beware upload.ntlworl.com!

[spiderplant]

I've just fallen for typing my username and password into an FTP server at upload.ntlworl.com. Doh! At least I realised pretty quickly and have now changed my password.

One to watch out for.

[paulyoung666]

Quote:

Originally Posted by spiderplant

I've just fallen for typing my username and password into an FTP server at upload.ntlworl.com. Doh! At least I realised pretty quickly and have now changed my password.

One to watch out for.

i wondered what the hell you were on about for a minute until i read it properly , where did that come from

[clammit]

I think that recent ntl upgrades might have left us vulnerable.

I've just had an email 'returned' from
"stephen@sauldharrison.com"
because:
"Your message (header below) has been deleted because of the following error:
A virus of type Unidentified Virus was detected in attachment document.zip"

No email sent to them by me and never had that kind of messangs sent to me. Virus check said everything OK.
Any suggestions, anyone?

[Kneebs]

Quote:

Originally Posted by clammit

I think that recent ntl upgrades might have left us vulnerable.

I've just had an email 'returned' from
"stephen@sauldharrison.com"
because:
"Your message (header below) has been deleted because of the following error:
A virus of type Unidentified Virus was detected in attachment document.zip"

No email sent to them by me and never had that kind of messangs sent to me. Virus check said everything OK.
Any suggestions, anyone?

Probably someone else spamming / sending out the virus, with lots of different faked from addresses - yours will be one of many I'd imagine

[clammit]

Quote:

Originally Posted by Kneebs

Probably someone else spamming / sending out the virus, with lots of different faked from addresses - yours will be one of many I'd imagine

I don't think my address is one that would be guessed - I'm thinking that it must have been taken from a list. ?

[Kneebs]

Quote:

Originally Posted by clammit

I don't think my address is one that would be guessed - I'm thinking that it must have been taken from a list. ?

Yep, that or maybe one of your pals has your address stored in their address book, and they've got the virus, and its gone through the list, harvesting all the address

[Shaun]

Quote:

Originally Posted by spiderplant

I've just fallen for typing my username and password into an FTP server at upload.ntlworl.com. Doh! At least I realised pretty quickly and have now changed my password.

One to watch out for.

Have you let Ntl know about this? I believe that the e-mail addy is abuse@ntl.com

[spiderplant]

I will email the abuse mailbox, but I doubt there's anything they can do (apart from warn other users).

SamSpade says that ntlworl.com is registered in Korea.

[goldfrog]

Quote:

Originally Posted by clammit

I think that recent ntl upgrades might have left us vulnerable.

I've just had an email 'returned' from
"stephen@sauldharrison.com"
because:
"Your message (header below) has been deleted because of the following error:
A virus of type Unidentified Virus was detected in attachment document.zip"

No email sent to them by me and never had that kind of messangs sent to me. Virus check said everything OK.
Any suggestions, anyone?

Looks like the Mydoom virus Look here

[clammit]

Quote:

Originally Posted by Kneebs

Yep, that or maybe one of your pals has your address stored in their address book, and they've got the virus, and its gone through the list, harvesting all the address

Thanks. I shouldn't have jumped to the conclusion that it was in any way ntl's fault. Habit I suppose.

[Alan Waddington]

I think ntlworl.com has a wildcard in its DNS since I can ping pretty much anything

Code:

C:\Documents and Settings\Alan Waddington>ping *********.ntlworl.com

Pinging *********.ntlworl.com [220.80.108.83] with 32 bytes of data:

Reply from 220.80.108.83: bytes=32 time=321ms TTL=241
Reply from 220.80.108.83: bytes=32 time=309ms TTL=241
Reply from 220.80.108.83: bytes=32 time=327ms TTL=241
Reply from 220.80.108.83: bytes=32 time=309ms TTL=241

Ping statistics for 220.80.108.83:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 309ms, Maximum = 327ms, Average = 316ms

[Paul M]

and the IP is also Korean - KOREA TELECOM to be exact.

[SOSAGES]

fiendish little buggers

[Marge]

Quote:

Originally Posted by Alan Waddington

I think ntlworl.com has a wildcard in its DNS since I can ping pretty much anything

Code:

C:\Documents and Settings\Alan Waddington>ping *********.ntlworl.com

Pinging *********.ntlworl.com [220.80.108.83] with 32 bytes of data:

Reply from 220.80.108.83: bytes=32 time=321ms TTL=241
Reply from 220.80.108.83: bytes=32 time=309ms TTL=241
Reply from 220.80.108.83: bytes=32 time=327ms TTL=241
Reply from 220.80.108.83: bytes=32 time=309ms TTL=241

Ping statistics for 220.80.108.83:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 309ms, Maximum = 327ms, Average = 316ms

class

[Rob]

Quote:

Originally Posted by clammit

I think that recent ntl upgrades might have left us vulnerable.

I've just had an email 'returned' from
"stephen@sauldharrison.com"
because:
"Your message (header below) has been deleted because of the following error:
A virus of type Unidentified Virus was detected in attachment document.zip"

No email sent to them by me and never had that kind of messangs sent to me. Virus check said everything OK.
Any suggestions, anyone?

THIS IS A NEW VIRUS (Apologies for the shouting!) Dont open the .zip file.

it comes in other forms too with headers on email such as Test etc. My office got bombarded with over 100 dodgy emails today

The virus has spread like wildfire throughout the day. It's called Novarg or Mydoom depending on your A/V provider, and is potentially far bigger than SoBig which hit last year.

Everybody should ensure they have updated their antivirus software, even if they only did so yesterday.