STORM2K

Please disregard the email you received overnight from "storm2kupdates@yahoo.com" and if you haven't already, please do not click the links in the email. This was NOT sent by the storm2k administrators. Further information may be provided later.

what does it do? is it a virus?

See this post

Their virus software triggered when they clicked the link.

I would agree; I am very leary about opening .zip files unless I know and trust who is sending them or making them available.

(FYI: You are not seeing things: This mesage from southerngale was placed in some of the more popular sections. I found this post in the Board News forum! )

I did not click the links myself but another member replied in the thread in Board News that his Norton Internet Security 2004 killed it as medium risk.

Please do not click on any of the links in the email. It was NOT sent by any of the storm2k staff but I assure you, we will get to the bottom of this.

Next time I'll be sure to get that first cup of Java in me before clicking on any suspicious links.

I would strongly advise against downloading that thingy....

It's as simple as deleting the email, which I did.

Jim

Glad I checked the board before my mail. I have a good AV but who knows what it would have picked up.

I opened it this morning and noticed something different about it right away. Normally when the staff send out an email, after the personalized section, it's signed by either Storm2k staff or storm2k admin. This one was signed storm2k.org, so that immediately threw up a red flag. Plus Chad hadn't mentioned it to me, so I was also suspicious.
...Jennifer...

Something told me not to open it.. so I didn't.. It's a shame though lol.. I really thought there'd be new software lmao..

Just kidding.. you guys are great even without new software..

I didn't get the email. Something weird did happen to me the other night, tho. I was browsing around looking for information on MS earthquakes when suddenly my Norton antivirus alarmed me to a potential problem. You don't suppose I got avirus and it emailed itself out disguised as s2k, do you?

I doubt it...unless you have everyone here in your address book.

thanks, wx27...I didn't think about that. I must still be asleep!

I opened it. I hope it doesn't mess up my computer.

From my hotmail page:

MIME-Version: 1.0
Received: from mc10-f5.hotmail.com ([65.54.166.141]) by mc10-s12.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Fri, 21 May 2004 02:05:51 -0700
Received: from sprinthost.nhcwx.com ([216.127.92.122]) by mc10-f5.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Fri, 21 May 2004 02:05:42 -0700
Received: from storm2k by sprinthost.nhcwx.com with local (Exim 4.24)id 1BR5sh-0004NS-H1; Fri, 21 May 2004 04:59:55 -0400
X-Message-Info: FdnYIHvXcrIC8X6EGQOpjALpv6b01l1twPYFI78Ezq0=
X-AntiAbuse: Board servername - http://www.storm2k.org
X-AntiAbuse: User_id - 3
X-AntiAbuse: Username - chadtm80
X-AntiAbuse: User IP - 202.157.0.52
Message-Id: <E1BR5sh-0004NS-H1@sprinthost.nhcwx.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sprinthost.nhcwx.com
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [32004 505] / [47 12]
X-AntiAbuse: Sender Address Domain - sprinthost.nhcwx.com
Return-Path: storm2k@sprinthost.nhcwx.com
X-OriginalArrivalTime: 21 May 2004 09:05:42.0627 (UTC) FILETIME=[CB512330:01C43F12]

It looks like possibly someone hacked into Chad's account? That ip does not match Chad's btw.

damn... i didn't open it but my immediate thought was "cool... S2K desktop software!". figured since it was a zip, required an install so i chose to wait. good thing i did...

thanks for the heads up.

I started to download it, too.

The sicko whoever sent it!

Recently updated a new Norton program so hopefully took care of any potential problem...

Eric

Hmmmmm.... I haven't even checked my email yet(LOL, I rarely check my email anyway, the thing is probably overflowing again).

Based on what Kevin posted (thanks, Kevin!), I did an IP lookup. It appears to be someone in Queensland, Australia.

Search results for: 202.157.0.52


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2004-03-30

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

# ARIN WHOIS database, last updated 2004-05-20 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

It is not originating in Queensland I don't think. It is being routed through there to try to avoid detection. We already have some id on who may have sent it and it isn't anyone in Australia. We are doing all we can to track it completely. Trust me it will be reported!!!!!

Rest assured guys....

This problem will be taken care of by the Admin and staff here.

Thanks Kelly for posting the heads up