Mail from Symantec ??? with virus

[Choto Cheeta]

From past few days i'm getting emails on my yahoomail from support@symantec.com saing that...

"The sample file you sent contains a new virus version of buppa.k.
Please update your virus scanner with the attached dat file.

Best Regards,
Keria Reynolds"

but the attach file it self contails virus....... but yahoo online scan dont detects those viruses but my system does....... what is going on......

what should i do??

i use NAV04

[SouvikSinha]

Dear Saurav,
The mails, which you are getting are not from Symantec at all. Someone else is sending you those mails by faking the Symantec ID. The attachments are virus infected, indeed. Please put the ID support@symantec.com to your block list and never download any attachment from any unknown source.

[Choto Cheeta]

well the emails r back again... from this IP 202.141.21.245

[Choto Cheeta]

Quote:

IP address:
Looking for '202.141.21.245'

Server reply [1022 bytes in raw data]:

inetnum: 202.141.20.0 - 202.141.23.255
netname: ERNET-SATWAN
country: IN
descr: ERNET India
descr: Department of Information Technology
descr: Electronics Niketan
descr: 6, CGO Complex
descr: New Delhi - 110003
admin-c: AS384-AP
tech-c: AS384-AP
status: ASSIGNED NON-PORTABLE
changed: apnic@eis.ernet.in 20040903
mnt-by: MAINT-AP-ERNET-INDIA
changed: hm-changed@apnic.net 20040903
source: APNIC

person: Anupam Srivastava
nic-hdl: AS384-AP
e-mail: anupam@eis.ernet.in
address: ERNET India
address: Electronics Niketan, 6 C.G.O Complex
address: New Delhi-110003
address:
phone: +91-11-24361329
fax-no: +91-11-24362924
country: IN
changed: apnic-maintainer-alarm@eis.ernet.in 20041229
mnt-by: MAINT-IN-CUSTOMER-ERNET
source: APNIC



---

guyes... check the IP trace... humm Department of Information Technology..... well as a reciever of this email do i have right to complain... but if i do then whom to complain??

[icecoolz]

just ignore them. There is no point in blocking these mails either. As they will appear from different ID's which all will sound extremely credible (such as admin@symantec.com and so on). Just delete them and forget abt it. If you are using yahoo then turn on your junk mail filters. They are very very good.

[Choto Cheeta]

Quote:

Originally Posted by icecoolz

just ignore them

which i have did a year back... emails were stoped then... but they r back again... so what about this??

Quote:

Originally Posted by I

guyes... check the IP trace... humm Department of Information Technology..... well as a reciever of this email do i have right to complain... but if i do then whom to complain??

[Intruder]

yes..

I used to get it long before. delete it as soon as u get
thats the safe way.
and dont forget to enmpty trash.
Cleanup(delete) the quarentine stuff if any

Do nothin else
thats the safe way out as Saurav said

[QwertyManiac]

Wait i think ur infected file if anny has been autosent by nav to sym, thus the mail...

[expertno.1]

Quote:

Originally Posted by QwertyManiac

Wait i think ur infected file if anny has been autosent by nav to sym, thus the mail...

what do you meant ?

[mariner]

dumo it straight !!!!!!!!

[mariner]

dump it straight to the kachra bin !!!!!!!!

[QwertyManiac]

Quote:

Originally Posted by expertno.1

Quote:

what do you meant ?

I meant that sometimes when an unknown virus is detected by NAV or it cant repair then it sends it to SYM for verification and free repair, this has an auto mode too... Thus it reminds again via mail...

Edit :
Bout the yahoo non detection, it has NAV 2005 from sym and thus it trusts the SYM server for thier mail wont it ? (backdoor in NAV ?)

[aadipa]

Norton never sends mail to its users.. These all mails are SPAM and virus itself.

[sidewinder]

Quote:

Originally Posted by saurav_cheeta

From past few days i'm getting emails on my yahoomail from support@symantec.com saing that...

"The sample file you sent contains a new virus version of buppa.k.
Please update your virus scanner with the attached dat file.

Best Regards,
Keria Reynolds"

but the attach file it self contails virus....... but yahoo online scan dont detects those viruses but my system does....... what is going on......

what should i do??

i use NAV04

Dear Saurav this mail itsellllllf is a virus.just delete it

[Choto Cheeta]

@sidewinder the messege u queted... was writen by me a year ago.. so i did deleted them, i did IGGY them... no problem with that...


but From the IP which i wrote... trace that one.. see where it leads u.. is that a privet Company?? GOV office or ISP... as they r sending that email (may b they anware of it)... so thought notifing them... & also Symantec.... so do one has the right to complain??

& also can we really call it spam?? as its not advertising some thing.... rather its an attack...

& yes the NAV of YAHOO cant find that virus....

Quote:

Originally Posted by QwertyManiac

I meant that sometimes when an unknown virus is detected by NAV or it cant repair then it sends it to SYM for verification and free repair, this has an auto mode too... Thus it reminds again via mail...

well i used to use NAV long time ago... but for previous 10 or 8 months i am useing KAV 5.0.372.... so no question of my system sending some thing to their server....

Quote:

Originally Posted by aadipa

Norton never sends mail to its users..

r u sure mate... as i see u have a brainiac tag so i am not going to argue with u... but i saw when some one donwloads any Trail product from sysmantec.... he/she gets mail from symantec notifing them about how many days r left.... what will it cost... about new product update... & guess what?? their address is same...

[selva1966]

When I was using Norton some months back I did send a virus as attachment to them and also gave my email id. First an acknowledgment was received auto generated then after 1 or 2 day another mail saying that particular virus is not a big problem and advising virus update. So symentec does send email.

But if you are not using norton someone somewhere is trying to send a virus. After all norton is most popular anti virus so the probability reaching someone who is using norton is more.


Poor fellows don't know saurav_cheeta is smart and digitized

[AlienTech]

I would use a tracert then notify abuse @ each node I find. Usually I have found that they will reply. If I don't get a reply I will go up each node and no admin wants to get 1000 emails complaining about someone who rents/leases/uses their network is causing problems so they will do something. Especially one of the big ISP's.

I usually start with the last node itself, usually it is the local ISP from where the virus was sent and he would know who was sending it out and block their access. It is not good to go to regional levels. Then not only that ISP but everyone else sharing those lines might get blocked.

Now some of these guys think they are big shots, which is why block lists came into being. No one wants to get on a block list. Because then zillions of people who use automatic block-lists will automatically be blocked from their domains. So no one wants to piss off anyone these days.

I looked at Peer guardian, It blocks over 80% of the internet.

[aadipa]

This is a virus... For further info have a look at

http://securityresponse.symantec.com...tsky.p@mm.html

[aadipa]

[quote=aadipa]"saurav_cheeta

Quote:

Originally Posted by aadipa

Norton never sends mail to its users..

r u sure mate... as i see u have a brainiac tag so i am not going to argue with u... but i saw when some one donwloads any Trail product from sysmantec.... he/she gets mail from symantec notifing them about how many days r left.... what will it cost... about new product update... & guess what?? their address is same...[/quote:52166fe0a3]

The senders address can be fished with so don't trust it. BTW I was wrong on the claim that Norton/Symantec will not send _any_ email. Infact they do send. But they don't think they send patches/virus definition updates by email.

[Choto Cheeta]

Quote:

Originally Posted by aadipa

This is a virus... For further info have a look at

yup... but that virus has a host... a computer whos owner doesnt know about it... & he/she might have my email address on his/her address list... thats why i was asking u guess for a trace or who is look up... i did by my self & posted that here...

Quote:

Originally Posted by Aadipa

The senders address can be fished with so don't trust it. BTW I was wrong on the claim that Norton/Symantec will not send _any_ email. Infact they do send. But they don't think they send patches/virus definition updates by email.

thats the point.... there r telnet email sending procidure from that u can send an email from any ones address.... thats i know.... so the big question that comes to my mind is how to know...?? the way i know any one can impliment it to send an email with the name of my email..... so how to ID the emails??

[AlienTech]

good luck TELNETting into symantec, breaking into their systems and trying to send out virii using their SMTP servers.

Its not impossible to do.

[Choto Cheeta]

@AlienTech i am not doing any thing with symantec... knowing the programme doesnt mean u have to use it... u might know how to open a car without a KEY.... but that doesnt mean u r going to open cars parked in street... r u??

my reply was.... how to know that the email the is in my inbox addressing from my frnds email address.... is his?? not some one used the TELNET to send that email...

[cryptid]

keep in mind 1 thing ppl never download any file that has a double extension as in this case it is

.doc.pif