[Vision2020] charles nolan publishers
Bill Moore
bmoore at fsr.com
Fri May 6 12:09:39 PDT 2005
The infected message Mr. Nolan brought to our attention was sent from
a Seattle DSL connection. However the SoberO/SoberP worms are very
active at the moment and lots of machines are infected across the
Internet. There was a short piece about this on NPR this morning.
The First Step Internet Technical Support crew put this list of links
together for more detailed information:
Here's a link to the Symantec information page on the W32.Sober.O mass-mailing worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html
Link to removal tool instructions:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html
Direct link to the removal tool for the worm:
http://securityresponse.symantec.com/avcenter/FxSobr.exe
Here's a free online scan that has an excellent hit rate:
http://housecall.trendmicro.com/
Bill
-----Original Message-----
From: vision2020-bounces at moscow.com [mailto:vision2020-bounces at moscow.com] On Behalf Of J Ford
Sent: Friday, May 06, 2005 11:56 AM
To: bmoore at fsr.com; vision2020 at moscow.com
Subject: RE: [Vision2020] charles nolan publishers
Is this the same one that is sending out e-mails stating that "your address
has been blocked" by uidaho.edu, wsu.edu, nsa.edu, admin.edu, etc? I've
been getting those for the past three days.
UI ITS said it was a virus, but they thought it was someone locally doing
it.
J
>From: "Bill Moore" <bmoore at fsr.com>
>To: "'Vision2020'" <vision2020 at moscow.com>
>Subject: RE: [Vision2020] charles nolan publishers
>Date: Fri, 6 May 2005 11:43:59 -0700
>MIME-Version: 1.0
>Received: from mail-gw.fsr.net ([64.126.132.22]) by mc7-f18.hotmail.com
>with Microsoft SMTPSVC(6.0.3790.211); Fri, 6 May 2005 11:45:09 -0700
>Received: from mail-gw.fsr.net (localhost [127.0.0.1])by mail-gw.fsr.net
>(8.13.1/8.12.3) with ESMTP id j46IidrX077951;Fri, 6 May 2005 11:44:39 -0700
>(PDT)(envelope-from vision2020-bounces at moscow.com)
>Received: from psmtp.com (exprod5mx115.postini.com [64.18.0.87])by
>mail-gw.fsr.net (8.13.1/8.12.3) with SMTP id j46IibAN077887for
><vision2020 at firststepinternet.com>;Fri, 6 May 2005 11:44:37 -0700 (PDT)
>(envelope-from bmoore at fsr.com)
>Received: from source ([64.126.133.20]) by
>exprod5mx115.postini.com([64.18.4.10]) with SMTP; Fri, 06 May 2005 11:44:33
>PDT
>Received: from tetra ([64.126.135.134])by starfish.fsr.com (8.13.3/8.12.8)
>with ESMTP id j46IiZiI073488for <vision2020 at moscow.com>; Fri, 6 May 2005
>11:44:35 -0700 (PDT)(envelope-from bmoore at fsr.com)
>X-Message-Info: loPmDlX8LgfAGqM8zLhgDuJxZItXpzz0zZeiGNnxy/M=
>X-Mailer: Microsoft Office Outlook, Build 11.0.6353
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Thread-Index: AcVSZWPUueHin0UZSb60Mgv2vcrzJQAA6lSg
>X-BeenThere: vision2020 at moscow.com
>X-Mailman-Version: 2.1.4
>Precedence: list
>List-Id: Moscow/Latah county community discussion list
><vision2020.moscow.com>
>List-Unsubscribe:
><http://mailman.fsr.com/mailman/listinfo/vision2020>,<mailto:vision2020-request at moscow.com?subject=unsubscribe>
>List-Archive: <http://mailman.fsr.com/pipermail/vision2020>
>List-Post: <mailto:vision2020 at moscow.com>
>List-Help: <mailto:vision2020-request at moscow.com?subject=help>
>List-Subscribe:
><http://mailman.fsr.com/mailman/listinfo/vision2020>,<mailto:vision2020-request at moscow.com?subject=subscribe>
>Errors-To: vision2020-bounces at moscow.com
>Return-Path: vision2020-bounces at moscow.com
>X-OriginalArrivalTime: 06 May 2005 18:45:10.0131 (UTC)
>FILETIME=[BAF1BC30:01C5526B]
>
>Visionaries,
>
>Someone out there (apparently in Seattle area) has the Sober.P or SoberUp
>worm. They also have
>several local email addresses in their address book, including the
>vision2020 and CharlesNolanPublishers
>addresses. This worm propagates by randomly choosing address book email
>addresses and uses one
>address for the To: field and another randomly chosen address for the From:
>field. The message appears
>as if its coming from Mr. Nolan but is not.
>
>V2020 caught and killed the post sent to the list. But if your email
>address is in the infected computer's
>address book, and if your virus protection software does not catch it, you
>too may see the message.
>
>Don't open it, just throw it away.
>
>Bill Moore
>First Step Internet
>
>
> _____
>
>From: vision2020-bounces at moscow.com [mailto:vision2020-bounces at moscow.com]
>On Behalf Of Kit Craine
>Sent: Friday, May 06, 2005 11:00 AM
>To: 2020 Vision
>Subject: [Vision2020] charles nolan publishers
>
>
>I just received a virus infected, unsolicited email from "Charles Nolan
>Publishers", which appears to be a Christian publisher
>located in Moscow.
>
>I've never heard of this outfit. Anyone know anything about it?
>
>Kit Craine
>
>_____________________________________________________
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
>¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_____________________________________________________
List services made available by First Step Internet,
serving the communities of the Palouse since 1994.
http://www.fsr.net
mailto:Vision2020 at moscow.com
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
More information about the Vision2020
mailing list