Charlie Self wrote:
> I just got a file, supposedly bounced back to me as an email I sent that had a
> virus attached.
There is a new virus circulating now called "WIN32/Bagle" that I got our company
system yesterday. The attachment is s script file that had a ".hta" extension.
McAfee came out with an update for their virus software to catch it yesterday as
well (4/28/2004).
--
Jack Novak
Buffalo, NY - USA
(Remove "SPAM" from email address to reply)
On 29 Apr 2004 12:43:27 GMT, [email protected] (Charlie Self)
wrote:
>I just got a file, supposedly bounced back to me as an email I sent that had a
>virus attached.
>
>There was an attachment in the name of the company bouncing it.
>
>I never heard of the company.
>
>I am not about to open that attachment.
>
>Charlie Self
>"For NASA, space is still a high priority." Dan Quayle
One of the other things virus writers do is delve into various aspects of
"social engineering" to attempt to get people to open their dreck.
"Swingman" <[email protected]> wrote in message
news:[email protected]...
> ... if you haven't applied that, you deserve what you get.
Amen...preachin' to the choir there.
> You also have to turn on and permit active x controls to run in html
e-mail, and that's not been default for a few years.
True as well, but you gotta know that people are still running Win9x out
there with little or no patching :) Better safe then sorry.
Rob
http://forums.amateurtermite.com
yawn.
so don't open it, already!
dave
Charlie Self wrote:
> I just got a file, supposedly bounced back to me as an email I sent that had a
> virus attached.
>
> There was an attachment in the name of the company bouncing it.
>
> I never heard of the company.
>
> I am not about to open that attachment.
>
> Charlie Self
> "For NASA, space is still a high priority." Dan Quayle
"Rob Walters" wrote in message
>
> "Swingman" <[email protected]> wrote in message
> True as well, but you gotta know that people are still running Win9x out
> there with little or no patching :) Better safe then sorry.
Yeah, you're right about that. My mother (82) is still running Win 3.11, and
reluctantly upgraded to that. She plays solitaire, types the preachers
sermon for him on Monday, and flatly refuses to budge off of it .. claims
new computers are too fast and make her head hurt with everything that is
going on ... she has a point.
Course, it might be more secure considering there was probably a better
class of programming _way_ back then. :)
--
www.e-woodshop.net
Last update: 4/13/04
online virus scan. its fast, effective, and free.
http://housecall.trendmicro.com/
Your welcome.
"Charlie Self" <[email protected]> wrote in message
news:[email protected]...
> I just got a file, supposedly bounced back to me as an email I sent that
had a
> virus attached.
>
> There was an attachment in the name of the company bouncing it.
>
> I never heard of the company.
>
> I am not about to open that attachment.
>
> Charlie Self
> "For NASA, space is still a high priority." Dan Quayle
I have been getting e-mails from SBC Yahoo indicating that some one has
tried to send me an e-mail with a virus attached. They supposedly caught
the e-mail and request that I ask the sender to resend. Oddly the warning
always e-mail has a 25k attachment. I delete'em.
"Charlie Self" <[email protected]> wrote in message
news:[email protected]...
> I just got a file, supposedly bounced back to me as an email I sent that
had a
> virus attached.
>
> There was an attachment in the name of the company bouncing it.
>
> I never heard of the company.
>
> I am not about to open that attachment.
>
> Charlie Self
> "For NASA, space is still a high priority." Dan Quayle
>
"Swingman" <[email protected]> wrote in message
news:[email protected]...
> "Jim Polaski" wrote in message
>
> > Especially if you use outlook,
> > which is easily infected.
>
> Not that I am defending Outlook, but if you open an virus attachment using
> any e-mail client, or even another program in some instances, you are
likely
> to get infected.
True, but the problem with Lookout and Lookout Exploit is that there are
viruses written that will allow themselves to be executed just by
downloading the message that they are delivered in thanks to security holes
in the OS and/or the mail client. Granted, staying current on your Windows
Updates will help out in that regard.
Also, don't be lulled into the false sense of security that if you merely
"preview pane" an e-mail that you are safe. "Preview pane"ing an e-mail, at
least in Outlook Express or Outlook is pretty much the equivalent of opening
the e-mail by double clicking on it. While _most_ virii require you to open
the attachment for them to perform their infection routine, spammers will
often use a bit of code embedded in HTML that will phone home to confirm a
live e-mail address...and you all know where that will lead.
Charlie, as for the specific worm in question, without knowing more details
(and it's really all academic at this point), it's hard to tell which one
you received. There are four new variants on the loose that have been given
"medium risk" status, meaning they're spreading in the wild. Should be an
interesting summer for the network administrators.
Rob
http://forums.amateurtermite.com
Rob Walters says:
>Charlie, as for the specific worm in question, without knowing more details
>(and it's really all academic at this point), it's hard to tell which one
>you received. There are four new variants on the loose that have been given
>"medium risk" status, meaning they're spreading in the wild. Should be an
>interesting summer for the network administrators.
I am not opening that sucker to find out, but I was more interested in whether
or not the delivery system was getting newer emphasis. In the past few weeks,
I've had supposedly bounced mail show up in my machine at least 30 times. Two
were emails I'd addressed incorrectly. The remainder were from people or places
I have never heard of. Supposedly, I'm protected from these things even if I
download the attachment--got one this evening that has the attachment in the
body of the email, saying that's where my mis-addressed mail is stored. It can
stay there, of course, but I'm beginning to feel about these people the same
way I feel about the mobile boombox types around here and spammers--there
should be an identifying neon sign on their foreheads and an open season.
Charlie Self
"I am confident that the Republican Party will pick a nominee that will beat
Bill Clinton." Dan Quayle
"Charlie Self" wrote in message
> I am not opening that sucker to find out,
That'll defeat 99% of the rascals, and an additional .9% more if you keep
your machine and browser updated with the latest security patches.
>but I was more interested in whether
> or not the delivery system was getting newer emphasis. In the past few
weeks,
> I've had supposedly bounced mail show up in my machine at least 30 times.
Two
> were emails I'd addressed incorrectly. The remainder were from people or
places
> I have never heard of.
That's the latest come on ... the past few months those have increased to
about 30,000 a day passing though just one mail server. For all practical
purposes, our mail servers are there more for the convenience of the
spammers and virus writers than the users. It's getting damned expensive in
both bandwidth and time to maintain these things.
>Supposedly, I'm protected from these things even if I
> download the attachment--got one this evening that has the attachment in
the
> body of the email, saying that's where my mis-addressed mail is stored. It
can
> stay there, of course, but I'm beginning to feel about these people the
same
> way I feel about the mobile boombox types around here and spammers--there
> should be an identifying neon sign on their foreheads and an open season.
That end of the gene pool that makes for idiots, thieves and politicians
keeps getting deeper to make room.
--
www.e-woodshop.net
Last update: 4/13/04
What I want to know is...
Doesn't your ISP have virus detection?
Do you have virus detection?
"Charlie Self" <[email protected]> wrote in message
news:[email protected]...
> I just got a file, supposedly bounced back to me as an email I sent that
had a
> virus attached.
>
> There was an attachment in the name of the company bouncing it.
>
> I never heard of the company.
>
> I am not about to open that attachment.
>
> Charlie Self
> "For NASA, space is still a high priority." Dan Quayle
On 29 Apr 2004 13:45:35 GMT, [email protected] (Charlie Self)
wrote:
>KB8QLR asks:
>>What I want to know is...
>>Doesn't your ISP have virus detection?
>>Do you have virus detection?
>
>Yup.
>
>Is either one going to detect a virus in an unopened attachment, though?
depends on the virus checker and the attachment. if it's a locked zip
file, no. if the attachment is html referencing something like a
trojan or a buffer overrun exploit on some website somewhere the virus
scanner won't get it either.
>Charlie Self
>"I am confident that the Republican Party will pick a nominee that will beat
>Bill Clinton." Dan Quayle
Actually, McAfee does have an option to scan inside zip files.
Renata
On Thu, 29 Apr 2004 14:40:35 -0700,
[email protected] wrote:
>depends on the virus checker and the attachment. if it's a locked zip
>file, no. if the attachment is html referencing something like a
>trojan or a buffer overrun exploit on some website somewhere the virus
>scanner won't get it either.
>
>
On Fri, 30 Apr 2004 07:50:45 -0400, Renata <[email protected]>
wrote:
>Actually, McAfee does have an option to scan inside zip files.
>
>Renata
as can most virus scanners. however, if the zip file is password
protected the scan will fail. some viruses have been circulated lately
inside of locked zip files, with the password attached in a readable
text file. it's a bit of that social engineering... get the user to
run the virus code.
>
>
>On Thu, 29 Apr 2004 14:40:35 -0700,
>[email protected] wrote:
>
>>depends on the virus checker and the attachment. if it's a locked zip
>>file, no. if the attachment is html referencing something like a
>>trojan or a buffer overrun exploit on some website somewhere the virus
>>scanner won't get it either.
>>
>>
"KB8QLR" <[email protected]> wrote in news:LY6kc.14730$gH6.9167
@newsread3.news.atl.earthlink.net:
> What I want to know is...
> Doesn't your ISP have virus detection?
Many, probably even most, ISP's either do not scan incoming mail or
they make it voluntary, which means many people either don't use it
or don't know it's available (Charlie's ISP is AOL, I have no idea what
their policy is). Your ISP is Earthlink, their scan is voluntary.
Regretably, virtually no ISPs scan outgoing mail, which would be
far more useful.
John
"Mike Marlow" <[email protected]> wrote in news:oljkc.7751$g31.3973
@newsread2.news.atl.earthlink.net:
> John McCoy wrote:
>>
>> Many, probably even most, ISP's either do not scan incoming mail or
>> they make it voluntary, which means many people either don't use it
>> or don't know it's available (Charlie's ISP is AOL, I have no idea
>> what their policy is). Your ISP is Earthlink, their scan is
>> voluntary.
>>
>> Regretably, virtually no ISPs scan outgoing mail, which would be
>> far more useful.
>>
>> John
>
> Well John - fancy meeting you here.
Great minds think alike, or something :-)
John
"Jim Polaski" wrote in message
> Especially if you use outlook,
> which is easily infected.
Not that I am defending Outlook, but if you open an virus attachment using
any e-mail client, or even another program in some instances, you are likely
to get infected.
> If you're on a Mac, it matters not. No known viruses in the wild these
> days, only one known "proof of concept" virus showing how to infect a
> Mac via an mp3 file.
A virus writer attempts to maximize impact by writing for the most
ubiquitous platform, that pretty well excludes Mac's from the biggest
infestations, but any OS can be subject to security problems/ viruses and
that is why there is anti-virus software available for Mac's as well.
Just a little 'anti-spin' counterforce .02
--
www.e-woodshop.net
Last update: 4/13/04
In article <[email protected]>,
[email protected] (Charlie Self) wrote:
> I just got a file, supposedly bounced back to me as an email I sent that had a
> virus attached.
>
> There was an attachment in the name of the company bouncing it.
>
> I never heard of the company.
>
> I am not about to open that attachment.
>
> Charlie Self
> "For NASA, space is still a high priority." Dan Quayle
Charlie what you got is a virus that came via someone who has an
infected PC. They have your email address and when they got infected,
the virus mined their email list to send the virus to other users.
That's how the viruses are propagated. The virus writer then hopes you
open the attachment and get infected. Especially if you use outlook,
which is easily infected. Then your email list is mined and everyone you
know gets an email just like you did.
And so it goes...so don't open the attachement, OR ANY ATTACHMENT unless
it's from someone you know and even then, run updated virus protection
if you're using a PC.
If you're on a Mac, it matters not. No known viruses in the wild these
days, only one known "proof of concept" virus showing how to infect a
Mac via an mp3 file.
--
Regards,
JP
"The measure of a man is what he will do
while expecting that he will get nothing in return!"
On 29 Apr 2004 12:43:27 GMT, [email protected] (Charlie Self)
wrote:
>I just got a file, supposedly bounced back to me as an email I sent that had a
>virus attached.
>
>There was an attachment in the name of the company bouncing it.
>
>I never heard of the company.
>
>I am not about to open that attachment.
Common. Is the filesize around 41.8Kb give or take? Easy to spot.
I've advised people for dcades on this sort of thing. Look for them
even from "friends' who can inadvertently send one. Make sure there
is reference to the file, size and name and intent, in the body of the
email, or chuck it. You can reply to a friend first to enquire before
deleting out of hand.
Delete from your trash folder as well! There are programs to *really*
delete files, but you have to have some fair experience with computers
to use them effectively, knowing where and how some files are stored.
Dan.
John McCoy wrote:
>
> Many, probably even most, ISP's either do not scan incoming mail or
> they make it voluntary, which means many people either don't use it
> or don't know it's available (Charlie's ISP is AOL, I have no idea
> what their policy is). Your ISP is Earthlink, their scan is
> voluntary.
>
> Regretably, virtually no ISPs scan outgoing mail, which would be
> far more useful.
>
> John
Well John - fancy meeting you here.
--
-Mike-
[email protected]
"Rob Walters" wrote in message
> "Swingman" <[email protected]> wrote in message
> news:[email protected]...
> > "Jim Polaski" wrote in message
> >
> > > Especially if you use outlook,
> > > which is easily infected.
> >
> > Not that I am defending Outlook, but if you open an virus attachment
using
> > any e-mail client, or even another program in some instances, you are
> likely
> > to get infected.
>
> True, but
Not "but's" ... it _can_ be written and desiminated to happen as stated
above.
> Also, don't be lulled into the false sense of security that if you merely
> "preview pane" an e-mail that you are safe. "Preview pane"ing an e-mail,
at
> least in Outlook Express or Outlook is pretty much the equivalent of
opening
> the e-mail by double clicking on it. While _most_ virii require you to
open
> the attachment for them to perform their infection routine, spammers will
> often use a bit of code embedded in HTML that will phone home to confirm a
> live e-mail address...and you all know where that will lead.
That's an Active x variant that a patch was available for as late as October
... if you haven't applied that, you deserve what you get. You also have to
turn on and permit active x controls to run in html e-mail, and that's not
been default for a few years.
--
www.e-woodshop.net
Last update: 4/13/04
Charlie,
Any returned email daemon these days is most likely a virus or Trojan horse.
I've been getting several returned emails also - just delete them and make
sure your AV program is running and up to date.
Bob S.
"Charlie Self" <[email protected]> wrote in message
news:[email protected]...
> I just got a file, supposedly bounced back to me as an email I sent that
had a
> virus attached.
>
> There was an attachment in the name of the company bouncing it.
>
> I never heard of the company.
>
> I am not about to open that attachment.
>
> Charlie Self
> "For NASA, space is still a high priority." Dan Quayle