Howdy folks, Since the OT forum & Tavern are gone I have no idea where to post this so you're stuck with it here :-) In the last hour I've received 3 emails that have 4 things in common... All are from Renderosity members All are from SE Asia All are from different ISPs All have the latest variant of the W32.Netsky.P@mm virus (disguised as a "document.txt.......exe" file inside a zip. The text of the email is as follows.... "To: coolerbear@att.net Subject: Re: thanks! Date: Mon, 7 Jun 2004 10:02:26 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0016----=_NextPart_000_0016" X-Priority: 3 X-MSMail-Priority: Normal Please confirm the document. ++++ Attachment: No Virus found ++++ Norman AntiVirus - www.norman.com Attachment Converted: "d:eudoraattachletter.zip"" Now assuming these weren't sent to me deliberately (possible- but I don't recall pissing anyone off in that part of the world recently :-) it means that someone or someones here are infected. So keep an eye out for ANY email with an attachment, even if it's from someone you know & trust.

Thanks for the heads up cooler ;) Im wondering tho..could it just be targeted at Eudora?

Thanks, cooler. I'll watch out for it. Good thing you caught it. Norman?? I'm picturing the android from that Star Trek episode... -Heidi

Norman anti-virus exists - I saw it pre-installed on several machines in the shops when I was helping pick a laptop.

The "from" field may have been spoofed by the zombie machines that sent the virus. A comparison of IP addresses of the members vs. the virus senders may exculpate the members, but if they are running open machines, then their ISP should notify them and disconnect them until they can disinfect. However, if their ISP is in Korea, Singapore, Philippines etc., there's not much chance their ISPs will respond in any way.

Yeah I've got a couple of those too from rosity members, cooler. Looks like you're not the only one.

Flak, Thanx for the confirmation. I deal with these situations differently if it turns out to be some sort of personal vendetta as opposed to an inadvertently infected machine. mateo, Contrary to your opinion of SE Asian ISPs I've already been contacted by 2 of them, confirming that the emails were sent from their service, apologizing for my inconvenience, & promising to forward the information to their respective customers. :-) jumpstartme2, I'm not aware of any virus that has been constructed specifically to target Eudora. Usually they are designed to take advantage of flaws in MS products,(& yes I consider a default setting of "launch all attachments automatically" a serious flaw :-)

just to chime in on this topic, I've also been receiving these emails for about a week on my yahoo email account. I wrote back to the senders the first day or two and received a couple of replies saying that they hadn't sent me anything. But many times the address used by the sender wasn't valid.

Just about all of the original emails I received were approximately 41kb in size and the senders seemed to be related to renderosity in some way (artists, venders, etc...some actually were from "somebody"@renderosity.com).

jen

I receive and "send" about 10 to 20 virus per day, there are two types one with 41k and the other with 20k, (Netsky.XX and other don't remember), all are from 3d members. Yahoo bulk is working fine, the only I have to do is to empty the bulk folder.