Welcome! Here are the website rules, as well as some tips for using this forum.
Need to contact us? Visit https://heatinghelp.com/contact-us/.
Click here to Find a Contractor in your area.

Dan H., virus problem

Frank_3
Frank_3 Member Posts: 112
Dan H.,

Do you distribute the e-mail addresses of people that post on The Wall?

I've gotten a couple more virus notifications and the sending e-mail addresses are all boiler and hvac related. That tells me that someone here has my e-mail in their address book and it's being passed around by klez.

Sorry, but I have to come to you first since you might be the person who either has my e-mail and all these others in one place, or you've given the e-mail list to someone else, or somebody is mining the Wall for a mailing list.
«1

Comments

  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601
    That's the way the Worm works

    I get no less than 50 each day, and each comes with the name of someone I know.

    Don't open attachments. We never send them to our list.

    Keep your virus protection software up to date.

    It's the nature of the Internet, Frank.
    Retired and loving it.
  • hot_rod
    hot_rod Member Posts: 23,400
    Hey Dan

    whenever I go to post a reply, that screen pops up with someone elses name and e-mail in the boxes?? Most often it is hb's but a few others also show up.

    It all started with this latest virus issue. Is it on my end?

    I also get daily bogus e-mails from many of the wallbangers. If they have files attached I automaticly delete them.

    However when something comes from Miline with a "hello darling" header I'm pretty sure it bogus. At least I hope so!!!

    Sorry to bring up a sensitive subject in public, Scott, if in fact you really consider me a darling :)

    hot rod

    To Learn More About This Contractor, Click Here to Visit Their Ad in "Find A Contractor"
    Bob "hot rod" Rohr
    trainer for Caleffi NA
    Living the hydronic dream
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601
    Invision looked into this

    because it's also been happening to Mark and Dave. Vito suggests you delete all the cookies that have either heatinghelp or Invision in the titles, including the ones that read Token. Mark tried this yesterday and just told me that it seems to have worked. Please give it a go and we'll take it from there if it doesn't work. Thanks.
    Retired and loving it.
  • Evan J_2
    Evan J_2 Member Posts: 1
    Viruses & Internet Boards

    I'm not sure how the current rash of viruses going around work, but some viruses that are on the net have the ability to harvest email addresses from internet bulletin boards (such as the Wall). The virus then uses these harvested email addresses to spread itself, and they use them as the sender name as well. Some of the Internet SPAM works the same as well

    Unfortunate but true.
  • jack_4
    jack_4 Member Posts: 43
    Harvest control

    You can help to stop that part of the game by posting your Email name in the format of jack@jackdotcom rather than jack@jack.com.

    I breaks most of the harvest programs. If you go to reply to a Wallie and see the dot rather than the . you just edit the area and send your email.
  • The infection

    is not just specific to the wall either. I have been hit heavily this week from people that I see on The Wall, Oil Tech Talk and other sites that have forums. Fortunately, I only send and recieve e-mail through the Burnham network server which runs a good firewall. Any of the attachments are gone by the time I get the e-mail anyway even though I run Norton all the time. E-mail certainly is not fun anymore!

    Glenn Stanton

    Burnham Hydronics
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601
    I also run

    McAfee's SpamKiller. It gets rid of 90% of the junk and it also catches the virus emails because of their size. You get to preview the mail before downloading it. If the program tells you it's too big and you don't recognize the name of the sender, or if the sender's name is attached to a nonsense subject line, you just delete it and that's that.

    Retired and loving it.
  • JimGPE
    JimGPE Member Posts: 22
    Possible explanation

    The way my son the computer expert explains it, the worm goes into Smith's MS Outlook address book and grabs Jones' and Calahan's addresses, then sends an email to Jones with Calahan's address as the return address. Jones then calls Calahan and says y'all got a virus and its emailing me, and Calahan swears his machine is clean. No one thinks to get in touch with Smith because his email address is nowhere to be seen.

    Pretty clever, if you can stand back far enough to appreciate the subtle nuances.
  • hot_rod
    hot_rod Member Posts: 23,400


    How do these viruses pick such clever names? I get e-mail with titles that deal with hydronic stuff. I've sen them come across with buffer tank titles, plans for you, etc.

    hot rod

    To Learn More About This Contractor, Click Here to Visit Their Ad in "Find A Contractor"
    Bob "hot rod" Rohr
    trainer for Caleffi NA
    Living the hydronic dream
  • JimGPE
    JimGPE Member Posts: 22
    Random

    Assuming we are dealing with Klez here, Symantec says the reference line is randomly generated. Here's a link to a good overview:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html

    I agree w/ you, HR, many times the reference lines look relevant, like something they might have wanted to email me about. Other times they are come-ons, like, "Photos of my girlfriend!!!" Yeah, like I'm going to open that....

    Who knows.
  • Frank_3
    Frank_3 Member Posts: 112
    Believe me, I know how they work.

    This particular virus, Klez, looks at your address book and sends e-mail to those people, using your name or someone else that's also in your address book.

    Here's the big point ...

    In order for Klez to have gotten my e-mail address and use the reply-to address of someone else from The Wall, it implies that it started with someone who has my e-mail address in their address book, as well as the e-mail addresses of other people that post here.

    That, I think, should narrow it down. I've only gotten one or two direct e-mails from people here, and my name isn't necessarily in their address book.

    I'm thinking, sorry Dan, that it's starting out on either your server or perhaps your office system. Having bought books from you I wonder if you have my e-mail address in an address book somewhere, along with the addresses of other folks from the Wall.

    That's also why I asked if maybe you distributed the addresses of folks that have posted here. Somewhere there's a collection of Wall users e-mail addresses, in an Outlook address book, and that place -- or those places -- are the candidates for the source of this virus.
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601
    I haven't shared

    any of that with anyone, Frank. The orders come to us through the Invision system, get printed here, and then entered into computers that are in our office and not connected to the Internet.
    Retired and loving it.
  • Alan R. Mercurio
    Alan R. Mercurio Member Posts: 588
    My 2 Cents

    I don't know much about this stuff but I really don't think it's a direct result of heatinghelp.com. I think it's indirectly being done. I say this because I have the same unfortunate experience happen at my site (Oil Tech Talk) from time to time. I know there are many trolls out there that have the abilities you are referring to. But in this case sadly I truly think it's an individual with way to much time on their hands. I believe they gather as many e-mail addresses as they can from here and from my site then distribute their trash.

    One of the reasons I believe this is because at one time when I added some e-mail links to my site so technicians could e-mail technical services of manufactures from my site. The day after folks from my site including myself started to get the bogus e-mails that looked as though they were coming from the tech service folks and I don't care how smart the other trolls are it was to much of a coincidence that the subject line would say New Boiler Design.

    Any how I'm sorry for rambling but it ticks me off that these goofs make it look like it's Dans fault here or my fault at my site. Oh well thanks for listening.

    Your friend in the industry,

    Alan R. Mercurio

    Oil Tech Talk
  • Tom M.
    Tom M. Member Posts: 237
    Topics

    My feeling is that some viruses use the topic of a post of yours and the address of someone else that appears on the same forum. I also recieved one today with the subject "IE 6.0 patch". Didn't think a heat guy would send me that.
  • Duncan
    Duncan Member Posts: 43
    Address book.

    It could have gotten addresses from any old Microsoft address book (I think) of anyone who visits here and corresponds with others.. That explains the familiar addresses; it's also a good trick to get you to open it, it gets your trust to see a familiar name.

    In the last couple days, I've gotten emails with file sizes from 128K to 178K, with bogus partial addresses from hot rod, besinc, kraftcheese, webmaster... whatever's in front of the "@" in the email addy - which tells me it's prolly a virus.

    These things don't care, they just execute. It's no-ones fault.

    If you use the 'net, you better have an UP-TO-DATE virus protection program.
  • eleft(retired)
    eleft(retired) Member Posts: 98
    2 cents

    > I don't know much about this stuff but I really

    > don't think it's a direct result of

    > heatinghelp.com. I think it's indirectly being

    > done. I say this because I have the same

    > unfortunate experience happen at my site (Oil

    > Tech Talk) from time to time. I know there are

    > many trolls out there that have the abilities you

    > are referring to. But in this case sadly I truly

    > think it's an individual with way to much time on

    > their hands. I believe they gather as many e-mail

    > addresses as they can from here and from my site

    > then distribute their trash.

    >

    > One of the

    > reasons I believe this is because at one time

    > when I added some e-mail links to my site so

    > technicians could e-mail technical services of

    > manufactures from my site. The day after folks

    > from my site including myself started to get the

    > bogus e-mails that looked as though they were

    > coming from the tech service folks and I don't

    > care how smart the other trolls are it was to

    > much of a coincidence that the subject line would

    > say New Boiler Design.

    >

    > Any how I'm sorry for

    > rambling but it ticks me off that these goofs

    > make it look like it's Dans fault here or my

    > fault at my site. Oh well thanks for

    > listening.

    >

    > Your friend in the

    > industry,_br__SP__br_Alan R.

    > Mercurio_BR__SP__BR__a

    > href="http://disc.server.com/Indices/24736.html"_

    > Oil Tech Talk_/a_



    Well, not that I want my Email to remain anonymous.

    I was getting a virus shortly after every time I posted on the wall.

    No hits when I posted this (!) in the Email spot. Alan may have it right.

    al
  • eleft(retired)
    eleft(retired) Member Posts: 98
    2 cents

    Well, not that I want my Email to remain anonymous.

    I was getting a virus shortly after every time I posted on the wall.

    No hits when I posted this (!) in the Email spot. Alan may have it right.

    al
  • Terry_4
    Terry_4 Member Posts: 42
    JimGPE seems to have it right..

    It isn't grabbing addresses from our address books (I have none in mine, and I'm sure that I'm not in anyone else's on the wall either) or our contact lists. It seems to just grab them from wall postings. If I don't post anything for 3 or 4 days (i.e. my address has dropped off the wall) I get no virus laden e-mails. But when I post a message again then I get several from other people that have posted messages. Hopefully this thing will run it's course soon. By the way, thanks for a great site Dan, it's a real learning experience! Terry
  • ScottMP
    ScottMP Member Posts: 5,883
    No one's at fault

    Except for the jerk who wrote this stuff.

    I am getting the same problem that when I post it sometimes comes back to my e-mail and tells me it could'nt send the e-mail. When I check it, since I did'nt try to e-mail anyone, it turns out to be my post on the wall.

    Many of these have names concerning heating issues.

    By the way HR, those e-mails were meant for Ellen, sorry Dude. Not saying your not cute ( wink,wink )

    Scott

    To Learn More About This Contractor, Click Here to Visit Their Ad in "Find A Contractor"
  • Jeff Lawrence_2
    Jeff Lawrence_2 Member Posts: 2
    My Girlfriend?

    Gotta chime in here.

    I got one with the title "Photos of my New Girlfriend" from HeatBoy. First off, I don't think his bride would like that and second, he'd send boiler pictures!

    J
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601
    Thanks, Terry

    For me too!
    Retired and loving it.
  • Eric Taylor_3
    Eric Taylor_3 Member Posts: 27
    same thing

    I told Norton antivirus to accept cookies from HeatingHelp so I could use bookmarks and not have to keep typing my email. I surfed for days rejecting cookies before doing this. As soon as I let invision put a cookie on my hard drive BANG. I'm getting tens of emails per day with the klez virus from names on The Wall. Norton gets all of them. I stopped posting for a while and they went away. I bet I get more right now....

    Eric
  • Eric Taylor_3
    Eric Taylor_3 Member Posts: 27
    Yup

    Just got three in five min. So, I deleted all cookies and tried to tell Norton to prompt each time for HeatingHelp, but I am still figuring Norton out. Lets see if I get one right now....
  • Eric Taylor_3
    Eric Taylor_3 Member Posts: 27
    OK

    Cookies are still on for HeatingHelp, but I haven't gotten a bad email yet. I think that just deleting the old cookies and accepting the new and improved model might have helped. Or I just haven't got hit yet. We'll seee....
  • John Abbott
    John Abbott Member Posts: 358
    The virus

    > Except for the jerk who wrote this stuff.

    >

    > I am

    > getting the same problem that when I post it

    > sometimes comes back to my e-mail and tells me it

    > could'nt send the e-mail. When I check it, since

    > I did'nt try to e-mail anyone, it turns out to be

    > my post on the wall.

    >

    > Many of these have names

    > concerning heating issues.

    >

    > By the way HR,

    > those e-mails were meant for Ellen, sorry Dude.

    > Not saying your not cute ( wink,wink

    > )

    >

    > Scott

    >

    > _A

    > HREF="http://www.heatinghelp.com/getListed.cfm?id=

    > 237&Step=30"_To Learn More About This Contractor,

    > Click Here to Visit Their Ad in "Find A

    > Contractor"_/A_



  • John Abbott
    John Abbott Member Posts: 358
    The virus

    is definetely coming from the wall.When I post I receive 2 virus laden e-mails with names associated with the wall the following day.My anti virus picks them up so far, but it sure is a nuisance and I would hate to be deleting legitimate e-mails.
    John
  • Frank_3
    Frank_3 Member Posts: 112
    Dan H., please take another look

    First of all, I'm not blaming anybody. Someone with too much intelligence and not enough common sense wrote this virus and somehow gets his/her jollies from knowing all the headaches it's causing.

    However, since the problem is pretty clearly coming from the Wall, or the Invision server that runs the Wall, it's certainly the administrator's responsibility to clean it up.

    So, Dan, please have your server, Invision's server, whoever's server rescanned. I believe Klez also disables some antivirus engines so it may be necessary to shut down the server and move the disk to another system to be checked. I'm sure you don't want to continue receiving those e-mails and if it's coming from your own server that must certainly be even more annoying. It'd definitely get me pissed off -- in fact I'm already pissed and it's not my server.
  • Vito
    Vito Member Posts: 13
    -----Virus Info-----

    As you can see, I posted my email aboove.

    The website is not causing the worm to spread. If someone has the Virus (it's been around for a while) it will spread to all that users address books and infecting all those users that are not protected, the rest of us just get annoying messages that state that a virus was attempted to be delivered.

    The server "The Wall" is on as well as HeatingHelp.com is protected with Virus software, therefor is not the cause of this issue.

    Thank You
  • Frank_3
    Frank_3 Member Posts: 112
    Can you explain ...

    ... why so many people report that they receive virus notifications or virus-laden e-mails only after they've posted a message to the Wall? Or why the virus e-mails only appear to have names of those people that participate on the Wall?

    Does the software which runs the Wall rely on Microsoft Outlook or Outlook Express to either a) maintain the list of e-mail addresses of people posting, or b) perform the e-mail functions related to the "Notify me by e-mail about all messages posted in this topic" option?
  • Frank_3
    Frank_3 Member Posts: 112
    Can you explain ...

    ... why so many people report that they receive virus notifications or virus-laden e-mails only after they've posted a message to the Wall? Or why the virus e-mails only appear to have names of those people that participate on the Wall?

    Does the software which runs the Wall rely on Microsoft Outlook or Outlook Express to either a) maintain the list of e-mail addresses of people posting, or b) perform the e-mail functions related to the "Notify me by e-mail about all messages posted in this topic" option?
  • Vito
    Vito Member Posts: 13
    Why...

    Why after visiting "The Wall".... there's no reason it could be coincidence. It takes one email from one person, that person could have had many names in his address book from the Wall.

    The site does not rely on Outlook for email address. Messages are database stored.

    If you still don't believe me feel free to use Netscape for a mailer.
  • ScottMP
    ScottMP Member Posts: 5,883
    Vito

    This may be unrelated but, many times when I post a response to a question on the wall and then go to my e-mail there is a message that says my e-mail was underliverable. Since I have sent nothing , I check it, and it turns out to be my post response.

    Anyway to figure out why this is happening ?

    Scott

    To Learn More About This Contractor, Click Here to Visit Their Ad in "Find A Contractor"
  • Mike T., Swampeast MO
    Mike T., Swampeast MO Member Posts: 6,928
    .klez worm

    It's been around for quite a while now. One reason that the damned thing is so frustrating is that unless caught by your anti-virus software or server it can run itself without opening the attachment. This was complicated further by the fact that the first Microsoft "fix" for the "auto-load" problem DID NOT WORK. The later fix did plug the hole properly.

    One reason that it spreads so well is that it sends itself to UNREPLIED messages in your "Inbox." While the SUBJECT will usually be something strange (often "Naked Photos of Me"), it will seem to come from an "expected" source.
  • Jackchips
    Jackchips Member Posts: 344
    Ditto,

    to Scotts question.
  • Vito
    Vito Member Posts: 13


    Did is due to the option of "Notify me by e-mail about all messages posted in this topic", bounced messages will be sent to sender.

    It's just like if you type in an email to joeblow@nowhere.com it will bounce back to you since the email can not be delivered for whatever reason. Or simply put it's like "Return to Sender" of snail mail.
  • Jackchips
    Jackchips Member Posts: 344
    Then why

    doesn't it happen every time?
  • I don't use

    the notify by e-mail button and every time I post I start getting these too. Ninety-nine percent of these are all from the wall. I find it very hard to believe that anyone would copy and save my e-mail address from the posts that I put here on the wall unless of course they are going to e-mail me and most do not because I usually answer their responses directly in the threads. But hours or day later I start getting these from people that I have never e-mailed or spoken to before except here on the wall. Go figure!

    Glenn Stanton

    Burnham Hydronics
  • maybe back in the sixties............

    uhh.......nevermind, hey glenn !!


    I have been lurking the last couple weeks to see if the klez slows down and it did/does the more i post these come more frequently, thinking about a refund......uhhhh nevermind !!


    Murph' (SOS)
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601


    Retired and loving it.
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,601


    Retired and loving it.
This discussion has been closed.