CatAdjuster.org, Resources for Adjusters from Adjusters
Virus emails CatAdjuster.org | Archive Index |

The Adjuster's Forum » General Discussion » Virus emails « Site Map »
Topics | Home | Current Forum | Jobs, Training and more | Adjuster Roster | Channels | Resources | Contact Us

Author Message
tomweems
Posted on Thursday, December 06, 2001 - 11:14 am:   

I got the Wardlaw letter a few weeks ago, and emailed them the link to the SirCam removal tool. I got more junk this morning, but of course Norton Systemworks 2002 caught it and that was the end of it. Virus software is required now and if everyone would go and install it and keep it updated, this would be a dead issue. I catch about 2 a week, but they never penetrate my network due to my vigilance against them. I lost a lot of money and time to a virus in 1995, and it taught me the lesson. Update weekly, set your scan for midnight every night and enjoy the messages when you catch them. I wish once I could meet a virus writer.
Gale Hawkins (Gale)
Posted on Wednesday, December 05, 2001 - 9:55 pm:   

Donít anyone bother to send me one but It has been a while since I have seen one. I think we thought CADO was a target just because we got so many but if it emails out of oneís address book guess who would be getting them. They are expensive but part of the risk of doing business at this time. Thanks Roy for the update. Keep up the good work.
Roy Cupps (Roy)
Posted on Wednesday, December 05, 2001 - 12:04 pm:   

I do feel that it is also the size of our community that contributes to the spreading on the virus. Most of us know someone on this site that knows someone else and so on. Just like spreading a cold.

I do realize that some people do come to the site for the purpose of locating email addresses for their spam operations. Some spammers even use a program that is like a search engine "spider" to visit sites and grab all of the email addresses it can find, this is called a "email harvester". This has been a problem for webmasters for a long time.

Here are some of the things that have been done on CADO to reduce email harvesting and virus spreading.

The CADO mail server has a virus protected gateway. Any email sent to the server or from the server is checked for viruses and if a virus is detected the email is deleted by the program which then sends a notice to the recipient that a virus infected email has been found and deleted.

We have removed the email addresses from the Member Roster, this was done about the first of the year.

We offer user accounts for all areas that let the holder of the accounts decide if their email address is made public or is kept private. For example on this forum you can chose to show your email address or keep it private just by going to the "edit profile" section and choosing the option.

In some areas when a holder of a user account wishes to post their email address is not posted. An example of this would be the Bulletin Board, when someone replies to a Bulletin the email address is not shown.

CADO offers a Message Center that allows you to communicate with other CADO users without using email addresses.

The Classified area protects the email address, when someone wants to reply to the ad they click on the contact link and the script sends the email to the ad provider without providing or disclosing the email address.
TomS
Posted on Wednesday, December 05, 2001 - 11:39 am:   

Roy, you misunderstood, I did not say that the virus was created "solely" for the purpose of sending to cat adjusters or guests to CADO site. I said that everyone I have recieved was when a thread was posted a lot and I happened to post also. Also, if you will look at the ones we speak of it was like the Lmcginty in re: to Wardlaw lttr-head, and like that.
I would like to state clearly that I "think" the nexus is the CADO page or guests or members who post there. Now, as far as who is doing, thats another story. You and I both know it could be from anyones address book on down.
I merely stated the connection was to CADO, not even that it came thru,around or whatever, but I do email a lot of other people and visit other sites, and "never" have gotten anything in re: to a Cat adjusting company with a virus, nor a "I have this claim for you,etc" with a virus.
I hope I cleared this up. I further state it is not the CADO web site, it is just the connection that it "seems" to be with the emails the have the virus's all contain something to do with catastrophe adjusting. Now, everybody can do the math and try and figure it out.
Roy Cupps (Roy)
Posted on Wednesday, December 05, 2001 - 10:35 am:   

I still get on average one infected email a day. I disagree with Jim and the others that believe someone has created a virus for the purpose of sending it to cat adjusters or visitors to this site. In the past I have provided information that shows that the virus infected email problem is much bigger than our small community. Just take a look at the CNN Sci-Tech page. Here is a quote from that page.

"Experts described the virus, called "Goner," as one of the fastest-spreading they had yet seen and warned computer users to immediately delete it if they received it. Experts believe the worm was created in Europe. The U.S., the UK and France are the worst hit of the 17 countries affected so far."
Jim Flynt (Jimflynt)
Posted on Wednesday, December 05, 2001 - 7:54 am:   

Tom and Kile, I have noticed the same thing. If you will just be patient, I think you and the rest of our CADO readers are going to find some connection between the viruses being sent to cat adjusters and someone purporting to be "Allan Noland." There are some pretty amazing law enforcement and legal people working on the "Allan Noland" connection right now, and I expect some pretty disturbing revelations to be forthcoming.

Just give 'em a little more time to nail this guy and tie down what appears to be an airtight legal case.

And to think that one of our own would knowingly, willingly and apparently maliciously send out there viruses with the clear intent to damage or destroy the computers, software and data of fellow cat adjusters.
TomS
Posted on Wednesday, December 05, 2001 - 5:30 am:   

Kile, you are correct, my research indicates that when a "heated" thread with a lot of posts from "us" the virus's tend to show up. For the "most" part, the only thing "we" all have in common is this web site and adjusting. However, I am getting to the bottom of it. Or better yet, with help, getting to bottom of it. As previously posted, will find out sooner or later.
I just hope it stops, we have too much stuff on our computer and it is used to make us money for some jerk to screw around with us.
Kile Anderson (Kileanderson)
Posted on Wednesday, December 05, 2001 - 1:26 am:   

I may be jinxing us, but has everyone noticed that since we started publicizing the virus emails we get on this web site, the emails have stopped?
Steve
Posted on Wednesday, November 28, 2001 - 12:03 pm:   

To All:
Be on the look out for the BADTRANS virus. My Norton didn't automatically update like it was supposed to for a couple of days and a new strain had already infected me.
From what I'm told this is one nasty virus. It doesn't destroy any files but records each keystroke i.e. cc#, passwords etc.
It spreads to all who are in your contact list.
Many thanks to John Durham who notified me that he had received an email from me that was infected. I hadn't sent one, so something was definitely screwy. After manually updating, get what? INFECTED. All is well now and I apologize to anyone who might have received an email from me. When you delete it, be sure to delete your deleted folder also.
Keep all anti-virus software updated.
Steve
Clayton Carr (Clayton)
Posted on Tuesday, November 27, 2001 - 9:19 pm:   

Folks, I hope I don't just have a jerk in my knee; but suggest you watch out for the following email I rec'd this afternoon from;

adjusters@mindspring.com

with a text message saying;

" Hi, How are you?
I send you this file in order to have your advice.
See you later. Thanks. "

There was also two attachments.

I junked it all without opening the attachments. If I am wrong, I apologize in advance to whoever.
TomS
Posted on Tuesday, November 06, 2001 - 9:38 am:   

I have rec'd email with attached virus and forwarded to A.O.L. and have allready rec'd a response from AOL and the lead is very, very good. The email I rec'd was IMcginty@flash.net about Wardlaw. We are close to finding out who and hopefully we will know why. Any additional info in regauds to the apprenhension of this culprit in greatly appreciated. Upon positive proof as to the identity of the sender of these virus's, I will post the name. I find in deplorable that I have to watch my email for these things. We use our computers to "WORK" and when it is destroyed and the Estimating program done in, it costs us time and money.
So Mr/Ms Virus sender, Your trail is hotter and hotter, and lots of people are on the look out for you and it is just a matter of time to catch your no good sorry for nothing ass!!!
Also posted on Bulletin Board!
Clayton Carr
Posted on Monday, November 05, 2001 - 9:29 pm:   

Ladies and gentlemen, I see Tom's bulletin today talking of the same "bug" I reported here last Wednesday; re: "WARDLAW CLAIMS SERVICES LTTR-HEAD"
Be careful. Must get myself a "bulletin password", maybe that is where I should have noted this originally.
Kile Anderson (Kileanderson)
Posted on Wednesday, October 31, 2001 - 11:41 pm:   

Got a new one today from geoffre@dellepro.com. Same as all the others. Did anyone else get this one?
Roger
Posted on Wednesday, October 31, 2001 - 11:22 pm:   

Clayton,

Download the program and then you can check it with your virus program. It cannot bit you or harm your computer unless you open it. Otherwise, delete it where it is and reply manually to Wardlaw and ask them if they sent it.
Clayton Carr
Posted on Wednesday, October 31, 2001 - 8:47 pm:   

Hi Folks, I've been following with interest and concern all the high velocity comments back and forth in other threads the past few days.

However, I need some help or an opinion. I received an email with an attachment around noon on 10/31 from a Lora McGinty, re "WARDLAW CLAIMS SERVICE LTTR-HEAD" - just as it shows here.

I have had no recent dealings with Wardlaw and hence I didn't open it and wonder if anyone else received same?
Roy Cupps
Posted on Tuesday, October 16, 2001 - 12:51 pm:   

No it is not the server. With most email programs you can view the header information or details and it will show you the path that the email traveled. The CADO site is located on one server and there is another server for the email. The email server is protected by a virus scanning gateway, all mail sent to and from CADO passes through this gateway. Also the server environment is not the type of environment that this (per tech sheets) virus can work in. In other words the server is not a PC running Windows 98/95.
Kile Anderson (Kileanderson)
Posted on Tuesday, October 16, 2001 - 9:13 am:   

I don't think Roy's server is infected. I think there is a person sending these out intentionaly and getting the addresses off of this site.
David Houtz
Posted on Tuesday, October 16, 2001 - 5:58 am:   

Question?

If the virus was being sent due to Roy's server being infected, would the virus e-mails be sent out to all of the adjusters and clients Roy has?
Knock on wood I have not recieved the above virus.
steve f
Posted on Monday, October 15, 2001 - 8:25 pm:   

Received one from George Coyle titled "Georges Resume"
Did not open it.
William S. Cook (Wscook)
Posted on Monday, October 15, 2001 - 5:12 pm:   

If one includes as the first name in your address book AAAAAAAA@home.net. Any bogus virus emails that your computer elects to send out unknown to you will be indicated as a returned email.

If all CADO members had this as the first name in their address book then they would have early notice that their computer was infected and would shut down until problem is resolved. Most folks that are infected are unaware of them contributng to the problems.
William S Cook
Public Adjuster
Roger Eyman
Posted on Monday, October 15, 2001 - 3:14 pm:   

There is another way to handle these as the technicians at ICQ pointed out. Most if not all email providers have a filter system that is easily set to delete these messages as they come in and before you even see it. That does make things a little tidier.
Gale Hawkins (Gale)
Posted on Monday, October 15, 2001 - 1:09 pm:   

I got 3 more yesterday and just did the Shift/Delete thing so they are not sitting in the recycle bin.
Kile Anderson (Kileanderson)
Posted on Monday, October 15, 2001 - 11:43 am:   

I've gotten this George Coyle and all the other ones in the same vain only on my aol account too. Has anyone else gotten these messages on non aol email accounts?
Doni
Posted on Monday, October 15, 2001 - 10:38 am:   

I got one of the George Coyle titled 13 Addresses. I didn't download anything and deleted it immediately. Question: would sending a reply to the sender without downloading the file spread the virus? Does the virus spread by just opening the mail or do you have to download the file for it to spread. Just wondering if anyone knew because I sure don't.

Also I just realized, it came in on my aol acct, not my hotmail acct. Up until recently, I was using my aol exclusively, but have recently switched to hotmail which I don't think anyone on CADO has used yet. Maybe another clue?


Be safe. DoniLynn
Kile Anderson (Kileanderson)
Posted on Monday, October 15, 2001 - 8:56 am:   

I got another one this morning from George Coyle with the subject line George Coyle. From what I read Sircam looks for address in the infected computer's address book. I don't know any of the people I've recieved these emails from, so why would I be in their address book. I still say whoever is sending these things is getting our email addresses from this site. It is the only common thread among us all. Please let us know what the subject lines and senders names are from the mails that your are getting, maybe we can track this down.

Topics | Home | Current Forum | The Classifieds | Adjuster Roster | Channels | Resources | Contact Us