jellico.com, Inc. Information Page
jellico.com, Inc. Information Page
Information regarding any changes that are made to our service will be posted below.
More details here: http://news.cnet.com/8301-1009_3-10185517-83.html
ave had.
We hope you have a wonderful Thanksgiving, filled with family, friends,
and good food!
We will return to our normal hours on Friday, Nov. 23. Normal hours are:
Monday - Saturday: 9:00 AM to Midnight, EST
Sunday: 2:00 PM until Midnight, EST
Happy Holidays from jellico.com, Inc.
For instructions on how to look to see what your settings are and change them if necessary, see http://www.jellico.com/changes.html
This problem appears to be nationwide. Service is being restored as quickly as possible. As of 1:30 this afternoon, 72% of the affected routes have been restored. Service in the remaining areas should be restored later today.
We do have an answering machine here at jellico.com, so if you need to reach us for any reason over the weekend, please call the office and leave a message. Make sure that you leave your Name, Username, telephone number and the nature of your problem in your message. We will be coming into the office often throughout the weekend to check the answering machine and will return calls if a message is left.
Thank you for your understanding and patience this weekend
To download the new web accelerator software, go to our web site:
The first time you use the accelerator, you'll get a little window asking for your accelerator username and password. You should type in the same information you use to log on to the internet (username@jellico.com or username@jellico.net along with your password for your account).
As always, if you have questions or problems please call our office.
This e-mail is NOT from us. We would never sign an e-mail to our customers "Jellico Abuse Department" or "The Jellico Administration Team". If you ever receive an e-mail that says it is from us and you have any doubts what so ever do feel free to call our office and ask about it.
We apologise for the downtime but feel it is necessary in order to correct the problem.
November 23, 2005: One of the companies we get our phone numbers through is discontinuing some of it's numbers effective December 1, 2005. If your computer dials 562-4503 (Lafollette, TN) you will need to change that number to 352-1004. If your computer dials 745-4106 (Athens, TN) you will need to change that number to 252-1181. If you need assistance making this change on your computer, please call our office.
For instructions on how to look to see what your settings are and change them if necessary, see http://www.jellico.com/changes.html
An attachment named email-info.pif was removed from this document as it
constituted a security hazard. If you require this document, please contact
the sender and arrange an alternate means of receiving it.
This is an attempt to send a virus and did not come from jellico.com . Anytime jellico.com sends you a legitimate email, it will be signed by one of our names: like Lisa Casey or Steve Casey. As you can see, our virus scanners remove viruses before they reach your mailboxes! This is just another way jellico.com protects our customers and their computers.
We apologise for the inconvenience.
The phone company is working to repair the problem as quickly as they can.
Currently doing the rounds via spam is an apparent promotion for Microsoft AntiSpyware (“Download the new beta software from Microsoft today”) comprising a copy of Microsoft's Spyware index page with the AntiSpyware download links redirected to the attacker’s server—ftp.pisem.net in the sample I received, but this most likely changes.
Should you be unfortunate enough to download and run the linked executable, you’ll be getting a downloader trojan controlled by 1.dns10.peterhost.ru, installing a password sniffer that sends sensitive network traffic to publically-accessible web sites that are currently happily filling up with Hotmail and internet banking passwords.
So just to re-iterate what every security site says in this situation: Microsoft does not send e-mail promoting its downloads like this, and one should not generally click through links in e-mail, especially not to downloadable programs.
There’s actually a worse version going around under the guise of a BBC World news link titled “Attention !!! George W Bush is dead”, which if clicked through goes straight to an Internet Explorer security hole exploit. So should you be unlucky enough to click the link with IE as your default browser you get the same password-stealing trojan installed from bflog.net. (Do not visit this site in IE; even the index page currently contains an exploit.)
Since our mail server crashed on April 24, we don't yet have our full spam filters adapted over to the new system yet. You may have noticed an increase of spam in your mailbox. We will have these adapted over as soon as possible.
we have logged your IP-address on more than 40 illegal Websites.
Important: Please answer our questions!
The list of questions are attached.
Yours faithfully,
++-++ Federal Bureau of Investigation -FBI-
During the times we are closed we will check messages on the answering machine.
We want to wish everyone a Merry Christmas! and a Happy New Year!
About the W32/Zafi.D Worm: W32/Zafi.D is an email worm. This worm will infect Windows systems. The worm spreads through email. Since the worm uses Christmas greetings in the email it is expected to spread further.
The worm arrives with the following subject: Merry Christmas!
The spoofed 'From' address of the infected mail will be picked up randomly from the infected system. The body of the infected mail contains message connected to Holidays or random characters. It carries an infected attachment having a set of filenames with single or double extension. The second extension of the infected attachment can be .PIF, .BAT, .ZIP, .COM or .CMD.
(Note: jellico.com's virus scanning system should catch these but be wary anyway).
The name of the infected attachment will be associated with Christmas greetings. Due to this users are tempted to click the attachment.
You can read more information about this worm at:
http://www.protectorplus.com/virusinfo/worms/zafid.htm
We apologise for the inconvenience.
From: administration@jellico.com
Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.
Advanced details can be found in attached file.
Best wishes,
:)
It carries an infected attachment having a file name 'price' or 'joke', and
the extension of the infected attachment can be .EXE, .SCR .COM or .CPL. (This means our virus filters should catch it but be wary anyway).
Your e-mail account was used to send a huge amount of unsolicited email during this week.
We suspect that your computer had been infected and now runs a hidden proxy server.
Please follow instructions in order to keep your computer safe.
Virtually yours,
This E-mail WAS NOT sent by jellico.com If you receive such an E-mail DO NOT open the attached file. It is undoubtedly a virus.
About the W32/Mydoom.O Worm:
W32/Mydoom.O is an email worm. All Windows Operating systems are
susceptible to this worm. The worm spreads through email and
shared network drives.
The subject of the infected email will be either blank or about the
delivery of an email or from a pre-defined list maintained by the worm.
The body of the infected email describes about the email delivery details
from the Administrator. The 'From' address of the infected email is spoofed.
The worm carries an attachment. The name of the infected attachment will be
recipient's domain name, username or from a pre-defined list. The infected
attachment will have any one of the following extensions;
EXE, COM, SCR, PIF, BAT or CMD
You can read more information about this worm at:
http://www.protectorplus.com/virus_info/worms/mydoomo.htm
During this time you will not be able to logon to the Internet.
We apologise for the inconvenience, but this will make things better
because our data line will then stop going down unexpectedly.
Thanks for your patience. Sorry we weren't able to give you more notice,
but we just found out about this ourselves.
The campbellcounty.com mail server is not protected yet. It uses a different mail server software.
From: support@copperhill.com
Dear user of Copperhill.com,
For further details see the attach.
Best wishes,
Here's another variation of the same thing:
Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.
Further details can be obtained from attached file.
In order to read the attach you have to use the following password: 07777.
Kind regards,
Known as "MyDoom" or "Novarg," the worm uses a fairly new tactic to get unsuspecting computer users to diffuse its malicious code.
The worm is contained in e-mails with random senders' addresses and subject lines.
While the body of the e-mail varies, it usually includes what appears to be an error message, such as: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment."
While many computer users are savvy about not opening executable files or other attachments that may contain viruses, the latest worm masks itself as an innocuous text document or a file that the computer appears unable to read.
"This one is almost begging you to click on the attachment," said Sharon Ruckman, the head of anti-virus firm Symantec's security response team.
How do you get these? Sometimes your kids download them, some of these come
bundled in with other programs (such as Kazaa) and sometimes you can get
these just from being on the Internet. They can be downloaded to your
computer without your being aware of it.
We suggest that folks download software to their computer that can find
these things on your system and remove them. There are lots of software
programs that can do this but one that we use here at the office and can
suggest is "Spybot: Search and Destroy". You can download this program
from:
Don't wait until you get infected with one of these. Just yesterday we
had a customer whose browser (Internet Explorer) was hijacked and he
could not get to ANY web sites so it was too late for him to download it
then.
Treat it like your anti-virus software. Keep it (Spybot) updated and use
it regularly to scan your system. You might be surprised at what you find
lurking there!
On another note: we have reduced the price of our dedicated dial-ups.
Our normal dial-up accounts are "Unlimited Active Use" which means that
you can stay on as long as you are actively using the connection. With
a dedicated dial-up, however, you have the right to stay connected 24/7
and our software will not disconnect you, we won't hassle you about being
connected when you are not using it, nor will you ever see a charge on
your bill for having being connected to us when you are not using the
connection. Our dedicated 56K dialup was $99.95 per month, it is now
$69.95 per month. Our dedicated ISDN dialup has been reduced to $99.95
per month from $199.95 per month. Plus with a dedicated dialup you get
our dialup accelerator broadband software at no additional charge, an
additional savings of $5.00 per month. For more information, call our
office at 784-2000 or 1-800-895-5593 or visit
And lastly: we truly want to be the best ISP in your area. We try hard,
with office hours until midnight seven days a week and friendly knowledgeable
tech support personel who answer the phone when you call (rather than
keeping you waiting on hold for an hour just to speak to someone) and who
work with you to solve your problems. We would like to get some feedback
from our members on how we are doing. What do you like about our service?
What do you dislike about it? Are there any features we currently do not
offer that would be important to you? What can we do better? If you care
to respond to this, please e-mail your response to
service@jellico.com
We apologise for the inconvenience, but are trying to improve
service in your area.
1) On the day of the upgrade, our service will be down for
several hours.
2) After the upgrade is complete, our DNS server addresses will
change. If you are unable to access web pages or your mail
server afterwards you will need to change the DNS Server
numbers in your settings. The new numbers will be:
Primary DNS: 67.130.252.4
Do not change these ahead of time as they will not work before
our upgrade. As always, if you need help in making these changes
please call our office.
Unlikely as it might seem, yesterday's outage made the staff here at jellico.com, Inc. grateful. Not for the problems our customers experienced of course, but for the fact that we have not had a major outage like this in a very long time. Back in the "old days" (and as a company, we've been around a lot longer than most ISP's our size) we might experience two or three outages such as we saw yesterday a year. This doesn't happen anywhere near that much any more, and for that we are grateful!
Monday - Saturday 9:00 AM until Midnight EDT
Sunday 2:00 PM until Midnight EDT
Enjoy your Easter and thanks for being one of our members!
Click here for jellico.com, Inc.'s Christmas card to our customers.
jellico.com, Inc. will be closing at 6:00 PM EST on
Wednesday, Nov. 21 and will be closed all day on Thursday Nov. 22
(Thanksgiving Day) so that our staff can spend this holiday time at
home with family.
MERRY CHRISTMAS!
Our DNS Server numbers will soon be changing. This change should take place on Monday, Nov. 13, 2006. The new server numbers are:
PRIMARY: 207.191.185.4
SECONDARY (ALTERNATE): 207.191.185.8
The IP address of the tcnet.net mail server will also change on Nov. 13. The new number is: 207.191.185.2 If your e-mail address ends in @tcnet.net AND if you have numbers instead of names for your Incoming and Outgoing mail servers you should change these.
If your e-mail address ends in @jellico.com, @jellico.net or @campbellcounty.com, the IP address of that mail server will change on Monday, Nov. 13. The new IP address will be 207.191.185.6 If you have mail.jellico.com as your Incoming and Outgoing mail servers you should not need to change this. If you have numbers for the Incoming and Outgoing mail servers, and they are not 207.191.185.6, you will want to change these as soon as your e-mail stops working.
Dear Valued Member,
According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons.
http://www.no point in having this in here so i took it out
After following the instructions in the sheet, your account will not be interrupted and will continue as normal.
Thanks for your attention to this request. We apologize for any inconvenience.
Sincerely, Jellico Abuse Department
http://helpdesk.rootsweb.com/
In the meantime jellico.com has whitelisted the Rootsweb mail servers so our customers should start receiving rootsweb email ok again now.
ZDNet: Karma Sutra worm set to bite next week
PC World: Obscene Karma Sutra Worm Spreading Via E-mail
I (Lisa Casey, jellico.com) found the SANS page to be a bit confusing as to just how to download the patch. To get the patch for your computer click here then click on any of the first seven links at the top of the page you come to, then choose "Run" or "Open" from the window that you get. Follow the prompts to install the patch. We urge our customers to download this temporary patch so as to ensure that your computer is protected.
Windows Live Safety Center . Windows Live Safety Center is a new, free service designed to help ensure the health of your PC.
Our DNS Server numbers have changed. The new ones are:
PRIMARY: 208.44.26.4
SECONDARY (ALTERNATE): 208.44.26.8
The IP address of the tcnet.net mail server has changed. That number is now: 208.44.26.8 If your e-mail address ends in @tcnet.net AND if you have numbers instead of names for your Incoming and Outgoing mail servers you should change these.
If your e-mail address ends in @jellico.com, @jellico.net or @campbellcounty.com, the IP address of that mail server will change probably on Monday, Nov. 7. The new IP address will be 208.44.26.6 If you have mail.jellico.com as your Incoming and Outgoing mail servers you should not need to change this. If you have numbers for the Incoming and Outgoing mail servers, and they are not 208.44.26.6, you will want to change these as soon as your e-mail stops working.
WARNING: This email violated jellico.com, Inc.'s email security policy and
has been modified. For more information, contact service@jellico.com
Lisa Casey
jellico.com
If you have any doubts about an e-mail you receive that says it is from us feel free to call our office. But if the e-mail is similiar to what I have described, you're safe to just delete it and forget it.
http://www.cnn.com/2005/TECH/internet/05/03/sobernworm/index.html
Rest assured that our mail server is catching these worms before they arrive in your mailbox. (That's why the attachment is deleted).
Researchers have detected a variety of worms that are spreading through MSN Messenger. The number of worms using IM to spread is increasing. In the first six weeks of 2005 alone there have been 10 IM worms, three times the number for the same period
last year. For more information see:
http://asia.cnet.com/news/security/printfriendly.htm?AT=39220754-39037064t-39000005c
http://www.eweek.com/print_article2/0,2533,a=147185,00.asp
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,100264,00.html
Never click on the link for a URL sent in MSN Messenger IMs.
From: Web@FBI.gov
To: address@tcnet.net
Date: Tue, 01 Mar 2005 19:18:28 UTC
Subject: You visit illegal websites
Dear Sir/Madam,
M. John Stellford
++-++ 935 Pennsylvania Avenue, NW, Room 2130
++-++ Washington, DC 20535
++-++ (202) 324-3000
One of our customers has used Qurb to eliminate spam that our spam filters don't catch and this customer said it works great! If you'ld like to try it, click on the Qurb logo.
jellico.com will close at 6:00 PM EST on Christmas Eve and will reopen at 9:00 AM EST on December 27.
We will also close at 6:00 PM on Friday December 31 and reopen at 9:00 AM on Monday, January 3, 2005.
"Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is 866DEC0A, and your item will be shipped within three business days. To see details please click this link"
Since viruses often change, you may get an e-mail that says something different that has an infected link. Since this virus is not spread as an attachment to an e-mail, our virus scanners probably won't catch it.
Don't click on any links sent to you in an e-mail unless you are absolutely certain you know where the e-mail came from.
Click here for more information
Subject: [deleted attachment] E-mail warning
Date: Fri, 29 Oct 2004 17:27:12 -0500
Dear user of "Jellico.com" mailing system,
The Jellico.com team http://www.jellico.com
About the W32/Bagle.AT Worm:
W32/Bagle.AT is an email worm. This worm will infect Windows systems. The
worm spreads through email, shared network drives and KaZaA P2P software.
The worm arrives with a random subject, which can be combination of 'Hi',
'Hello' or 'Thank you' strings and some emoticons.
The spoofed 'From' address of the infected mail will be picked up randomly
from the infected system. The body of the infected mail contain any one of
the following emoticons:
:))
You can read more information about this worm at:
http://www.protectorplus.com/virus_info/worms/bagleat.htm
If you ask me there is really no excuse for this. In the interest of reducing spam, Verizon basically did things that made it difficult (if not impossible) for the entire Internet community to send mail to their customers. I wonder if Verizon customers know just how much legitimate e-mail they have missed in the past few months?
I have to admit that in spite of the spam filters jellico.com uses our customers do still get some amount of spam. But that is a heck of a lot better (in my opinion) then the way Verizon has done things. At least our customers DO get their legitimate e-mail from friends and family.
(Excuse my rant here but this entire experience has been frustrating)
Click to find out what it is, why you probably have it on your computer and what to do about it.
Dear user
jellico.com support team.
new Internet worm has been discovered in the wild. It has been
named W32/Mydoom.O worm. W32/Mydoom.O worm is spreading rapidly via
the Internet. W32/Mydoom.O is one more variant of W32/Mydoom worm
series.
The Windows Security Update CD will be shipped to you free of charge. This CD includes Microsoft critical updates released through October 2003 and information to help you protect your PC. Available for Windows XP, Windows Me, Windows 2000, Windows 98, and Windows 98 Second Edition (SE).
Click here to Order the Windows Security Update CD
More information and a removal tool for this worm can be found here .
To: username removed@copperhill.com
Sent: Tuesday, March 02, 2004 11:57 PM
Subject: Important notify about your e-mail account.
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
The Copperhill.com team
Dear user of Jellico.net,
The Jellico.net team
Unknown hackers have unleashed an agile worm that has swept across much of the United States, CNN reported Tuesday.
Dear PayPal User,
Paypal is constantly working to increase security for all of our users. To insure the integrity of our payment network we periodically review accounts. Your account will be placed on restricted status. Restricted accounts continue to receive payments but are limited in their ability to send or withdraw funds. To lift this restriction, you need to complete our credit card verification process. At least one credit card in your account has been unconfirmed, meaning you may no longer send money with this or any other card until you have completed the credit card confirmation process. To initiate the credit card confirmation please follow this link and fill out all fields....
Secondary (Alternate) DNS: 67.130.252.8
http://www.microsoft.com/security/security_bulletins/ms03-039.asp
W32/Welchia Current Warning - Level 4 of 4 - High Risk!
W32.SoBig.F@mm Current Warning - Level 2 of 4 - Increasing