But it apparently didn't identify it for George who is also running
Norton. That's why I posed the question about Norton versions.
Chuck Norcutt
Piers Hemy wrote:
> In Jim's words "Right now, it is isolated to the Norton AntiSpam folder", so
> it would seem that Norton identified it correctly! Have to give Norton the
> nod when it does something (anything?) right.
>
> Piers
>
> -----Original Message-----
> From: Chuck Norcutt [mailto:chucknorcutt@xxxxxxxxxxxxxxxx]
> Sent: 13 July 2010 12:09
> To: Olympus Camera Discussion
> Subject: Re: [OM] George's (classicVW) computerapparently infectedwith
> avirus
>
> I didn't think about it right away but, since I agree that the email itself
> does not contain a virue, I'm wondering what criterion was used by Jim's
> copy of Norton to consign the incoming mail to the virus vault.
>
> Chuck Norcutt
>
>
> Piers Hemy wrote:
>> Indeed yes, Chuck, someone has an infection of some sort, and it looks
>> likely that is George. Whether or not it is a virus is hard to say -
>> but what is being distributed as a result of the infection appears not
>> to be a virus, just a rogue email. But I would guess that propagation
>> of the infection is achieved by visiting the website linked to in the
> rogue emails.
>> The site has not been blacklisted by the checker I looked at
>> (www.urlvoid.com) but the whois data suggest that an individual in
>> Moscow owns the site. Who knows what his plans might be?
>>
>> Piers
>>
>> -----Original Message-----
>> From: Chuck Norcutt [mailto:chucknorcutt@xxxxxxxxxxxxxxxx]
>> Sent: 13 July 2010 01:55
>> To: Olympus Camera Discussion
>> Subject: Re: [OM] George's (classicVW) computerapparently infectedwith
>> avirus
>>
>> Thanks. But is there not some infected machine somewhere on some list
>> member's machine that is providing the source of the addresses? Or is
>> the swiping of the addresses remote in time and place from the current
> mailings?
>> I go bonkers trying to read the headers.
>>
>> Chuck Norcutt
>>
>>
>> Piers Hemy wrote:
>>> I agree with you, Chuck, the email itself looks harmless, there is
>>> simply a link to another website, which would explain why various AV
>>> products do not pick it up.
>>>
>>> But it's a bit more subtle than you described, as I did not receive
>>> anything from George. Apparently "I" sent the message to someone with
>>> an email service run by Tigertech, who duly rejected it for Spam
>>> content, and returned it to the list bounce address (which is at
>>> thomasclausen.net). It looks like several others were also returned,
>>> as I received an advisory to the effect that several bounces had been
>> received.
>>> Inspecting the headers of the one message retirned to me, I see
>>> everal addresses beginning with "O", including a few old list
>>> addresses, and Moose (olymoose). I assume that Moose had exchanged
>>> email with George at some stage in the past, as have I.
>>>
>>> >From the perspective of the recipients, it appears to be no more
>>>> than
>>>> a
>>> further spam source, which so far seems to be trivial in volume
>>> compared to all the other stuff that I get (which is a fraction of
>>> what I could get if I didn't have a few lines of defence).
>>>
>>> Piers
>>>
>>> -----Original Message-----
>>> From: Chuck Norcutt [mailto:chucknorcutt@xxxxxxxxxxxxxxxx]
>>> Sent: 12 July 2010 20:06
>>> To: Olympus Camera Discussion
>>> Subject: Re: [OM] George's (classicVW) computerapparently
>>> infectedwith avirus
>>>
>>> If it's the same thing as I saw (it was on the list) there was no
>>> harm in opening the email. I think the harm might come from clicking
>>> on the link in the mail.
>>>
>>> Chuck Norcutt
>>>
>>>
>>> Jim Nichols wrote:
>>>> Chuck,
>>>> Right now, it is isolated to the Norton AntiSpam folder. I am a
>>>> little bit afraid to try to examine it, for fear of infecting my
>>>> computer. What, specifically, should I look for?
>>>> Jim Nichols
>>>> Tullahoma, TN USA
>>>> ----- Original Message -----
>>>> From: "Chuck Norcutt" <chucknorcutt@xxxxxxxxxxxxxxxx>
>>>> To: "Olympus Camera Discussion" <olympus@xxxxxxxxxxxxxxxxx>
>>>> Sent: Monday, July 12, 2010 12:52 PM
>>>> Subject: Re: [OM] George's (classicVW) computer apparently
>>>> infectedwith avirus
>>>>
>>>>
>>>>> George (and the others) may be very interested to hear that. He
>>>>> has been using a new machine with supposedly a new copy of Norton
>>>>> AV which did not pick up the infection. On my advice he also tried
>>>>> a copy of Avast! which didn't pick anything up either. He'd
>>>>> probably be appreciative of your version numbers (code and data)
>>>>>
>>>>> Chuck Norcutt
>>>>>
>>>>>
>>>>> Jim Nichols wrote:
>>>>>> I just checked, and found it in my Norton AntiSpam Folder, as well.
>>>>>> It was dated July 10.
>>>>>>
>>>>>> Jim Nichols
>>>>>> Tullahoma, TN USA
>>>>>> ----- Original Message -----
>>>>>> From: "Charles Geilfuss" <charles.geilfuss@xxxxxxxxx>
>>>>>> To: "Olympus Camera Discussion" <olympus@xxxxxxxxxxxxxxxxx>
>>>>>> Sent: Monday, July 12, 2010 12:19 PM
>>>>>> Subject: Re: [OM] George's (classicVW) computer apparently
>>>>>> infected with avirus
>>>>>>
>>>>>>
>>>>>>> I just noticed that I have received the same e-mail from
>>>>>>> ClassicVW at my hospital address that I used to use for the OM List.
>>>>>>>
>>>>>>> Charlie
>>>>>>>
>>>>>>> On Mon, Jul 12, 2010 at 11:13 AM, Charles Geilfuss <
>>>>>>> charles.geilfuss@xxxxxxxxx> wrote:
>>>>>>>
>>>>>>>> John,
>>>>>>>> Would you be willing to let them know so we can correct
>>>>>>>> the situation? Thanks.
>>>>>>>>
>>>>>>>> Charlie
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jul 12, 2010 at 10:04 AM, John Hermanson
>>>>>>>> <omtech1@xxxxxxxxxxx>wrote:
>>>>>>>>
>>>>>>>>> I've gotten that link with the return addresses of 2 other list
>>>>>>>>> members besides George.
>>>>>>>>> ___________________________________
>>>>>>>>> John Hermanson | CPS, Inc.
>>>>>>>>> 21 South Ln., Huntington NY 11743
>>>>>>>>> 631-424-2121 | www.zuiko.com
>>>>>>>>> Olympus OM Service since 1977
>>>>>>>>> Gallery: www.zuiko.com/album/index.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Chuck Norcutt wrote:
>>>>>>>>>> Based on the last (no subject) email from ClassicVW it would
>>>>>>>>>> appear his machine is infected with a virus. Don't click on
>>>>>>>>>> the included link.
>>>>>>>>>>
>>>>>>>>>> Chuck Norcutt
>>>>>>>>> --
>>>>>>>>> _______________________________________________________________
>>>>>>>>> _
>>>>>>>>> _
>>>>>>>>> Options:
>>>>>>>>> http://lists.thomasclausen.net/mailman/listinfo/olympus
>>>>>>>>> Archives:
>>>>>>>>> http://lists.thomasclausen.net/mailman/private/olympus/
>>>>>>>>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>>>>>>>>
>>>>>>>>>
>>>>>>> --
>>>>>>> _________________________________________________________________
>>>>>>> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>>>>>>> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>>>>>>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>>>>>>
>>>>>>>
>>>>> --
>>>>> _________________________________________________________________
>>>>> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>>>>> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>>>>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>>>>
>>>>>
>> --
>> _________________________________________________________________
>> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>> Themed Olympus Photo Exhibition: http://www.tope.nl/
>>
> --
> _________________________________________________________________
> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
> Themed Olympus Photo Exhibition: http://www.tope.nl/
>
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|