From

Location

Message

Date Posted

New Jersey

After posting a message yesterday, I woke up this morning to find that I've been sent a little present from bigpumpkins...

Now I'm not certain of the status of this website... Some things seem updated, while others appear to have remained stagnant since 2001, so I don't know if there is anybody there to care. I believe your system is infected or has been violated. Here's my email server's response...




---------- Forwarded message ----------
Date: 11 Aug 2003 12:55:32 -0000
From: System Anti-Virus Administrator <****@******.net>
To: ****@*********.net
Subject: virus found in sent message "Is USA always number one?"


Attention: [email protected]


A virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching its destination.

The virus was reported to be:

Worm.Ganda-A


Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.

8/11/2003 9:12:48 AM

New Jersey

After a short bit of reading it appears that the originator of the email may not be the bigpumkins server...



e-mail worm was found on 17th of March 2003. It uses it's own SMTP engine to send e-mails to addresses collected from Windows Address Book.

The e-mails include a attachment which is a SCR (screen saver) file around 45kb in size (62kB mime-encoded). The filename is always short, such as RG.SCR or PW.SCR.

Some of the messages sent by the worm have a fake sender address, replacing the "From" field with addresses belonging to Swedish journalists or school officials. These people have nothing to do with the worm and they are not spreading it either - the worm just tries to make it look like that.

These fake addresses include [email protected], [email protected], [email protected] and several personal addresses from tidningen.to and aftonbladet.se (Swedish magazines). The worm will send massive amounts of rant e-mails to these addresses as well.

The messages sent by the worm are in Swedish or in English, depending on the language settings of the infected computer.

In addition to the email spreading, Ganda also parasitically appends a small piece of code to PE executable files. The purpose of this code is to patch the locations of API calls so the worm code will be executed.

8/11/2003 9:18:04 AM

New Jersey

So the bigpumpkins name may be being spoofed,
however it doesn't appear I got this email at random.
As I said I had posted yesterday got the email this morning. So you may have an email waiting for you too.
They have taken our addresses from the hyperlink for our names...

Off to see my pumpkins and ponder the pure stupidity of the perpetrator...

8/11/2003 9:20:38 AM

Appalachian Mtns.

This happens about every 2 months, to me at least. Same thing.
Someone has caught the virus and it's gone for the address book.

8/11/2003 1:17:30 PM

Connecticut, USA

I do know the status to of the website, since its is mine. Let me assure you the from address IS being spoofed. We keep our security patches virus software up to date. Unfortunately, not all of our users do. Just as someone gets a virus once every two months, someone accuses us of passing it to them once every two months. This is the price we pay for our sites popularity.

8/11/2003 3:12:43 PM

Ohio, USA

Those viruses sometimes can be just as annoying as things that hurt your pumpkins.

8/11/2003 7:58:22 PM

New Jersey

"I do know the status to of the website, since its is mine. Let me assure you the from address IS being spoofed. We keep our security patches virus software up to date."

Thanks for that assurance. I have no doubt that the mail was not intentionally sent in any way from bigpumpkins.com.
I wasn't quite certain of the status of things and I feel much more comfortable visiting the site now that you've let me know that.

"someone accuses us of passing it to them once every two months. "

My note was more of a heads up to other users here to watch your email cus if I got it, odds are it came to you too. Didn't mean to sound like I was making any accusations at ya. Anywho, much thanks for stopping in and letting me know it's not a ghostship here. Stay safe everyone and keep the virus off your PC and your Pumpkins. :)

Anyway no harm done here. Have a good one.

8/11/2003 9:22:58 PM

Connecticut, USA

In general, everyone should know this: We do NOT send email messages to individuals with the webmaster account. So if you get an unsolicited message from webmaster just delete it. Also, we NEVER, I repeat, NEVER send attachements to people without a prior email telling you to expect the attachment.

Thanks for helping me clear this up as viruses can leave us all very frustrated.

8/12/2003 8:33:36 AM