Mail from Symantec ??? with virus

Status
Not open for further replies.

Choto Cheeta

Rebooting
From past few days i'm getting emails on my yahoomail from support@symantec.com saing that...

"The sample file you sent contains a new virus version of buppa.k.
Please update your virus scanner with the attached dat file.

Best Regards,
Keria Reynolds"

but the attach file it self contails virus....... but yahoo online scan dont detects those viruses but my system does....... what is going on......

what should i do??

i use NAV04
 

SouvikSinha

Broken In
Dear Saurav,
The mails, which you are getting are not from Symantec at all. Someone else is sending you those mails by faking the Symantec ID. The attachments are virus infected, indeed. Please put the ID support@symantec.com to your block list and never download any attachment from any unknown source.
 
OP
Choto Cheeta

Choto Cheeta

Rebooting
well the emails r back again... from this IP 202.141.21.245

*img187.imageshack.us/img187/3430/untitled17hk.th.jpg
 
OP
Choto Cheeta

Choto Cheeta

Rebooting
IP address:
Looking for '202.141.21.245'

Server reply [1022 bytes in raw data]:

inetnum: 202.141.20.0 - 202.141.23.255
netname: ERNET-SATWAN
country: IN
descr: ERNET India
descr: Department of Information Technology
descr: Electronics Niketan
descr: 6, CGO Complex
descr: New Delhi - 110003
admin-c: AS384-AP
tech-c: AS384-AP
status: ASSIGNED NON-PORTABLE
changed: apnic@eis.ernet.in 20040903
mnt-by: MAINT-AP-ERNET-INDIA
changed: hm-changed@apnic.net 20040903
source: APNIC

person: Anupam Srivastava
nic-hdl: AS384-AP
e-mail: anupam@eis.ernet.in
address: ERNET India
address: Electronics Niketan, 6 C.G.O Complex
address: New Delhi-110003
address:
phone: +91-11-24361329
fax-no: +91-11-24362924
country: IN
changed: apnic-maintainer-alarm@eis.ernet.in 20041229
mnt-by: MAINT-IN-CUSTOMER-ERNET
source: APNIC



---

guyes... check the IP trace... humm Department of Information Technology..... well as a reciever of this email do i have right to complain... but if i do then whom to complain??
 

icecoolz

Cyborg Agent
just ignore them. There is no point in blocking these mails either. As they will appear from different ID's which all will sound extremely credible (such as admin@symantec.com and so on). Just delete them and forget abt it. If you are using yahoo then turn on your junk mail filters. They are very very good.
 
OP
Choto Cheeta

Choto Cheeta

Rebooting
icecoolz said:
just ignore them
which i have did a year back... emails were stoped then... but they r back again... so what about this??

I said:
guyes... check the IP trace... humm Department of Information Technology..... well as a reciever of this email do i have right to complain... but if i do then whom to complain??
 

Intruder

Broken In
yes..

I used to get it long before. delete it as soon as u get
thats the safe way.
and dont forget to enmpty trash.
Cleanup(delete) the quarentine stuff if any

Do nothin else
thats the safe way out as Saurav said
 

QwertyManiac

Commander in Chief
Re: ????????

expertno.1 said:
QwertyManiac said:
Wait i think ur infected file if anny has been autosent by nav to sym, thus the mail...

what do you meant ?
I meant that sometimes when an unknown virus is detected by NAV or it cant repair then it sends it to SYM for verification and free repair, this has an auto mode too... Thus it reminds again via mail...

Edit :
Bout the yahoo non detection, it has NAV 2005 from sym and thus it trusts the SYM server for thier mail wont it ? (backdoor in NAV ?)
 

sidewinder

Ambassador of Buzz
saurav_cheeta said:
From past few days i'm getting emails on my yahoomail from support@symantec.com saing that...

"The sample file you sent contains a new virus version of buppa.k.
Please update your virus scanner with the attached dat file.

Best Regards,
Keria Reynolds"

but the attach file it self contails virus....... but yahoo online scan dont detects those viruses but my system does....... what is going on......

what should i do??

i use NAV04

Dear Saurav this mail itsellllllf is a virus.just delete it
 
OP
Choto Cheeta

Choto Cheeta

Rebooting
@sidewinder the messege u queted... was writen by me a year ago.. so i did deleted them, i did IGGY them... no problem with that...


but From the IP which i wrote... trace that one.. see where it leads u.. is that a privet Company?? GOV office or ISP... as they r sending that email (may b they anware of it)... so thought notifing them... & also Symantec.... so do one has the right to complain??

& also can we really call it spam?? as its not advertising some thing.... rather its an attack...

& yes the NAV of YAHOO cant find that virus....

QwertyManiac said:
I meant that sometimes when an unknown virus is detected by NAV or it cant repair then it sends it to SYM for verification and free repair, this has an auto mode too... Thus it reminds again via mail...
well i used to use NAV long time ago... but for previous 10 or 8 months i am useing KAV 5.0.372.... so no question of my system sending some thing to their server....

aadipa said:
Norton never sends mail to its users..
r u sure mate... as i see u have a brainiac tag so i am not going to argue with u... but i saw when some one donwloads any Trail product from sysmantec.... he/she gets mail from symantec notifing them about how many days r left.... what will it cost... about new product update... & guess what?? their address is same...
 

selva1966

Journeyman
When I was using Norton some months back I did send a virus as attachment to them and also gave my email id. First an acknowledgment was received auto generated then after 1 or 2 day another mail saying that particular virus is not a big problem and advising virus update. So symentec does send email.

But if you are not using norton someone somewhere is trying to send a virus. After all norton is most popular anti virus so the probability reaching someone who is using norton is more.


Poor fellows don't know saurav_cheeta is smart and digitized :p :p :p
 

AlienTech

In the zone
I would use a tracert then notify abuse @ each node I find. Usually I have found that they will reply. If I don't get a reply I will go up each node and no admin wants to get 1000 emails complaining about someone who rents/leases/uses their network is causing problems so they will do something. Especially one of the big ISP's.

I usually start with the last node itself, usually it is the local ISP from where the virus was sent and he would know who was sending it out and block their access. It is not good to go to regional levels. Then not only that ISP but everyone else sharing those lines might get blocked.

Now some of these guys think they are big shots, which is why block lists came into being. No one wants to get on a block list. Because then zillions of people who use automatic block-lists will automatically be blocked from their domains. So no one wants to piss off anyone these days.

I looked at Peer guardian, It blocks over 80% of the internet.
 

aadipa

Padawan
This is a virus... For further info have a look at

*securityresponse.symantec.com/avcenter/venc/data/pf/w32.netsky.p@mm.html
 

aadipa

Padawan
aadipa said:
"saurav_cheeta
aadipa said:
Norton never sends mail to its users..
r u sure mate... as i see u have a brainiac tag so i am not going to argue with u... but i saw when some one donwloads any Trail product from sysmantec.... he/she gets mail from symantec notifing them about how many days r left.... what will it cost... about new product update... & guess what?? their address is same...[/quote:52166fe0a3]

The senders address can be fished with so don't trust it. BTW I was wrong on the claim that Norton/Symantec will not send _any_ email. Infact they do send. But they don't think they send patches/virus definition updates by email.
 
OP
Choto Cheeta

Choto Cheeta

Rebooting
aadipa said:
This is a virus... For further info have a look at

yup... but that virus has a host... a computer whos owner doesnt know about it... & he/she might have my email address on his/her address list... thats why i was asking u guess for a trace or who is look up... i did by my self & posted that here...

Aadipa said:
The senders address can be fished with so don't trust it. BTW I was wrong on the claim that Norton/Symantec will not send _any_ email. Infact they do send. But they don't think they send patches/virus definition updates by email.

thats the point.... there r telnet email sending procidure from that u can send an email from any ones address.... thats i know.... so the big question that comes to my mind is how to know...?? the way i know any one can impliment it to send an email with the name of my email..... so how to ID the emails??
 
Status
Not open for further replies.
Top Bottom