Has anyone else started getting these emails with little .zip files attached? I got 2 today both routed through my legends email account. PLease be careful about downloading .zip files that are supposedly sent by other club members. Just a heads up... ;)

I have received a couple also, but my norton anti-virus got rid of them (just dont open them) >:(

Here's a little update on that subject. I finally took a significant break from everything and threw every resource I had at tracking this person down. I collected the last 5 virus-infected emails and analyzed them using some "software" that I have. I found some interesting details.

First thing to note is that these emails are not coming from where the they say they are - nor are they coming from where the hidden email header say they are. That's what threw me at first glance. As soon as you start dissecting the hidden email header (the handshake between email servers & the trail that the message went through) it looks like the source is a Verizon customer. Not so.

I tracked the source down to Western Washington Community College Association. That's the first road block, because the institution is huge - a collection of community colleges across western Washington.

I used a few "tricks" to collect as much info on the client as I could. - not necessarily the most ethical thing to do, but in this case I made an exception. I got a handful of details.

I called the admin center and spoke with two different people and explained the details. They were very helpful and polite. I gave them my phone number and my full name and asked them to give my name to the person there who's infected with the virus (the same person who's sending the viruses to us). I'm hoping that the person is familiar to our club in some way, which would explain why so many of us are getting nailed. It appears that the person is either working in one of the institution's labs or admin offices. The last person I spoke to there will easily be able to track it to the workstation and fix the issue. He will contact me soon with an update.

What's interesting about the infection is how it propagates. The infected client searches for vulnerable email servers, or uses an email client with an account and sends itself from the vulnerable email server. This is what disguises the source of the email. It also checks for "known" addresses in the person's address book, or in temporary internet files (a folder found on almost every windows computer in the world) and uses the email address to send itself. That's what makes me suspicious that the person is somehow familiar to the club. The person had to be aware of our email addresses.

I don't have any hard feelings - I've been infected before - crap happens. I just wanted to get it resolved. Hopefully that will happen soon. * *;)

Wow sounds like quite an investigation! Thanks again Lonnie, I know how you feel when you just have to get to the bottom of something. You are one resourceful dude! Glad we have you on our team.

Hi Lonnie,
Wow, what a trail you have been down looking for the source of this pesky virus.
I hereby declare you the Captain of the NW Legends Cybercrime unit. Thanks for being so resourceful and watching our backs and hard drives!!

I received an email today from: mailman-ownerqw2 with the subject northwestlegends membershipr eminder....

Is this legit, or is this the virus?

It's a legit email, but disregard it. It's just a reminder that I forgot to turn off. I created a distribution list that includes all Legends members with email addresses so I can reach you all quickly if I need to. I intended to turn off the reminder because it only confuses people.

Thanks for pointing it out, Rick - it may help resolve some questions that others have.

I got an update from Bill at the W.W. C. C. Association. They've located the specific workstation that's suspect. No one was sitting there at the time, so as of 4:00 PM this afternoon, we still don't yet know who uses the workstation. But at this point they should begin the cleaning process on the computer and relieve us of at least some of the virus outbreaks.

In the mean time, please let me know if any of you receive suspicious emails from Legends club members with attachments. I have instructions that will enable you to read the hidden header without infecting yourself.

Bear in mind that this only corrects one source of virus outbreaks. If anyone else opened the infected email they too subjected themselves to the virus and could become infected.

As a first line of defence, I recommend everyone schedule a few minutes out of their week and go to Trend Micro's FREE online virus scanner - A.K.A. "House Call" at this address:
http://housecall.trendmicro.com/housecall/start_corp.asp
Trust the source of the certificate - if you intend to use it again some time, I'd suggest you check-mark the box that reads "Always trust..."

It's as close to accurate as you can get online.

Thanks to everyone for their patience, I know it's a pain in the @$$ to be the target of a virus.

Hey Mr. Computer Man,

Will this virus site override my Norton Antivirus software? Or am I just asking too many questions? ::) ::)

There will be no conflicts between House Call and any other antivirus software you may have. It doesn't actually install Trend Micro's product, just a helper app that allows an online scan. Your regular scanner will remain in effect and unaltered.

Good question though. ;D