Sign in to follow this  
Guest tgabriel

I'm getting spammed from AVSim!

Recommended Posts

As well as many other FS RELATED websites.All e-mails have a +/- 100KB attachment. See image. Note the senders and file sizes!http://forums.avsim.net/user_files/31965.jpgI know that AVSim is not purposely doing this, but what I do know is that someone is leaking out e-mail addresses or taking them somehow. 50% of all the e-mails I got this morning, (mind you my 6MB mailbox was full of them), are FS related. The others have the same big attachments just different senders.I'm really frustrated right now. The reason I bring it up here, well, FS Related, and have a look at the last sender. Keep in mind this is 1/3 of all the e-mails I got this morning. I just saved the ones that had something to do with Flight Sim.I don't give out my e-mail just anywhere. I have spam/fake e-mails I give out for places that are not important.Any advice?

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

That is the SoBig virus and it is spoofing avsim addresses from other infected machines. Make sure your antivirus pattern file is up to date, scan your own system, make sure you are scanning files from online sources, and delete all suspicious e-mails.Click the link for more information:http://www.trendmicro.com/en/home/us/personal.htm

Share this post


Link to post
Share on other sites

No the AVSIM server is not infected What it means is that a system that is infected had the avsim e-mail address in its address book and the worm is using that to spoof (fake) the address instead of using the address of the server it is coming fromhttp://www.avsim.com/pages/robert/kirkland.jpg

Share this post


Link to post
Share on other sites

As Bob already wrote it the the virus on infected machines , worldwide, that takes random things before and after the @ mark in email address syntax and sends that to everyone in that address book. That's how you get it. Lately most of the email worm viruses behave like that and cause confusion and unnecessary traffic. You wouldn't believe how many strange combinations i got :) Make sure you keep your AV scanner updated at all times and don't open attachments you don't know and anticipate. MiroMiro MajcenSenior Managing EditorAVSIM Onlinewww.avsim.com

Share this post


Link to post
Share on other sites

Just to give you guys an idea of what the effect of this SoBig is:I am on of the netadmins for a large state government agency. We have a device called a virus wall installed on our network (among other barriers) that is designed to strip off offending attachments and do virus scans of all network traffic before it comes to the firewall. It is located outside the dmz and on the Internet side of our firewall. Today the traffic was so heavy that it shut down. One of our users called this morning at about 10:00 and complained that an e-mail that one of her constituents had sent had not come to her inbox. We checked the system and the virus wall was off line.We have had this technology running in various variants for over two years and have never seen it overwhelmed as it was today. Now, this is a network that gets over 300,000 e-mails a month! Yes, that is right, Three Hundred Thousand E-Mails A Month, so you can imagine what hit us this morning when our virus wall shut down.Anyway, things seem to be recovering now but the Internet itself is still slow in some areas depending on what level of the Backbone is running heavy SoBig related traffic.A note of information for all of you who read this:Have a good quality anti-virus product on your system and enable the real time scanning feature of it. Keep the pattern files UP TO DATE. Use a firewall. Do not open suspicious e-mails. I know this has all been beaten to death, but I just want to repeat these commonsense ideas one last time.

Share this post


Link to post
Share on other sites

Say, can I get one of these virus walls. Sounds very nice. ;)Thanks for the info.

Share this post


Link to post
Share on other sites

The smiley you used indicates you are not all that serious. But, just for grins, how does a base price in the low $20k range sound - that is just the software, you need a box for it - another $2 - 3K and the win2kadvsvr at about $1.7k. Then come the addons and the other junk to make it hum. Then the admin you need to run it and the other barrier software and hardware. While we are at it throw in a Pix Firewall and make sure your routers have the latest IDS on them. Oh, yeah, the Pix is backed up by a black ice server - sort of a secondary firewall. Then each client (>1000) needs to have its own version of the AV software for the last gasp barrier. The list goes on and on and on and on... :-roll :-roll :-roll :-lol :-lol :-lol

Share this post


Link to post
Share on other sites

Is that all? See I would imagine that it would cost a lot of money and it would be hard to maintain. Sounds like a piece of cake to me. *:-* Maybe in another life. :-lol

Share this post


Link to post
Share on other sites

AND, on top of it all you have to have port security on your switches so that if someone plugs an unauthorized device into your network, the port they are plugging in to disables itself.I don't know which came first, the hacker or the hackee, but as soon as Windows got into the network presence in a big way with almost all ports open by default and started shouldering UNIX aside with all of its ports closed by default, the network security business has become a big, big deal. I just got back from one our our "higher level" officers office where we had a security issue and the he and his executive assistant told me in no uncertain terms in light of what happened this evening he did not care what it costs, he wants to maintain the highest possible security. People want to know there is no way they are being spoofed, they want to know no hacker is going to compromise their web presence. They want to be assured there is impenetrable security to their data.Of course there is no way to make guarantees of anything like what they want and most folks know it too. They just want to make sure we are using the most advanced tools we can get. That is why our AV vendor has sent us 11 pattern updates this week. That is why we spend about 100 man hours a month security testing our network. That is why we have outside consultants try to crack the network both wired and wireless. We even have a company who sends their people at any random time to drive up to one of our buildings and try to crack our wireless Access Points from the outside. They can't. Know why? We have been able to stay one step ahead. So Far. And the guys at the top here spend a lot of money to make sure it stays that way.Remember, worms don't come in via e-mail attachments. If you have open ports you are a target. If you are a target, you will get hit. As I have written in these pages before, even if you don't suffer the ill effects of a virus, you might be a host passing them along and don't even know it. Especially if you don't have AV software to find out about what you have.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this