Theiling Online    Sitemap    Conlang Mailing List HQ   

ATTN: Pablo Flores (VIRUS WARNING)

From:H. S. Teoh <hsteoh@...>
Date:Saturday, October 19, 2002, 4:09
Sorry to send this here, but just in case this *is* caused by a virus,
people should know about it, especially since it appears to be targeted
specifically to CONLANG subscribers.

My mail server has just received 17 emails, supposedly from Pablo Flores,
from an email server of questionable repute. The source and destination
email addresses have obviously been forged, as it claims to be sent from
"pablo-flores@QUICKFUR.YI.ORG", which obviously doesn't exist, since
Pablo and myself have no relationship of any kind except for the fact that
we are both subscribed to CONLANG. The "quickfur.yi.org" domain belongs to
me, and has nothing to do with Pablo.

Furthermore, the content of the email is very suspicious: it appears to be
a truncated copy of a GENUINE message sent to CONLANG a while ago, however
with a long binary attachment of type application/x-msdownload and (very
suspicious) filename "icq200b.exe.exe".

Although each separate aspect of these emails appear innocuous, together
they are very suspicious: the fact that 17 almost identical copies are
frozen by my mailserver (thank goodness for reliable mailservers), all
with timestamps a few seconds apart, the suspicious nature of the
attachment, and the obviously bogus email addresses, suggests to me that
this is an ingenious attempt to bypass email filters unassailed and into
potential victims' mailboxes. Fortunately, the bogus addresses were caught
by my mailserver and safely frozen in the mail spool.

Therefore, I suspect this is a particular insidious virus that has
infected poor Pablo, and is now attempting to propagate itself to members
of the CONLANG list to which he is subscribed. I do not know how the virus
could have made the connection between my domain name and Pablo's
username; but I think the intent is clear.

If I'm just being overly paranoid, please feel free to slap some senses
into me. But it looks like Pablo will have to disinfect his computer, and
other CONLANG subscribers will probably want to scan their computers for
potential infection.


T

--
What do you get if you drop a piano down a mineshaft? A flat minor.

Replies

Pablo David Flores <pablo-flores@...>Please don't delete this! was: ATTN: Pablo Flores (VIRUS WARNING)
Christophe Grandsire <christophe.grandsire@...>
bnathyuw <bnathyuw@...>