[Gambas-user] Virus attack at my box
ron
ronstk at ...239...
Sun Apr 18 18:12:17 CEST 2004
Hi all,
I get the last week many email containing a virus.
Attached are two snapshots of two groups.
----------
first group (viruslog16.jpg)
The favorite sender has send from 213.41.146.174
This is a France network owner. 'nerim.net'
the other ip addresses are more different but same network owner.
For both the majority it is coming from France or is related to France.
Also for domain the opensource/linux is favorite in direct or indirect way
found by googling for the person and domain names.
Senders IP are fake addresses in IP blocks for France.
----------
second group (viruslog1B.jpg)
the second senders ip is in a german provider in berlin
and for these they are comming from the same subnetwork of it.
common in most of them is a germant IP netblock owner
For one of them the sender is a fake but has someone this addressin his
adressbook, using windows, Symantec anti Virus and maybe Opera on laptop?
Peter1/Nestor.NESTOR @ nestor-online.de
----------
This results for me these two virusses are send by 2 users living in
France and Germany and has interesse in linux and is maybe is a gambas user.
My email address is public at the homepage of gambas and the time it started
is after the 0.92 release.
Also emails between me and some gambas users can be a hint.
In the past 5 years I was passed by those virus mails but now they start to
come aftrer I have lucky dropped the M$ loserdows box. :+)
Look for a reasonable user name and/or domain existence in your
addressbook (windows, laptop?), a bit combining of them can give a match.
The DateTime can also help for users not 24/7 online.
If you see a time and know you have at least 1 hour before that time
no connection to the internet than that email is not from you.
Maybe the others also not from you that way.
There was after 14-apr a third one send to me.
Using google to find the persons and domain there was a match in a subject
Using this method shows me a candidate for the third virus sender and after
contact him he was indeed infected. Installed a program that day and used a
crack to use it. resulting in a bombardment of 1 each hour.
usernames and domain matched random and some where unique for him.
maybe the two pictures contains also for others here a match.
They are delivered direct at ISP mail que using MX records or the sender is
in the tiscali.nl domain.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: viruslog1B.jpeg
Type: image/jpeg
Size: 32735 bytes
Desc: not available
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20040418/853d3dc3/attachment.jpeg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: viruslog16.jpeg
Type: image/jpeg
Size: 44894 bytes
Desc: not available
URL: <http://lists.gambas-basic.org/pipermail/user/attachments/20040418/853d3dc3/attachment-0001.jpeg>
More information about the User
mailing list