| |
Site Navigation
Main
News
Forums
Games
Games Database
Top 100
Release List
Support Files
Features
Reviews
Previews
Interviews
Editorials
Diaries
Misc
Download
Gallery
Music
Screenshots
Videos
Miscellaneous
Staff Members
Privacy Statement
|
|
|
|
Myrthos
Spoiler of All Fun
Joined: 07 Jul 2001
Posts: 1926
Location: Holland |
| Being plagued by virus e-mails |
|
For the last few days we are being haunted by virus e-mails. Apparently there are still several who think surfing the internet and using an e-mail client can be done without having an up to date virus scanner running.<BR>
<DIV>We are talking about some 800 virus e-mails a day we are receiving at the moment and we are starting to block IP addresses from those who send them. All these virus e-mails appear to be coming from only a few IP addresses.<BR><BR>
<DIV>Those who are using no virus scanner or not an up to date one. Get proper protection, there are some free scanners out there too. </DIV></DIV> |
Wed Aug 20, 2003 1:45 pm |
|
|
Guest
|
Blocking the IP-ADdresses makes sense. But blocking the sender will punish innocent people becaiuse this specific worm scans websites and E-mail folder for addresses which is also uses as send addresses.
Kay |
|
Wed Aug 20, 2003 1:49 pm |
|
|
Guest
|
Here's how that virus works...
Here's how that virus works:
It infects someone's computer. Then it goes through that email address book and sends out email with the header and an attachment. It will make it appear to the new receiver that you sent it out.
Lets say the infectected computer belongs to a guy named Bob Smith. And from some past contact, your email address is in Bob's list of contacts. The virus grabs your name and sends an email as though it came from you. The new receiver blames you for sending an email with a worm attached.
That's the purpose of the design of the worm... to sow confusion as it spreads. Bob Smith never knows his computer is infected.
The virus also grabs e-maill addresses from the inbox, so if you have one of your emails sitting in someone's inbox on an infected, it'll send out emails on your behalf.
I keep Norton Antivirus updated and running at all times, the prolem is most people aren't that diligent about virus protection, and if your email addy is anwhere on their computer, and it gets infected, it makes YOU look like the one who sent it. GRRR. |
|
Wed Aug 20, 2003 2:08 pm |
|
|
Remus
Overgrown Cat
Joined: 03 Jul 2002
Posts: 1657
Location: Fish bowl |
Which virus/worm?, maybe some info so that we can look out/extra carefull when use/send email? I use AVG scanner and able to detect msblast.exe worm that will shut down Windows automatically in few seconds.
BTW Myrthos, is your email address (use for changing avatar & stuff) still usable?
@To Guest:
Ahh, i see. Isn't many types of virus using that method to spread quickly? |
|
Wed Aug 20, 2003 2:11 pm |
|
|
Guest
|
The one we've been having lots of trouble with here in Ohio is called the 'Sobig.F" virus. The problem with this one is it can slow down infected computers by using them to mail out spam. |
|
Wed Aug 20, 2003 2:22 pm |
|
|
Guest
|
There was an article in the local paper today about the Sobig.f virus. Here are the details.
W32/Sobig.F@mm Explanation of the different characteristics used below.
General characteristics
Type: Worm
Spreading mechanism: Email
Email characteristics:
Subject: Variable
Body:
Variable
Attachment: Variable
Destructivity: None
Detected by virus detection files published: 19 Aug 2003
Virus characteristics first published: 19 Aug 2003 10:22 (CET)
Virus characteristics latest update: 20 Aug 2003 15:44 (CET)
Additional description of malicious program
Type
This is another email and network share worm in the Sobig series. File size is about 72295 bytes, though this may vary some.
Spreading mechanism
The mail will have the following characteristics:
Possible subject lines:
Re: Thank you!
Thank you!
Your details
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Possible body text:
See the attached file for details
Please see the attached file for details.
Possible attachment names:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
When run, it will copy itself to the Windows directory under the name winppr32.exe. It creates the registry keys
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "TrayX"="[WINDIR]\winppr32.exe /sinc".
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "TrayX"="[WINDIR]\winppr32.exe /sinc".
This enables it to run from startup.
Detection and removal
The worm is detected and removed using definition files from Aug 19th 2003 or later.
We recommend, however, that you download and run a special fix for this worm. |
|
Wed Aug 20, 2003 2:27 pm |
|
|
Hamsternator
Guest
|
Symantec have a viruskiller out for this particular pest.
When you've done that, run SpyBot Search and Destroy (and any additional spyware cleaners you may have) - it's a free download, and it works wonders...
Don't be too hard on people for having gotten this virus - it rolled right through most protection out there, updated or not... my wife's PC got hit despite having updated Norton 2003, and friends and family were completely bogged down by spam until Symantec brought out their viruskiller.
It seems to have subsided, so if you're brave, then try unblocking the IP's in a few days, and see if the spam is still coming - my email hasn't been spammed for a day, now. |
|
Wed Aug 20, 2003 3:05 pm |
|
|
Myrthos
Spoiler of All Fun
Joined: 07 Jul 2001
Posts: 1926
Location: Holland |
In addition to the above: You can always see from which PC the virus e-mail was send in the first place. The one listed as the sender is in almost all cases never the one who really did send it.
All relevant information is in the e-mail header, which is normally not displayed. For Outlook Express you can see the real e-mail header, by right clicking on the subject of the e-mail, selecting properties and then the details tab. The information is in the following two lines:
X-ClientAddr: xxx.xxx.xxx.xxx
Received: xxxxxx
The first gives the IP address of the PC with the virus and the second gives the internet address of that PC and it's provider.
We are always plagued by spam and we never had to filter out IP addresses. But this time it was worse then before. When the dust settles we will enable all IP's again.
Here's a link to the virus info by McAfee, including a stand-alone remover:
Hit me!
_________________
Kewl quotes:
I often have an odd sense of humor - Roach
Why quote somebody else, think of something yourself. - XeroX
...you won't have to unbookmark this site, we'll unbookmark you. - Val
Reports Myrthos for making me scared and humbled at the mere sight of his name - kayla |
|
Wed Aug 20, 2003 3:12 pm |
|
|
Halsy
Village Leader
Joined: 18 May 2003
Posts: 84
Location: Toronto |
#1. The SB worm is only affecting NT and 2000 servers through an RPC security flaw.
#2. Sobig is like any other virus email. Don't click attachments from anyone you don't know. It boggles the mind how many people will happily click on anything that they come across.
In 15 years of computing I've only ever been hit with 2 viruses.
_________________
Midget Soothsayer robs bank. Small medium at large. Film at 11. |
|
Wed Aug 20, 2003 4:24 pm |
|
|
Loremaster
Village Leader
Joined: 31 Mar 2002
Posts: 88
Location: Hampshire, England |
In addition to making sure you have up-to-date anti-virus software installed (and at times like this that means running updates every few days) here's a tip that can help you spot when you are infected (and are infecting others).
Make sure the first entry in your address book is something like ABC ( so it is first in the book) with an address such as ABC@avirushasbeensent.net. Of course, no such address exists and therefore if a virus sends itself to all the entries in your address book (or just the first one) you will receive a rejection email telling you that particular email couldn't be sent as it was not deliverable to that address. Get that rejection email and presto, you know you have been sending out infected emails.
I'd also recommend a firewall, whether you are on broadband or not. The idea that you only need that level of protection if your machine is connected to the net 24/7 is nonsense, tests by Norton showed that a worm can find your machine in 5 seconds if it is unprotected.
Lastly, while I know there are those who advocate free anti-virus software, do all remember that "there's no such thing as a free lunch" - in most walks of life you get what you pay for, and I very much doubt that companies/individuals offering free protection have the same resources/backup that Norton and McAfee, for example, can offer (and no, I am not employed by them or anyone else in the industry).
Of course, you could just rely on XP's firewall, for example, but somehow "Microsoft products" and "secure protection" don't seem to go together very convincingly  ! |
|
Wed Aug 20, 2003 6:06 pm |
|
|
duk3m
Guest
|
iŽd like to add _not_ using outlook prevents 90% of mass-mailing viruses  )
(also only had 2 viruses in my life 1. parity bootb 2. lovesan <blush>) |
|
Wed Aug 20, 2003 6:08 pm |
|
|
Guest
|
Are any of these new viruses able to get on a persons computer if they have a dedicated line, but never actually browse anything? I mean literally, never having opened up internet explorer or any other browser. Or does someone actually have to open an email or web site to get the virus?
Is there any way that a virus can be sent to me if someone figures out my ip?
Thanks |
|
Wed Aug 20, 2003 7:53 pm |
|
|
Ozymandias
Leader of the Senate
Joined: 26 Apr 2003
Posts: 319
Location: Otherland |
Avoid Outlook if you can and install an anti-virus program. There are free products out there and I beleive they are just as good as the commercial ones.
_________________
"There is no way around it. Correct is correct. I am correct, therefore I win."
Roqua
Disclaimer: I can not be held responsible for anything whatsoever as a result of you reading this post. |
|
Wed Aug 20, 2003 7:56 pm |
|
|
Draaven Ravensdark
Guest
|
One free av package I know with free updates is from www.grisoft.com |
|
Wed Aug 20, 2003 8:06 pm |
|
|
cfmdobbie
High Emperor
Joined: 01 Jul 2002
Posts: 1859
Location: London, England |
@Guest: Yeah, sorry. Many of these worms just scan IP subnets randomly - using email and browsing web pages increases your exposure, but even without it you're a target.
Get a good firewall, use software that has a good reputation for being secure, don't install untrusted software and keep your operating system up to date.
_________________
Charlie Dobbie
=Member of The Nonflamers' Guild=
=Moderator of the Morrowind/Oblivion Forums= |
|
Wed Aug 20, 2003 8:40 pm |
|
|
|
Goto page 1, 2 Next
All times are GMT. The time now is Thu Apr 11, 2019 3:37 pm
|
|
|
|
|
|
|
