[aclug-L] Re: WeatherLab virus

[David Carmichael <dec2955@xxxxxxxxxx>]

Jonathan -

Some where my statement is being taken out of context.

What I said was ""..... .. since most everybody that I use to
email  .....""

I did not say ""..... "most everyone" .....""

Since "I" personally did not send email to 22,000 of their customers.

--David


----- Original Message -----
From: "Jonathan Hall" <flimzy@xxxxxxxxxx>
To: <discussion@xxxxxxxxx>
Sent: Thursday, November 14, 2002 12:22 PM
Subject: [aclug-L] Re: WeatherLab virus


>
> When you have 22,000+ customers to begin with, "most everyone" leaving
still
> leaves the possibility for several thousand people to continue using their
> southwind.net addresses.
>
> Even so, I'm not sure how accurate it is to say that "most everyone" has
> left.  Most geeks probably have... but most SouthWind customers aren't
> geeks, and don't really care where their bill comes from.  If they can
still
> get online and check their mail, most are happy (enough) to stay with
> SouthWind/OneMain/Earthlink.
>
> -- Jonathan
>
>
> ----- Original Message -----
> From: "David Carmichael" <dec2955@xxxxxxxxxx>
> To: <discussion@xxxxxxxxx>
> Sent: Thursday, November 14, 2002 10:56 AM
> Subject: [aclug-L] Re: WeatherLab virus
>
>
> >
> > Arnold -
> >
> > Thanks for the input.. as I did not know that the "Southwind.net" email
> > address was still a good address.. since most everybody that I use to
> email
> > at "Southwind.net" has changed ISP's over the years.
> >
> > From a follow up email from K. White.. they [WeatherLab] got close to
100
> > virus emails last night alone.
> >
> > FYI-1: following [at the end of the reply] is the emails header that had
> the
> > virus and maybe with your knowledge you can help track down the infected
> > machine?!?
> >
> > FYI-2: If you really use email address of: "abcjr@xxxxxxxxx" you are in
my
> > spamers filter due to the fact that about four weeks ago somebody tried
to
> > send me a virus with your email address as the from!?!  My filter is set
> to
> > allow 'TO' or FROM' "@ACLUG.ORG" to pass through and gets storted to its
> own
> > email inbox. I thought that it was a MADE UP email address due to what
> > seemed like random letters.
> >
> > FYI-3: DEC2955 = December 29th, 1955.. my birthdate..
> >
> > --David
> >
> > ----- Original Message -----
> > From: "Arnold Cavazos Jr." <abcjr@xxxxxxxxx>
> > To: <discussion@xxxxxxxxx>
> > Sent: Thursday, November 14, 2002 10:18 AM
> > Subject: [aclug-L] Re: WeatherLab virus
> >
> >
> > >
> > > David,
> > >
> > > You _are_ wrong,  "southwind.net" is still a valid e-mail domain:
> > >
> > > ***
> > > abcjr@corp:~<--% host -t mx southwind.net
> > > southwind.net mail is handled by 5 onemain-mx.earthlink.net.
> > > ***
> > >
> > > ELNK is just not creating any more "southwind.net" e-mail accounts.
> > >
> > > --
> > > Arnold B. Cavazos, Jr.                           Voice:  (316)858-3000
> > > Director of Operations                             Fax:  (316)858-3001
> > > Hubris Communications                        Toll-Free:  (866)267-INET
> > > abcjr@xxxxxxxxxx   http://www.iwichita.com    http://www.dslkansas.net
> > >
> > >
> > > On Thu, Nov 14, 2002 at 10:04:25AM -0600, David Carmichael wrote:
> > > >
> > > > Kevin -
> > > >
> > > > While I did not see the "Southwind" header.. I was mainly trying to
> let
> > you
> > > > know that somebody was sending out / spoofing emails with WeatherLab
> as
> > the
> > > > FROM.
> > > >
> > > > This way you are informed and might be able to help track down and
or
> > alert
> > > > others of the fake emails.
> > > >
> > > > What is strange is.. maybe I am wrong here... but I did not even
know
> > that
> > > > "Southwind" was still a good email address due to the number of
> mergers
> > with
> > > > other companies over the past few years?
> > > >
> > > > --David
> > > >
> > > > ----- Original Message -----
> > > > From: "Kevin White" <kevin@xxxxxxx>
> > > > To: <dec2955@xxxxxxxxxx>
> > > > Sent: Thursday, November 14, 2002 9:43 AM
> > > > Subject: WeatherLab virus
> > > >
> > > >
> > > > Hi David,
> > > >
> > > > I got your fax about the virus you received from the KSN WeatherLab.
> I
> > see
> > > > by the headers that you didn't really receive it from the
WeatherLab,
> > > > however.  It came from a Southwind dial-up account in Hutchinson.
You
> > can
> > > > tell by looking at the first "Received:" line (they go in order from
> the
> > > > "From:" up.  The first received line listed is the last place the
> email
> > > > routed through.
> > > >
> > > > This is caused by the fact that some user with Southwind received
the
> > virus
> > > > through their Outlook email software.  This virus then sends the
virus
> > out
> > > > AS everyone listed in their address book.  Therefore, it claims to
> come
> > from
> > > > the weatherlab, but it's only using an email address it found in the
> > > > infected users address book.
> > > >
> > > > Unfortunately, there is absolutely nothing we can do about it
because
> it
> > > > doesn't come from or through any of our machines.  It claims that it
> > does,
> > > > but it doesn't.  The headers always tell the story.
> > > >
> > > > Kevin White
> > > > KSN New Media Manager
> > > > -- This is the discussion@xxxxxxxxx list.  To unsubscribe,
> > > > visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
> > --
> > > Arnold B. Cavazos, Jr.                           Voice:  (316)858-3000
> > > Director of Sales & Marketing                      Fax:  (316)858-3001
> > > Hubris Communications                        Toll-Free:  (866)267-INET
> > > abcjr@xxxxxxxxxx   http://www.iwichita.com    http://www.dslkansas.net
> > >
> >
> >  Received: from vmj-ext.prodigy.net by vmj with SMTP; Wed, 13 Nov 2002
> > 21:48:52 -0500
> > X-Originating-IP: [64.113.192.74]
> > Received: from ewxmail.itworks.com (te-64-113-192-74.transedge.com
> > [64.113.192.74])
> >  by vmj-ext.prodigy.net (8.12.3 da nor stuldap/8.12.3) with ESMTP id
> > gAE2mdud186010;
> >  Wed, 13 Nov 2002 21:48:40 -0500
> > Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net
> > [207.217.120.22]) by ewxmail.itworks.com
> >  (Rockliffe SMTPRA 4.5.6) with ESMTP id
<B0000558786@xxxxxxxxxxxxxxxxxxx>
> > for <ksnewxmail@xxxxxxxxxxxxxxxx>;
> >  Wed, 13 Nov 2002 18:15:57 -0800
> > Received: from dialup-10-hutchinson1.southwind.net ([209.134.89.10]
> > helo=Qxin)
> >  by hawk.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
> >  id 18C9YO-0003sa-00
> >  for ksnewxmail@xxxxxxxxxxxxxxxx; Wed, 13 Nov 2002 18:16:24 -0800
> > From: weatherlab <weatherlab@xxxxxxx>
> > To: ksnewxmail@xxxxxxxxxxxxxxxx
> > Subject: Japanese lass' sexy pictures
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative;
> >  boundary=H1K34LUTR8zZyF2W64z63T
> > Message-Id: <E18C9YO-0003sa-00@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> > Date: Wed, 13 Nov 2002 18:16:24 -0800
> > Sender: ksnewxmail-request@xxxxxxxxxxxxxxxx
> >
> > --H1K34LUTR8zZyF2W64z63T
> > Content-Type: text/html;
> > Content-Transfer-Encoding: quoted-printable
> >
> > <HTML><HEAD></HEAD><BODY>
> > <iframe src=3Dcid:Z99oxu0lK51N6FA height=3D0 width=3D0>
> > </iframe>
> > <FONT></FONT></BODY></HTML>
> >
> > --H1K34LUTR8zZyF2W64z63T
> > Content-Type: plain/text;
> >  name="Norton AntiVirus Deleted1.txt"
> > Content-Transfer-Encoding: base64
> > Content-ID: <Z99oxu0lK51N6FA>
> >
> > Tm9ydG9uIEFudGlWaXJ1cyByZW1
> >
> >
> > -- This is the discussion@xxxxxxxxx list.  To unsubscribe,
> > visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
> >
> >
>
> -- This is the discussion@xxxxxxxxx list.  To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
>


-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi