Sign in to follow this  
Followers 0
Kashunowaka

Blocked virus email

By Kashunowaka, in Off-topic

Recommended Posts

Kashunowaka    300

Kashunowaka
Posted

Has anyone else received notifications about blocked email with virus-infected attachments? They are all sent to r-sumo-mse@sumo-jp.com - I think that is the NSK Mail Service.

Share this post

Link to post
Share on other sites

Yubiquitoyama    4

Yubiquitoyama
Posted (edited)

Yes, I got them as well, all addressed to the NSK Mail Service, r-sumo-mse@sumo-jp.com. I don't know why though...

EDIT: Hm, it seems I have also gotten unsubscribe messages to the NSK mailing list from a number of people too...

Edited by Yubiquitoyama

Share this post

Link to post
Share on other sites

Asashosakari    19,320

Asashosakari
Posted (edited)

Looks like I've received the notices and the actual virus mails, although the mails seem to be so incompetently done (or perhaps mangled by a filter before they went through) that I got the virus files displaying as encoded Base64 text in the mail body, rather than actual attachments. And that's with OE, not usually picky about which dangerous attachments it wants to display. (Eh?)

Edit: Anyway, what's going on here seems to be roughly what's described in this recent article. Looks like various organizations' mail filters are set to notify the origin of blocked virus mails about that fact. As the auto-responses all go to r-sumo-mse@sumo-jp.com, they end up going out to all list subscribers apparently.

Edited by Asashosakari

Share this post

Link to post
Share on other sites

Kashunowaka    300

Kashunowaka
Posted
Edit: Anyway, what's going on here seems to be roughly what's described in this recent article. Looks like various organizations' mail filters are set to notify the origin of blocked virus mails about that fact. As the auto-responses all go to r-sumo-mse@sumo-jp.com, they end up going out to all list subscribers apparently.

Thanks for the link, very interesting article.

So you don't think I should send an email to the whole list saying "unsubscribe", then? (Eh?) I really liked the last one: "please unsubscribe". :-|

Share this post

Link to post
Share on other sites

Asashosakari    19,320

Asashosakari
Posted
So you don't think I should send an email to the whole list saying "unsubscribe", then? ;-)

Well, the wave of unsubscribe's seems to have passed now, but the new rage are apparently "test" mails...you'd think that it should be obvious to the senders that the mailing list works once they've received 10 tests from other people who had the same idea (just earlier), but noooo... :-D

Share this post

Link to post
Share on other sites

Kashunowaka    300

Kashunowaka
Posted
So you don't think I should send an email to the whole list saying "unsubscribe", then? ;-)

Well, the wave of unsubscribe's seems to have passed now, but the new rage are apparently "test" mails...you'd think that it should be obvious to the senders that the mailing list works once they've received 10 tests from other people who had the same idea (just earlier), but noooo... :-D

In defense of those who do write to the list just now, I was rather confused at first too, wondering whether I had done something I shouldn't. And I do know how these things work (how you forge an email header, for instance).

I also must say that I never realized before that subscribing to the NSK Mail Service meant that I was added to a mailing list which anyone could post to. Surely the mailing list owner could configure the list not to accept posts from whomever? :-D

Share this post

Link to post
Share on other sites

Asashosakari    19,320

Asashosakari
Posted
In defense of those who do write to the list just now, I was rather confused at first too, wondering whether I had done something I shouldn't. And I do know how these things work (how you forge an email header, for instance).

Point taken. Although my (really quite minor) gripe isn't with the confusion as such; that's perfectly understandable. It's more the almost Pavlovian action of sending a mail titled "test" with nothing else in it. (The general Usenet response would probably be, "Your test failed. The body of your message didn't make it through." Perhaps I'm just too conditioned by that, myself. ;-))

And ironically, there was a test mail with the virus attached about an hour ago, sparking another round of auto-responses, including from sites such as opec.org...

I also must say that I never realized before that subscribing to the NSK Mail Service meant that I was added to a mailing list which anyone could post to. Surely the mailing list owner could configure the list not to accept posts from whomever? :-D

I was just as shocked to find out that the NSK mail service still existed at all, when they sent that "we redesigned our website" mail before the basho. I can only guess that something/somebody screwed up at that time a few weeks ago...it's hard to believe that the mailing list might have been open to all posters for years.

Share this post

Link to post
Share on other sites

Zentoryu    154

Zentoryu
Posted

It took me a few minutes to figure out where all this mail was coming from. :-D

I'd completely forgotten I had subscribed to their service. ;-)

Share this post

Link to post
Share on other sites

Takanobaka    0

Takanobaka
Posted

Might the e-mails be an auto-response from a MyDoom-B infected computer? I haven't gotten any of them, but my girlfriend got a bunch of random ones from businesses in foreign countries that she had e-mail correspondence with years ago, and I know she doesn't have the virus since she uses a Mac (and .exe trojans only work on PCs).

Totally off-topic, I know computer viruses are bad and all, but I'm totally rooting for MyDoom here. It's scheduled to knock out Microsoft's websites on Tuesday (can't remember the exact time), and I really hope it's successful....I absolutely hate Microsoft, and maybe having a virus bomb and destroy their website would make their programmers finally start trying to close up all the susceptibility holes in the Windows platform.....

If only one could dream...

Share this post

Link to post
Share on other sites

Kintamayama    45,116

Kintamayama
Posted

I have been receiving the mydoom virus at a rate of 2an hour for the past week. My ISP has a front-door anti-virus system, so all I get are notices that it has been removed, but I literally receive tens a day, most titled "test", "hi" and "Error".

Share this post

Link to post
Share on other sites

Zenjimoto    40

Zenjimoto
Posted

Yeah, they have been rampant, and you all (and ME too) are not experiencing anything unusual in that respect. It's just a big pain. Incidentally, apparently it can even use your email address if you DON'T have the virus yourself. It appears to also make up addresses with various domains that it finds and harvests, such as julie(at) anasuya(dot) com, which isn't a real address in use, but gets delivered to me anyways. I have received notices from other virusblockers that they have intercepted a message from the above (or other similar addresses which would seem to indicate that I have a virus here).

Share this post

Link to post
Share on other sites

Zentoryu    154

Zentoryu
Posted

Yesterday I sent an e-mail to Majordomo@sumo-jp.com to unsubscribe. It worked.

I've not received a single virus e-mail from that list, or any place else, since. :-)

Share this post

Link to post
Share on other sites

Yangnomazuma    79

Yangnomazuma
Posted

I didn't send an UNSUBSCRIBE and haven't received any either....seems that they've shut down the sumo newsletter and that was the only source of my numerous emails....

Share this post

Link to post
Share on other sites

Asashosakari    19,320

Asashosakari
Posted (edited)

To put a closer on the whole thing, here's the official explanation+apology sent to the list a few hours ago, which I suppose some here didn't receive because they unsubscribed. (Clapping wildly...)

Unintentional Mail Delivery Update & Apology From The Ozumo Mail Service Office

On or around February 2nd mail was sent out on The Ozumo Mail Service that was not generated by our office. We deeply apologize for any inconvenience this may have caused.

We believe that it was due to the fact that some subscriber to the service was infected by a virus and that virus was able to extract the address used by the system,

Edited by Asashosakari

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Off-topic