Re: VWarning: forum messages containing a virus

Subject:	Re: VWarning: forum messages containing a virus
From:	europabuilder@ntlworld.com
Date:	Wed, 2 Oct 2002 22:52:45


> David,
>
> Thanks for the warning (this appears to be a particularly nasty little
one) although I believe these aren't actually via the Forum, but they do
appear to be - I haven't received them, although I have received some
others, including one from Jabiru, and one that appeared to come via the
Europa factory.
>
> What the virus appears to do is pick two addresses from the user's emails
and/or address book and send the email to one, supposedly from the other.
That way there is a chance the recipient will trust the email and open the
attachment, given that the recipient knows the 'sender'. It will also get
past a lot of spam filters on that basis, too.

This is an old 'tried and tested, never failing method' that's been going
for quite a while now - never trust attachments.  I remember about a year
ago, I had a serios virus attack which was taking about 80% of my time for a
few weeks - not nice... but educating my  (at the time) 700 users reduced my
workload for virus problems to about 0.1%

> The instances I've had have both had attachments with an .scr attachment -
which is a screensaver file, basically a Windows executable. If anyone gets
an email with such an attachment, just delete the whole email.

One of the best one's I've seen is something like "nakedchick.jpg.
scr" - on some email readers, you won't see the "               scr" bit and
think "cool, I'll check her out"... except it wasn't a jpg file, it was a
scr file -  which is almost ab execuatble file (on M$ based machines).

> Full details are at
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html 
- I note that Symantec have just upgraded the severity based on the number
of occurrences.
>
> This is off-topic, I know, but I hope worthwhile given that Forum
contributors are all at risk of getting these email. I suspect
non-contributing 'lurkers' are safe, given that they can only be reached
through the Forum, and the software strips out attachments before
distributing posts.

Very wothth while - if all forum members get the worm, the forum may get
over loaded and we all know how fragile it is.

Cheers,
Mark.

________________________________
Mark Jackson - +44 (0)7050 645590
europa-builder@ntlworld.com
http://harley.pcl.ox.ac.uk/~mark/Europa

<Prev in Thread]	Current Thread	[Next in Thread>
VWarning: forum messages containing a virus, David Glauser Fw: VWarning: forum messages containing a virus, Fergus Kyle Re: VWarning: forum messages containing a virus, jeremycrdavey Re: VWarning: forum messages containing a virus, europabuilder <= Re: VWarning: forum messages containing a virus, John Cliff Re: VWarning: forum messages containing a virus, John Cliff Re: VWarning: forum messages containing a virus, Peter Saitta AIA Principal Re: VWarning: forum messages containing a virus, Graham Singleton Re: VWarning: forum messages containing a virus, AlanB Re: VWarning: forum messages containing a virus, Richard Holder Re: VWarning: forum messages containing a virus, europabuilder Re: VWarning: forum messages containing a virus, Tony S . Krzyzewski

Previous by Date:	Re: Steve Genotte - Re: Trailer for sale or rent, jeremycrdavey
Next by Date:	Re: Steve Genotte - Re: Trailer for sale or rent, europabuilder
Previous by Thread:	Re: VWarning: forum messages containing a virus, jeremycrdavey
Next by Thread:	Re: VWarning: forum messages containing a virus, John Cliff
Indexes:	[Date] [Thread] [Top] [All Lists]