AtomicCEO Posted January 18, 2006 Share Posted January 18, 2006 I keep getting emails from a friend of mine that contain a virus. They don't affect me on my mac... but I want to help him. It is clearly this virus: http://www.sophos.com.au/virusinfo/analyses/w32nyxemd.html ...and doing an IP lookup on the sending server that the email is coming from reveals that it is coming from a Global Crossing server in Phoenix (my buddy is in Boston). Where can I find more info on this? I assume that he doesn't actually have the virus, but someone else does that has him in the address book. Or, is that not the case with this virus? Quote Link to comment Share on other sites More sharing options...
Ursa Majoris Posted January 19, 2006 Share Posted January 19, 2006 (edited) I keep getting emails from a friend of mine that contain a virus. They don't affect me on my mac... but I want to help him. It is clearly this virus: http://www.sophos.com.au/virusinfo/analyses/w32nyxemd.html ...and doing an IP lookup on the sending server that the email is coming from reveals that it is coming from a Global Crossing server in Phoenix (my buddy is in Boston). Where can I find more info on this? I assume that he doesn't actually have the virus, but someone else does that has him in the address book. Or, is that not the case with this virus? 1273393[/snapback] This post slipped through quickly, nearly missed it. As far as I can see, this is yet another of the spoofed sender variety. Someone has him in their addy book and the virus sends itself out as an email purporting to come from him. I hadn't realised this before, but each of the big AV companies has it's own name for some of these viruses. Check out this Symantec page and you'll see Symantec call this one W32.Blackmal.E@mm. It's absolutely brand new (see discovered date, same page). The latest signature file seems to cover it, but the page I linked has full removal instructions (scroll down to Removal Instructions). Edited January 19, 2006 by Ursa Majoris Quote Link to comment Share on other sites More sharing options...
Ursa Majoris Posted January 19, 2006 Share Posted January 19, 2006 ^^^^^^^^^^ Bumpity-bump Quote Link to comment Share on other sites More sharing options...
AtomicCEO Posted January 19, 2006 Author Share Posted January 19, 2006 Actually... it turned out that it was him who was infected. It was spoofing his Yahoo address on his computer, and sending out viruses from a server in Arizona. Weird. Anyway. He got it cleared up. Thanks for the help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.