|
andy_lemon
Mar 3, 2004, 8:50 PM
Post #1 of 9
(1219 views)
Shortcut
Registered: Sep 7, 2001
Posts: 3335
|
I recieved a letter from administrator@rockclimbing.com today. It said:
In reply to: Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information. It came with an attachment that could not be opened because it was a .zip.php Two different file extensions? My pc said it was a MS Picture it file but failed to open. I don't know what is going on... please explain? Andy
|
|
|
|
|
vertical-rockrat
Deleted
Mar 3, 2004, 9:10 PM
Post #2 of 9
(1219 views)
Shortcut
Registered:
Posts:
|
I would always be warry of any good site sending you a file, i can not say RC wont but i would assume all their emails would be first Text, then maybe HTML only. This is a way for you to determine if someone is using a fake name over their real email name to email you. Whenever i see a file marked with two extentions i assume its a virus unless i know the person sending it knows computers. I would run a virus, trojan, and spyware scanner now since you tried to open it. Can a RC.com Admin please respond with if you would ever send a attached file or if your emails about accounts would be sent in text only? This information could help poeple out good.
|
|
|
|
|
tcollins
Mar 3, 2004, 9:17 PM
Post #3 of 9
(1219 views)
Shortcut
Registered: Feb 25, 2002
Posts: 999
|
I got something similar from Excite today. Since it was a .zip file I deleted it and assumed it was a virus. Why would Excite send me a .zip file? As to your message, if that's the exact wording, I would assume it wasn't from the admin, but a virus also. I would hope they would send a better writen message than that.
|
|
|
|
|
tim
Mar 3, 2004, 9:34 PM
Post #4 of 9
(1219 views)
Shortcut
Registered: Apr 4, 2002
Posts: 4861
|
It's some sort of a virus. Coming from various sources -- ASU, cox.net, etc. -- with a spoofed header. I'm looking into updating the virus scanner or switching to Kaspersky. If you see this in your inbox, delete it without opening. I have long debated about stripping attachments -- at the very least PIF files and other such crap -- and will start that today. Thanks again, Microsoft. (where's the "fuck you" smiley?)
|
|
|
|
|
tim
Mar 3, 2004, 9:37 PM
Post #5 of 9
(1219 views)
Shortcut
Registered: Apr 4, 2002
Posts: 4861
|
Ps. There is no 'administrator@rockclimbing.com' or 'staff@rockclimbing.com' account. Mail to either will bounce. The Mark of Mischief.
|
|
|
|
|
hungouttodry
Mar 3, 2004, 10:49 PM
Post #6 of 9
(1219 views)
Shortcut
Registered: Jun 3, 2003
Posts: 18
|
yea its a virus its that beagle.K or whatever -J
|
|
|
|
|
tim
Mar 3, 2004, 11:03 PM
Post #7 of 9
(1219 views)
Shortcut
Registered: Apr 4, 2002
Posts: 4861
|
more: article about the Beagle worm The moral, as usual, is DO NOT OPEN EMAIL ATTACHMENTS without an extremely compelling reason. I will see what I can do about this later tonight. It ought to be getting filtered but I'm concerned that our localpreference SA rule is too generous. Regardless, I should just drop all PIF extensions and windows executables. There seems to be a consensus that this is the work of our favorite population subgroup, the spammers. Such lovely people. The usual verbiage about wishing spammers to be incarcerated with a lonely guy who has successfully enlarged his penis, applies here.
|
|
|
|
|
tim
Mar 3, 2004, 11:35 PM
Post #8 of 9
(1219 views)
Shortcut
Registered: Apr 4, 2002
Posts: 4861
|
Update: Our virus scanner had crashed and left behind an open socket where there was not supposed to be one, preventing it from cleanly restarting. I fixed this, made some changes to support automatic failure detection, and that should be the last we hear of this worm. Sorry folks, my bad. I'll have to put this into the monitoring regimen.
|
|
|
|
|
overlord
Mar 4, 2004, 8:50 AM
Post #9 of 9
(1219 views)
Shortcut
Registered: Mar 25, 2002
Posts: 14120
|
:lol: :lol: :lol: i got the same message from yahoo. they even provided the password for the .zip file. theres no way im opening this.
|
|
|
|
|
|