Page 1 of Strange email from "gfacer" whoever that is

Has anyone received a strange email from gfacer - whoever that is. I think it might have got to me via 3rd party from
stohsliam-laedagem[at]moc.sdnuosrehcir.stsil

Also got an email from a "john macneill"with same heading (don`t know them either BUT addressed to stohslia-laedagem[at]moc.sdnuosrehcir.tsil

reads as follows:-
" I received this message from "gfacer"(whoever that is). The message has a virus and I would like to know why he was able to do this using your group email address.

have deleted both emails - but foolishly replied to john macneill - thinking he worked for richer sound. Also notified richer sounds.
What should I do now? Ta for any help.....

I got the same e-mail mate, and also got the "john macneill" message.

As to who is gfacer....it`s in the message. his e-mail address is recafg[at]zn.oc.taffom

I never open e-mails unless they`re from somebody I know or registration details I`ve been expecting. Its unlikely it`ll be a virus (even more unlikely I`d get infected with my anti-virus software) but it could be an ad or spam. There`s no need to open the junk so just dump it.

This item was edited on Sunday, 5th May 2002, 21:20

Basically, anyone who has signed up to the Richer Sounds mailing list will get this message, together with the two replies.

Do what I do and install Mailwasher, a great free utility which you can use to bounce spam and viruses back from whence they came (very useful, because as with Hotmail you get to see the size of the e-mail : anything over about 30K is probably a virus or some such nonsense).

Great utility : so good, I`m thinking of paying the guy a few bucks for it :

http://www.mailwasher.net

Instal it now !

Clayts...
Ta ... always coming up trumps! I`ve taken your advise and downloaded it. Is it better to save it on disk or open from source and should I use any particular settings etc???

Any more advice welcomed.

also got a handful of nasty emails re same subject....

Yep I got the same message, shocking really, have asekd them to remove me from their list....

Mailwasher : save it to disk.

You then need to set up your accounts exactly as they are in Outlook/Outlook Express, and rather than keeping your normal e-mail program open, just keep Mailwasher open and get it to check every so often (eg mine`s on every 10 minutes).

Useful way of blocking spam, and tons of stupid messages relating to this Richer Sounds virus : just delete `em and bounce `em straight back so they think you don`t exist :-)

Yo Clayts - good call ! I swear by Mailwasher too, and have considered sending a donation.

It`s also great for dialup users who are sick of spending five minutes DL`ing email for it all to be junk. You can preview the headers, and then delete and blacklist senders without downloading YET ANOTHER advert for online viagra ;-)

DanB

The viagara ads are always welcome :-(

only two replies? you are lucky...

I`ve had every dimwit with an e-mail address on the mailing list.. asking me why i had sent a virus..

Did it not occur to everyone just to reply to gfacer and NOT the mailing list... 30 e-mails and counting... i`m getting a bit sick of being told where to stick my virus and i`m pretty sure that everyone on the mailing list is sick of it as well...

Now before we jump down the throat of Richersounds... heres the lowdown on the virus..

neg.zelK.23W[at]mm is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages.

The subject and attachment name of incoming emails is randomly chosen. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.
neg.zelK.23W[at]mm attempts to copy itself to all network shared drives that it finds.

Depending on which variant of the worm, the worm will drop one of the following viruses:


W32.Elkern.3326
W32.Elkern.3587
W32.Elkern.4926

which will then infect the system.

Email spoofing
Some variants of this worm use a technique known as "spoofing." If it does this, it chooses at random an address that it finds on an infected computer as the "From:" address that it uses when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers receive complaints that they have sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with E.zelK.23W[at]mm; Linda is not using a antivirus program or does not have current virus definitions. When neg.zelK.23W[at]mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold`s email address into the "From:" line of an infected email that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her infected email, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.