@newcastle.edu.au

References:
- virus
  - From: frank bliss <frank@blissnet.com>

Prev by Date: Triassic Coprolite Survey
Next by Date: RE: Triassic Coprolite Survey
Previous by thread: virus
Next by thread: RE: cope and marsh
Indexes: