Virus from Surefire.com?

Candle Power Forums

Help Support Candle Power:

Greymage

Enlightened
Joined
Feb 19, 2002
Messages
406
City & State/Province
Austin, TX
I've been getting NetSky viruses, most addressed to me at:

[email protected]

where mydomain is my domain. Has anyone else seen these? The reason I think Surefire.com is the infection point is that I use site-specific emails when I buy things online, so I would only have used the surefire address at Surefire.com
 
[ QUOTE ]
Size15s said:
Have you informed SureFire's Webmaster?

[/ QUOTE ]

Yes, I just did... the address is sandiegomedia, so I guess they don't have an in-house webmaster.
 
As an Amazon Associate we earn from qualifying purchases. Product prices and availability are accurate as of the date/time indicated and are subject to change.
No response from webmaster and still getting viruses.

It might not be surefire itself, might be someone they sold their email list to, or someone who stole their email list.

Still, would be nice to get a response.

No one else is getting viruses directed to an email they used when buying stuff from or contacting Surefire?

--- [email protected] wrote:

> From: [email protected]
> To: [email protected]
> Subject: Re: Re: Re: Your document
> Date: Thu, 12 Aug 2004 07:43:42 -0700
>
> See the attached file for details.
>

> ATTACHMENT part 2 application/octet-stream name=document_4351.pif
 
Netsky tends to forge email addresses, so it could have stolen the surefire.com addresses from someone's address book along the way, and then sent you an email with the forged headers.

Kinda like you sending person A an envelope with Person B's return address on it, instead of your real return address. A now thinks B did the dirty deed..
 
I think greymage said that he set up a specific mail address to use with surefire, so it's known only to surefire. It's most likely that a computer at surefire is infected. The infected system also has the address [email protected] in it's
files somewhere, as that's the one that was spoofed.

Netsky is still accounting for about 50% of the viruses that I see at client sites. I trap about 100 a day going to a company of less than 500 people.

Daniel
 
[ QUOTE ]
KevinL said:
Netsky tends to forge email addresses, so it could have stolen the surefire.com addresses from someone's address book along the way, and then sent you an email with the forged headers.

[/ QUOTE ]
Yes, the source address for the emails is always different. Actually it looks like it picks someone else's email address to use as a source.

But it's the destination address that makes me think Surefire is infected, I only used that one email address with Surefire.
 
Thanks, I sent an email with an Attn: Derek McDonald to their customer support email, hopefully they'll respond to that one.
 
Back
Top