Morning everyone - new here so hope I have posted in the correct thread:wavey:

Hi - I received an email from noreply@ntlworld.com - with an attachmnet and subject heading - warning you have a virus on your computer. I was in 2 minds on whether to open or not - deleted the email - but to be safe incase the email was genuine - I phoned tech dept - they advised that it was a virus, and they don't send emails with attachments - just curious if anyone else has received this type of email.

Before i phoned - i ran the following - trend micro, Nortons, adaware, spybot S&D, spyblaster - also have mailwasher - all came up clean

Good Morning welcome to Nthellworld.
I personally have not received any such email, but where I work we have been getting a lot of reports of it.

I dont think its sepcific to NTL, I am certain the address will be spoofed.

The good part of it is that you were switched on enough to realise th epossible dangers and took appropriate action.

Hi - I received an email from noreply@ntlworld.com - with an attachmnet and subject heading - warning you have a virus on your computer.This is a virus worm: bagle.j. It will be detected by NAI's 4332 DAT file when it is released.

This is a virus worm: bagle.j. It will be detected by NAI's 4332 DAT file when it is released.

deleted anyway - thank goodness for mailwasher - thanks for your replies

I got an email from ntlworld this morning, saying there had been complaints from some people about the spam emanating from my account. I was a tad surprised, since I'm very careful to protect my computer from invasion, but I have been away and perhaps the children had let something through.
The attachment was password protected. I opened it. (oh dear!)
The worm bagel was in the attachment. Since I was suspicious the first thing I did after opening the thing was to update and run my antivirus (something I do at least once a day). It cleaned out the problem. I'll goto Trend and check that everything has gone after this.
So beware - don't open the exe file ntl sends you! I've sent a copy of the email to support at ntl. Is there anywhere else I should send it?

I'll gaurantee you the email wasnt from NTL.
Seems this virus is being spread through spoofing email address's. We have been getting hit with it at work, looks like your mates/colleagues are sending you a file or something and its the virus.

I got an email from ntlworld this morning, saying there had been complaints from some people about the spam emanating from my account. I was a tad surprised, since I'm very careful to protect my computer from invasion, but I have been away and perhaps the children had let something through.
The attachment was password protected. I opened it. (oh dear!)
The worm bagel was in the attachment. Since I was suspicious the first thing I did after opening the thing was to update and run my antivirus (something I do at least once a day). It cleaned out the problem. I'll goto Trend and check that everything has gone after this.
So beware - don't open the exe file ntl sends you! I've sent a copy of the email to support at ntl. Is there anywhere else I should send it?

This virus was not sent by NTL. It is spoofing the NTL address to make it apear that way.

Have a look at this thread - http://forum.nthellworld.co.uk/showthread.php?p=157088#post157088#

Oh and :welcome: to the site BTW :D

ntl are most certainly not sending this

the email address is spoofed

don't send it anywhere!

Just wondered - what was the nature of the exe, and what did it propose to do?
I think it's very unlikely this came from ntl. Its fair to say - you've been 'ad.

Dont open attachments unless they are something from a known address that you were expecting to recieve.

No probs.

And as said above, the email is unlikely to have originated from NTL. You can post the headers of the email here, and we'll see if we can figure where it came from.

Good luck getting rid off it :)

Dont open attachments unless they are something from a known address that you were expecting to recieve.

No probs.

And as said above, the email is unlikely to have originated from NTL. You can post the headers of the email here, and we'll see if we can figure where it came from.

Good luck getting rid off it :)
OK ok guys I think we have now firmly established the fact NTL did not send this lol.

What I would like to know now is, Can the true sender be established form the email header?

Possibly. Post the headers here, and we'll see....

Duplicate Thread !

http://forum.nthellworld.co.uk/showthread.php?t=8779

I dont think its sepcific to NTL, I am certain the address will be spoofed.

It's not specific to NTL. I work for a Uni. We have been getting similar warnings from management@ac.uk or support@ac.uk. These are not valid email addresses. If anyone here is a Student or works for any kind of educational establishment, do not open emails from these addresses (or any @ac.uk address).

It's not specific to NTL. I work for a Uni. We have been getting similar warnings from management@ac.uk or support@ac.uk. These are not valid email addresses. If anyone here is a Student or works for any kind of educational establishment, do not open emails from these addresses (or any @ac.uk address).


Bagle.J is spreading quite nicely now - latest version is states that you will have you mail account disabled in 3 days and you must resign (sic) for the account. Attachment is quite nasty...

the attachment is even password protected, and the unlock code is in the mail body..

Neat variation huh... (I have linux and unix boxes, so enjoy looking at these :angel: )

Duplicate Thread !

http://forum.nthellworld.co.uk/showthread.php?t=8779


spoilsport.... :naughty:

But seriously folks, this worm picks up your address and spoofs the mail as from someone in that domain - normally either noreply or admin (but others are becoming more common).

I have a feeling that the password encrypted attachment helps it get through virus scanners :shrug: ... These people obviously have Waaay too much time on their hands...

If you run your own mail server ( like I do :) ) then this is not a problem. I only allow zip files into the network and they are only let in if they can be scanned.

Can the true sender be established form the email header?The true sender PC will normally have the IP address identified in the final "Received:" header. This does not tell you the e-mail address of the sender, just their IP address.

still getting these emails - thankfully I now know they are not from NTL

Its very neat how it harvests the address from after the @ to make the message more personalised. More likely to get users to open it.

Were getting it at my eers .com address.

WM32/Bagle.K@MM detected earlier today :(

can anyone tell me if an email i recieved did actually come from ntl it has me a bit worried as i know my machine is is virus free .


Dear user of Ntlworld.com gateway e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

Further details can be obtained from attached file.

Attached file protected with the password for security reasons. Password is 54881.

Have a good day,
The Ntlworld.com team


many thanks
mick

No...don't touch this mail. We've had a similar one at work today...actually I say similar, it's identical apart from the domain name and company name. It looks legit, but it's not. Delete it.

can anyone tell me if an email i recieved did actually come from ntl it has me a bit worried as i know my machine is is virus free .


Dear user of Ntlworld.com gateway e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

Further details can be obtained from attached file.

Attached file protected with the password for security reasons. Password is 54881.

Have a good day,
The Ntlworld.com team


many thanks
mick




hi and :welcome: to the site , did it have a virus attached to it ??????????? , and have you done a virus scan to check you are in the clear :)

Couple of things that would question its authenticity. Never known ntl to sign off emails with 'Have a nice day, The Ntlworld.com team'. Plus there is only one 'm' in amount. :)

NTL would never send attachments in the email....

I have posted this on a different forum today...

Dont open any attachments unless the person it is from has specificly told you they are sending it.

Curiosity will get you in trouble.

Any updates that are available that NTL will tell you about will be available through windows update, so why risk the attachment anyway....

HTH

Couple of things that would question its authenticity. Never known ntl to sign off emails with 'Have a nice day, The Ntlworld.com team'. Plus there is only one 'm' in amount. :)




good point my mate , it is surprising how many of these mails have atrocious speelling :D :D :D

Possibly. Post the headers here, and we'll see....
I use Eudora. Here's the message with the headers expanded to show all the information (the virus was in the attachment which has now been zapped).

Return-Path: <9.FCD0BD98@home.ease.lsoft.com>
Received: from celeron1 ([213.48.235.184]) by mta04-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040303111331.YUVU20489.mta04-svc.ntlworld.com@celeron1>
for [Admin Edit(Mick): Email address Removed.]; Wed, 3 Mar 2004 11:13:31 +0000
Date: Wed, 03 Mar 2004 11:15:49 +0000
To: [Admin Edit(Mick): Email address Removed.]
Subject: Notify about your e-mail account utilization.
From: support@NTLWORLD.COM
Message-ID: <hbxjfhuibnebiblsecj@NTLWORLD.COM>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------snxkidupvhljxcojtdok"


Dear user of "NTLWORLD.COM" mailing system,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For details see the attached file.

For security purposes the attached file is password protected. Password is "32585".

Kind regards,
The NTLWORLD.COM team http://www.nTLWORLD.COM (http://www.ntlworld.com/)

I use Eudora. Here's the message with the headers expanded to show all the information (the virus was in the attachment which has now been zapped).

Return-Path: <9.FCD0BD98@home.ease.lsoft.com>
Received: from celeron1 ([213.48.235.184]) by mta04-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040303111331.YUVU20489.mta04-svc.ntlworld.com@celeron1>
for [Admin Edit(Mick): Email address Removed.];Wed, 3 Mar 2004 11:13:31 +0000
Date: Wed, 03 Mar 2004 11:15:49 +0000
To: [Admin Edit(Mick): Email address Removed.]
Subject: Notify about your e-mail account utilization.
From: support@NTLWORLD.COM
Message-ID: <hbxjfhuibnebiblsecj@NTLWORLD.COM>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------snxkidupvhljxcojtdok"


Dear user of "NTLWORLD.COM" mailing system,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For details see the attached file.

For security purposes the attached file is password protected. Password is "32585".

Kind regards,
The NTLWORLD.COM team http://www.nTLWORLD.COM (http://www.ntlworld.com/)

I've just recieved this email:

Dear user of Ntlworld.com,

Your e-mail account has been temporary disabled because of unauthorized access.

For more information see the attached file.

Attached file protected with the password for security reasons. Password is *****.

Sincerely,
The Ntlworld.com team http://www.ntlworld.com (http://www.ntlworld.com)


Thought it quite strange so came on here to check it out.

LynneC

Maybe worth you asking the Mods/Admin here to strip the e-mail address quoted from your post if it is a valid one and save you from the spam harvesters.

I've had one similar to mick44's this evening claiming to be from the ac.uk team instead. such a shame that dont exist (me guesses the virus e-mail claims to be from the last two words in the e-mail)
what was rather amusing was the uni e-mail server had caught and removed the attachment before it even got to me, made me chuckle at least.

Though i can see alot of daft people falling for it :s

Bagle.J is spreading quite nicely now - latest version is states that you will have you mail account disabled in 3 days and you must resign (sic) for the account. Attachment is quite nasty...

the attachment is even password protected, and the unlock code is in the mail body..

Neat variation huh... (I have linux and unix boxes, so enjoy looking at these :angel: )


Yep I had that one over a month ago but deleted it never had it since

I've just recieved this email:

Dear user of Ntlworld.com,

Your e-mail account has been temporary disabled because of unauthorized access.

For more information see the attached file.

Attached file protected with the password for security reasons. Password is *****.

Sincerely,
The Ntlworld.com team http://www.ntlworld.com (http://www.ntlworld.com/)


Thought it quite strange so came on here to check it out.
Riddles, welcome to nthw!.

Interesting idea, emailing someone to say you have disabled their email account. Very Zen.

Mind you, I can actually imagine NTL doing something like that.

Received: from celeron1 ([213.48.235.184]) by mta04-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040303111331.YUVU20489.mta04-svc.ntlworld.com@celeron1>
for [Admin Edit(Mick): Email address Removed.];Wed, 3 Mar 2004 11:13:31 +0000
Date: Wed, 03 Mar 2004 11:15:49 +0000This shows the true sender of the virus to have been 213.48.235.184, a user of the BlueYonder network, whom you probably know, as they have you in their address book.

I've just recieved this email:

Dear user of Ntlworld.com, ..snip.. Riddles, I hope you have figured out now that the attachment was a virus, bagle.j.

I figured out straight away as I've had a few emails like this from different sources. It was deleted after I copied & Pasted it here.

Seemed a bit obvious when they use the email address to send you an email telling you your account has been disabled.....hardly brain surgeon's these guys are they.

I figured out straight away as I've had a few emails like this from different sources. It was deleted after I copied & Pasted it here.

Seemed a bit obvious when they use the email address to send you an email telling you your account has been disabled.....hardly brain surgeon's these guys are they.


Nope - but then neither are the kind of people these viruses are aimed at... :dozey:

It obviously works - as the number of reported infections is climbing all the time... :Yikes:

If you receive any emails with:

E-mail account disabling warning.
E-mail account security warning.
Email account utilization warning.
Important notify about your e-mail account.
Notify about using the e-mail account.
Notify about your e-mail account utilization
Warning about your e-mail account.
(there are more of these! check antivirus sites for full info)

its fake. this is the bagle.j worm.

The netsky virus is also hammering email servers and users with :-

Re: Re: Re: Your document
Re: Hello
Re: Hi
Re: Re: Message
Re: Your picture
Re: Here is the document
Re: Your document
(there are more of these! check antivirus sites for full info)

its really simple! DONT OPEN ATTACHMENTS! even if it does appear to come from a 'Friend' IF IN DOUBT delete it ......or phone your 'friend' and ask if he/she actually sent the email.


Half the viruses out there are HOPELESS unless people help them along by opening attachments! it appears a lot of people WORLD WIDE seem to just CLICK AND OPEN. :dozey:

Think about it....would you let someone in to your home if they said they were from the water company...just because they have a nice ID badge? NO you'd phone the company and make sure the person @ ur door was lagit.

oh and if you have a look at some attachments that may come in by email, they will have double file extensions.

E.G.
yoursoftware.doc.exe
yourfiles.xls.pif
NEVER EVER EVER open these types! that really is asking for trouble

anyway! keep those virus scanners up to date!

If you receive any emails with:


Think about it....would you let someone in to your home if they said they were from the water company...just because they have a nice ID badge? NO you'd phone the company and make sure the person @ ur door was lagit.



You know the sad thing is that people use that ploy to break into houses all the time - and people just let them in....... :Yikes:

Unfortunately (In my Experience) the majority of people who spread these viruses are normally intelligent people who seem to have no common sense when it comes to computers. (unlike me who has no common sense when it comes to reality ;) )

oh and if you have a look at some attachments that may come in by email, they will have double file extensions.


Trouble is that most versions of MS windows turn of the file extention view option by default so a file like picture.bmp.scr looks like picture.bmp if the option is turned off. When are MS going to come to there senses and set this option to enabled as default ???????

Trouble is that most versions of MS windows turn of the file extention view option by default so a file like picture.bmp.scr looks like picture.bmp if the option is turned off. When are MS going to come to there senses and set this option to enabled as default ???????

I don't know why they even bother to have an option to turn on / off file extensions. It would certainly be better just to show them by default.

The problem though is that people tend to either know about file extensions or they don't and if they don't then it doesn't really matter whether they are shown or not.

I don't know why they even bother to have an option to turn on / off file extensions. It would certainly be better just to show them by default.

The problem though is that people tend to either know about file extensions or they don't and if they don't then it doesn't really matter whether they are shown or not.

Very true m8..... At least they have made a step in the right direction by blocking attachments in OE...... It can be a pain in the ass but at least it stops noobie users executing the files....... Shame they dont block active scripting on the emails to !!!

Got this


Dear user of Ntlworld.com gateway e-mail server,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

For more information see the attached file.

Kind regards,
The Ntlworld.com team http://www.ntlworld.com

Got this


Dear user of Ntlworld.com gateway e-mail server,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

For more information see the attached file.

Kind regards,
The Ntlworld.com team http://www.ntlworld.com

Its a fake mail m8.... Delete it !

Got this


Dear user of Ntlworld.com gateway e-mail server,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

For more information see the attached file.

Kind regards,
The Ntlworld.com team http://www.ntlworld.com

such bad grammer etc.

improper using? me thinks improper usage in the ....

the ntlworld.com team. never ever seen a email from them saying that...
usually its from

regards,
first name second name
ntl whatever (cus services etc)


:erm:

NTL would never send attachments in the email....
<Snip>

ntl may not send emails with attachments but they do send emails containing links. There was a one discussed here fairly recently that linked to Microsoft through some dubious advertising site. Isn't that almost as bad?

heres another variation


Hello user of Ntlworld.com e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

For details see the attached file.

Sincerely,
The Ntlworld.com team http://www.ntlworld.com



:mad: :mad: :mad: :mad: :mad:

I posted details of the virus message to NTL's Abuse service and received the following reply:

"************************************************** ************************************
**PLEASE NOTE THIS IS AN AUTORESPONDER FROM THE NTL ACCEPTABLE USE POLICY (AUP) TEAM**
************************************************** ************************************

Latest News 03 March 2004:

Customers are reporting emails arriving in their mailboxes with an attachment and the subject of the email starts with - Email account

This email appears to come from ntlworld personnel, but we can confirm that this is a virus.

Please visit the following website for further information.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html (http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.k@mm.html)


If you think you may be infected with this virus you may find this removal tool of use.

http://vil.nai.com/vil/stinger/ (http://vil.nai.com/vil/stinger/)

This email has not come from the ntl management, and has a potentially harmful attachment. Delete the email and do not run the attachment.

*****************************************
Latest News 03 March 2004:

Please note that W32.Netsky.D worm is rapidly spreading across the internet.

For further information regarding this worm and a removal tool please visit this webpage:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html (http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html)

*****************************************

Reports can now be submitted by using the following web form: http://www.ntlworld.com/netreport (http://www.ntlworld.com/netreport)

We have introduced this new web form to allow more accurate reporting of network abuse and to allow us to deal with reports more quickly. We would recommend that anyone who wishes to fasttrack their report to us, uses the web form.

********************************


Dear Internet User

Thank you for your mail.

Due to the sheer volume of mails received daily (many which are duplicated complaints, e.g. multiple complaints from different sources concerning the same incident), in normal circumstances the AUP Team will not respond to your query personally (this is the only response you will receive from us).

Full information on how to report abuse can be found at http://www.ntlworld.com/help/aup/abuse.html (http://www.ntlworld.com/help/aup/abuse.html) .

Please ensure you read the information held at the above link as we are not able to take any action if the correct information has not been sent to us.

We are only able to deal with complaints that specifically relate to misuse of an Internet account on the NTL network.

To ensure any other enquiries you may have are directed to the correct department, please use the following link: http://www.ntlhome.com/contact/ (http://www.ntlhome.com/contact/) .
The form on this webpage allows you to give us a full description of your enquiry which will enable ntl:home to deal with your enquiry more effectively.

To visit our online help section, visit: http://www.ntlworld.com/help (http://www.ntlworld.com/help) . The AUP help pages contain useful information on many aspects on Internet security.

If you would like advice on how to deal with spam/unsolicited-commercial-email please view: http://www.ntlworld.com/help/aup/dealingwithspam.html (http://www.ntlworld.com/help/aup/dealingwithspam.html)

If you have any questions related to telephony , tv, cablemodem billing etc please call your local franchise on either 151 from your ntl line or 0800 052 2000 from any other line.

If you are receiving Nuisance Phone Calls there is a free advice line on 0800 052 1370

Regards

The ntl Acceptable Use Policy Team, Cardiff. [ Office Hours : 0800-1600hrs Monday to Friday ]

Last amended 3/4/4. Ref. OH."

Given the speed at which viruses replicate themselves, I find it disconcerting that they have held onto this information in such a secretive manner for so long.:mad:

I am getting really cheesed off with this virus, out of 8 emails I've received today, 4 have contained the virus so now I'm too nervous to open any emails at all..... strangely nothing from the ntlworld version

I am getting really cheesed off with this virus, out of 8 emails I've received today, 4 have contained the virus so now I'm too nervous to open any emails at all..... strangely nothing from the ntlworld version




yup , getting to be a right pain in the proverbial :mad: :mad: :mad:

getting at least 8 a day - been like that since last week - thankfully I use mailwasher as well and just delete direct from there

The reason people are getting so many is because of this read it Last week on the BBC web site

A war of words is breaking out between the creators of the Netsky, Bagle and MyDoom Windows worms.
The malicious programs' creators are putting taunts and insults in successive variants of their viruses.

The spat began because Bagle's creators are jealous of all the media attention that the Netsky virus is getting

Anti-virus firms discovered the insults inside the viruses when they were being taken apart to find out how they differed from earlier versions of these malicious programs.

Inside Bagle.J, along with a string of profanity, is a message reading: "don't ruine (sic) our bussiness, wanna start a war?"

The response to this seems to be inside Netsky.F, released the day after Bagle.J, which contains a message reading: "Bagle - you are a looser!!!! (sic)".

So it looks like its going to be a long hall of virus deleting if it carries on for long enough they could make an olympic event out of it :D

grrr ive had a load of emaills with a short sentance and attachment, now more recently spoofed ones from ntl, all from a ntl cable user in nottingham. the most recent ip is 81.108.70.139 , hope i aint breaking any rules posting that.

the thing is all the emails are coming on a email address i NEVER use for anything, its in my ntl account name, but it is on a spam list, im gussing either ntl sold some lists, or someone worked out the url to ntl webspace is the same as the email addy

i dont know anyone in nottingham so im guessing the virus found my address from a spam sent to all ntl users, i just wish there was something i could do to get things sorted

Ive had a few of these but the ones i only get are hard porn from ntlworld.com update lol

I had an e mail from:3dgellybean@ntlworld.com which contained a virus sent to me at work but the AV programme caught it and confirmed that it contained a virus

Interesting I received a similar email a few weeks ago. I have my own mail server hosted by my ISP and have 3 pop3 accounts set up on it. I received this email, supposedly eminating from my domain with the same virus in it...

From: administration@behindthestorm.com [mailto:administration@behindthestorm.com]
Sent: 02 March 2004 23:04
To: andy@behindthestorm.com
Subject: Notify about using the e-mail account.

Dear user of Behindthestorm.com,

Your e-mail account has been temporary disabled because of unauthorized access.

Pay attention on attached file.

Sincerely,
The Behindthestorm.com team http://www.behindthestorm.com



I wonder how there doing this one?

Had various E-mails with said attachment over the last 6 months, even getting them from Barclays and Lloyds' banks !!!!! Never banked with either !!!!

Surely Ntl can detect these E-mail viruses and bounce them back to source ! This is the 21st Century after all !

Had various E-mails with said attachment over the last 6 months, even getting them from Barclays and Lloyds' banks !!!!! Never banked with either !!!!

Surely Ntl can detect these E-mail viruses and bounce them back to source ! This is the 21st Century after all !

Unfortunately it is hard bounce these back to source, as the source is invariably either spoofed os someone on the same ISP - they result would be that the bounced mail would then be bounced back and so on..... :mad:

They could detect they viruses by installing some anti-virus software on their mail servers, but that is very expensive when you are a corporate entity as large as NTL (and as short of cash).
In fairness, why should NTL shoulder the responsibility for people who cannot install/maintain their own AV software. It is not NTLs fault that people are daft/non technical enough to not check these attachments and mails before they execute them.

with all the publicity and hooha about viruses, it is hard to believe that anyone who owns a computer which receives Email would not install and update their anti-virus sofware...
:Yikes:

Just My 2c

Just like to thank all who responded to my post about this same problem. Would have responded on my post but it was closed by Neil before I had a chance. Not used to the search facilities on the site so didn't find this thread before making a post. Gald to find out it was a virus as I was tempted to open the attachments. The number of virus e-mails seems to be increasing daily.

Just like to thank all who responded to my post about this same problem. Would have responded on my post but it was closed by Neil before I had a chance. Not used to the search facilities on the site so didn't find this thread before making a post. Gald to find out it was a virus as I was tempted to open the attachments. The number of virus e-mails seems to be increasing daily.




no worries my mate , you will find threads closed pretty quick on here when duplication happens ;) hope we can be of some use to you :)

with all the publicity and hooha about viruses, it is hard to believe that anyone who owns a computer which receives Email would not install and update their anti-virus sofware...
:Yikes:

Just My 2c
Good point. People should have Antivirus and (IMO) firewalls up a running). Service Pack 2 (I am currently on the beta program for this) for XP has a nice feature. It has a security advisor that nags you until you install and enable a virus checker and a firewall. XP also nags you whenever a patch is available.

No excuse for not being up to date then..

Good point. People should have Antivirus and (IMO) firewalls up a running). Service Pack 2 (I am currently on the beta program for this) for XP has a nice feature. It has a security advisor that nags you until you install and enable a virus checker and a firewall. XP also nags you whenever a patch is available.

No excuse for not being up to date then..



is there a release date for sp2 yet ??????????

is there a release date for sp2 yet ??????????

I think Microsoft are aiming to release it some time in the summer (possibly May or June) although don't quote me on that, they aren't at Release Candidate stage yet. Microsoft haven't emailed any release dates yet

Edit: Just checked with Betanews (http://www.betanews.com/article.php3?sid=1061289032). Seems Microsoft want to release some time in their fiscal year 2004 (which starts July 1st).

I think Microsoft are aiming to release it some time in the summer (possibly May or June) although don't quote me on that, they aren't at Release Candidate stage yet. Microsoft haven't emailed any release dates yet

Edit: Just checked with Betanews (http://www.betanews.com/article.php3?sid=1061289032). Seems Microsoft want to release some time in their fiscal year 2004 (which starts July 1st).




cheers :tu:

I have had a couple of emails today which indicate they are from postmaster(at)ntlworld.com and at first glance appear to be reports of undelivered mail but they do contain a virus. AFAIR a genuine email regarding undelivered mail from NTL would have the original email attached, is this correct?

I have had a couple of emails today which indicate they are from postmaster(at)ntlworld.com and at first glance appear to be reports of undelivered mail but they do contain a virus. AFAIR a genuine email regarding undelivered mail from NTL would have the original email attached, is this correct?

You are correct mate, any returned Email would have the original Email either inline, or as an attachment..

There are loads of these around at the moment - to the extent that my company Email now strips all attachments ending in .exe, .scr, .pif, etc and stick them in a quarantine you can access if the Email turns out to be genuine... (99.99 percent so far are not...) ;)

HTH..

Just got a netsky one that had the address in:
entertainment.feedback@ntlworld.com

Strange thing is it was sent to my hotmail account.

Another sneaky one. W32/Netsky.P@mm
With a little note from Message Labs telling me that the file is virus free. Oh yeh:(


Return-Path: <n4mwd@amsat.org>
Received: from ntlworld.com ([207.61.169.20]) by mta06-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
id <20040325223310.UHYU19383.mta06-svc.ntlworld.com@ntlworld.com>
for <xxxxx@ntlworld.com (xxxxx@ntlworld.com)>; Thu, 25 Mar 2004 22:33:10 +0000
From: n4mwd@amsat.org
To: xxxxxx@ntlworld.com (xxxxxx@ntlworld.com)
Subject: Does it matter?
Date: Thu, 25 Mar 2004 15:49:50 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040325223310.UHYU19383.mta06-svc.ntlworld.com@ntlworld.com>

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

You have written a very good text, excellent, good work!

+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com (http://www.messagelabs.com/)


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;
name="details.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="details.zip

I just got one from noreply@ray****.cl****** with the title 'Administrator'


All there was in the text was;


'Your mail account has been closed.

For further details see the document.'

Thankfully, Norton AV picks them up and bins the virus attachments before they hit my inbox, and replaces it with a small text file, containing the following;

'Norton AntiVirus removed the attachment: account.doc .scr.
The W32.Netsky.P@mm threat was detected in the attachment.'

:Yikes:

I've been getting sent this one an awful lot recently. Isn't there a way ntl can block them as they come through the mail servers?

Apparently not :mad: :mad:

Has anyone else recieved an e-mail from ntlworld, subject-this a cracker check it out. It has a picture of a ritz cracker??

I hope you have anti-virus software running.
If not then get some and run a check.

If you don't have a virus the you have probably just put yourself on a few spam lists.

Golden rule no1 do not open e-mails unless you are sure of the contents.

sorry if you feel I am having a go, but too many people just open all e-mails and get themselves into deep doo-doo.

Pem, you asked me to post the contents, do you mean the properties?. If so they are as follows;

Return-Path: <xxxx.xxxx@ntlworld.com>
Received: from P2600 ([81.111.112.191]) by mta08-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040419151907.DTCL20754.mta08-svc.ntlworld.com@P2600>;
Mon, 19 Apr 2004 16:19:07 +0100
Message-ID: <003801c42621$a7f564f0$0200a8c0@P2600>
From: "NTL World" <xxxx.xxxx@ntlworld.com>
To: <Undisclosed-Recipient:;>
Subject: Fw: THIS IS A CRACKER... CHECK IT OUT!
Date: Mon, 19 Apr 2004 16:18:29 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0032_01C42629.F36E1910"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

Cheers

PS; I have NAV running and upto date, as well there firewall. NAV didn't detect a virus when the mail was delivered, or when the wife (god bless her!) opened it. I know it has a picture of a cracker attached by scrolling down the mail as opposed to clicking on the attachment

Edit: NTL e-mail address blocked out.

This is the trace from the ip addy


NeoTrace Trace Version 3.25 Results
Target: 81.111.112.191
Date: 19/04/2004 (Monday), 21:03:46
Nodes: 11


Node Data
Node Net Reg IP Address Location Node Name
1 - - 192.168.1.2 Sutton bert
2 1 - 10.44.32.1 Unknown
3 2 1 80.3.34.141 Northavon herm-t2cam1-b-ge-wan34-104.inet.ntl.com
4 2 1 80.3.33.133 Unknown herm-t2core-b-ge-wan61.inet.ntl.com
5 3 1 62.253.187.21 Unknown pop-bb-b-so-210-0.inet.ntl.com
6 3 1 213.105.172.137 Guildford gfd-bb-a-so-500-0.inet.ntl.com
7 3 1 213.105.172.6 Guildford gfd-bb-b-ae0-0.inet.ntl.com
8 3 1 62.253.185.54 Unknown sot3-t2core-b-pos31.inet.ntl.com
9 2 1 80.4.225.134 Northavon sot3-t2cam1-b-ge-wan31.inet.ntl.com
10 2 1 80.4.226.142 Unknown ubr04sout-ge20.inet.ntl.com
11 4 1 81.111.112.191 Unknown spr1-sout4-4-0-cust191.cosh.broadband.ntl.com


Packet Data
Node High Low Avg Tot Lost
1 0 0 0 1 0
2 13 13 13 1 0
3 10 10 10 1 0
4 11 11 11 1 0
5 11 11 11 1 0
6 16 16 16 1 0
7 15 15 15 1 0
8 18 18 18 1 0
9 17 17 17 1 0
10 18 18 18 1 0
11 ---- ---- ---- 2 2


Network Data
Network id#: 1

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

Network id#: 2

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL

Network id#: 3
NTL Internet
Crawley Court
Winchester
Hampshire
SO21 2QA

Network id#: 4

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL



Registrant Data
Registrant id#: 1
Registrant:
NTL Internet Ltd (NTL5-DOM)
Dunleavy Drive
Cardiff, CF11 0WW
UK

_____
NeoTrace Copyright ©1997-2001 NeoWorx Inc

Pem, you asked me to post the contents, do you mean the properties?. If so they are as follows;

Actually no, I meant the actual text content of the message, but the other information you posted may be useful. :)

this is the content

What a Cracker Aye!!


--------------------------------------------------------------------------------

http://www.spamhaus.org/sbl/listings.lasso?isp=ntl.com

This Message was undeliverable due to the following reason:

The user(s) account is temporarily over quota.

<peri@ntlworld.com>

Please reply to Postmaster@ntlworld.com
if you feel this message to be in error.


just received this today and its got an attachment. What do you think

This Message was undeliverable due to the following reason:

The user(s) account is temporarily over quota.

<peri@ntlworld.com>

Please reply to Postmaster@ntlworld.com
if you feel this message to be in error.


just received this today and its got an attachment. What do you think


is it someone you have sent an e-mail to ??????????? , do you know that user ???????????? , if you dont then have you checked to see if you have a virus ??????????? , if you havent then just bin it :)

This Message was undeliverable due to the following reason:

The user(s) account is temporarily over quota.

<peri@ntlworld.com>

Please reply to Postmaster@ntlworld.com
if you feel this message to be in error.


just received this today and its got an attachment. What do you thinkI am getting more "undeliverable" returned emails that I have not actually sent than spam at the moment. Some have attachments and some have been stripped by the returning ISP. As Paulyoung666 says, bin it and scan your system.

Hi paulyoung666 funny but the 2 files in the attachment are a dat file 170 bytes and a file something for you 22.8Kb i have another which says open immediately not ***king likely.

Hi paulyoung666 funny but the 2 files in the attachment are a dat file 170 bytes and a file something for you 22.8Kb i have another which says open immediately not ***king likely.


good move , do a virus scan on your computer just to make sure :)

the other just says "thats wrong" and the attachment bill.exe 22KB sounds like a virus to me

the other just says "thats wrong" and the attachment bill.exe 22KB sounds like a virus to me



most likely is :mad:

Got this in my inbox today.....

Return-Path: <ArtHammy@aol.com>
Received: from your-s7bogap9pv ([217.43.184.13]) by mta04-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040427072934.CBNO5565.mta04-svc.ntlworld.com@your-s7bogap9pv>
for <xxxxxxxx@ntlworld.com>; Tue, 27 Apr 2004 08:29:34 +0100
Date: Tue, 27 Apr 2004 08:37:37 +0000
To: xxxxxxxx@ntlworld.com
Subject: Important notify about your e-mail account.
From: management@ntlworld.com
Message-ID: <kmaewnaakcesokrutok@ntlworld.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------yymormdaukyjmukokseb"

----------yymormdaukyjmukokseb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Dear user, the management of Ntlworld.com mailing system wants to let you know that,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

Further details can be obtained from attached file.

In order to read the attach you have to use the following password: 37442.

The Management,
The Ntlworld.com team http://www.ntlworld.com

----------yymormdaukyjmukokseb
Content-Type: application/octet-stream; name="Info.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Info.zip"

The zip file contains an EXE. Dunno what it was and I was not going to try and find out.
The sender IP traces to btbroadband.com and their abuse dept has been informed.
Watch out peeps.

Got this in my inbox today.....



The zip file contains an EXE. Dunno what it was and I was not going to try and find out.
The sender IP traces to btbroadband.com and their abuse dept has been informed.
Watch out peeps.
Dodgy as hell, the .exe file installs a virus (can't remember which). It's hidden in a password-protected zip file to try and fool virus scanners. Already being discussed in another thread somewhere round here ... :)

/sits and waits for Towny to find it ...

http://www.cableforum.co.uk/board/showthread.php?t=8779 :D

/sits and waits for Towny to find it ...http://www.cableforum.co.uk/board/showthread.php?t=8779

/Sits and waits for a mod to close the thread ... :D

edit
Darn, beaten to it by goldenballs :rofl:

Merge completed :D

I have this morning recieved the following message with attachment. Norton deleted the attachment as they identified it to contain a virus.

Dear user of Ntlworld.com gateway e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.

Advanced details can be found in attached file.

Kind regards,

The Ntlworld.com team http://www.ntlworld.com (http://www.ntlworld.com/)

the following message is from Norton AV

Norton AntiVirus removed the attachment: MoreInfo.pif.
The W32.Beagle.J@mm threat was detected in the attachment.

What do you think peeps?

more of the same , bin it :(

Moved to Virus/Security forum.

Please, please try to post in the correct forum, it makes like so much easier for all the members here, thanks. :)

ok mucho apologiso

maybe even a quick merge with this thread (http://www.cableforum.co.uk/board/showthread.php?t=8779) might be in order , all in the name of housekeeping you know :D

Norton AntiVirus removed the attachment: MoreInfo.pif.
The W32.Beagle.J@mm threat was detected in the attachment.
This is a notification I got after getting 2 emails this AM from NTL. The message read as follows

Dear user of Ntlworld.com gateway e-mail server,

Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.

Advanced details can be found in attached file.

Kind regards,

The Ntlworld.com team http://www.ntlworld.com (http://www.ntlworld.com)

Surely this is not from our supreme serice provider:angel:

Surely this is not from our supreme serice provider:angel:


Correct - it isn't. The virus simply picks the domain name from your e-mail address.

Btw, do you really need to post it in such big letters ?

Have a look at this! nice is it not???

Of course I won't touch it with a bargepole.


Return-Path: <200404272018.i3RKIARQ026918@citrine.spiritone.com>
Received: from trebor ([66.238.96.155]) by mta02-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20040506183016.CDQF19647.mta02-svc.ntlworld.com@trebor> for <*******@ntlworld.com>; Thu, 6 May 2004 19:30:16 +0100
Date: Thu, 06 May 2004 11:28:12 -0800
To: *******@ntlworld.com
Subject: Notify about your e-mail account utilization.
From: administration@ntlworld.com
Message-ID: <lsmyfcicpopxuqxjyiq@ntlworld.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------qqulyxdrtorworcujyfr"

Move To: (Choose Folder) SentMail Trash

Hello user of Ntlworld.com e-mail server,

Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.

Please, read the attach for further details.

Attached file protected with the password for security reasons. Password is
54374.

Sincerely,
The Ntlworld.com team http://www.ntlworld.com



Download Attachment: TextDocument.zip

:D :D :D :D