Job Discussion Forums

[patchwork]

if you get an email from that address with the title Hello! and it has an attachment, delete it. It's a virus.

[sperling]

The virus is NOT from me because I'm on a virus-free Mac. Almost all viruses, however, spoof the sender's email address, making it almost impossible to trace the actual person carrying the virus.

This article is helpful:

Technology - AP
New Computer Virus Clogs E-Mail Inboxes
Tue Aug 19, 5:09 PM ET

Add Technology - AP to My Yahoo!

By RIVA RICHMOND, Dow Jones Newswires

NEW YORK - A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm.

The new virus, named "Sobig.F" by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.


MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day.


"It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said.


The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time.


The e-mail message that carries Sobig.F has the subject line "Re: Details" and the message "Please see attached file for details." If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected.


The virus will then send itself out to names found in the victim's address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.


Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.


The Blaster worm is still at large. It uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site on Saturday proved harmless.

[lajzar]

[migo]

Yep, and they can still pass Windows viruses on even if they're not harmful to the Mac.

Also, that article was not helpful at all as it didn't address email spoofing or the Hello! subject line.

[patchwork]

hi Dave,

I wasn't implying it was from you. However, I don't have that email address in my address book, which is why I wanted to make sure no one else opened it (especially those who do).

good article.

[sperling]

1. I do run anti-virus software.

2. I'm on Mac's older operating system (OS 9), which has not been hit with a major Internet virus.

3. It doesn't matter that you don't have my email address in your address book .... the sender does.

4. More at:

Why I'm not Sending your a Virus
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5128975.html

Virus Email Subject Lines
http://www.cockeyed.com/citizen/viruses/virus_subject_lines.html

All the best,

Dave Sperling
Founder
* * * * * * * * * * * *
Dave's ESL Cafe
http://www.eslcafe.com

[The Great Wall of Whiner]

Dave, could you please re-post the second link?

The auto-sensor *beep*ed it, and I'm not that great at ESP (yet).

-GWoW

(PS)

Plus, if you do, it'll get you to 100 posts

[Ludwig]

First, I doubt very much if it is a virus; it is more likely a Trojan. Second, it does not come from that particular account (though it may well stem from a zombie PC). Rather it simply reads the (usually, most frequent) addresses that messages have been sent to from your account (this works best on web-based email packages) in your email software and then inserts names and addresses from that selection in the 'from' section of the message received. This is in the hope that: i) that alone will allow the email through any email anti-virus software you may be running (somewhat astonishingly, many set their software up in a way that messages and attachments from a 'trusted list' are not scanned), and, ii) you will be more likely to open any attachments or click on any links within the email manually without performing the required checks.

[Stephen Jones]

Because our faculty email address is on the net, and obviously in thousands of peoples address books (since messages replied to automatiocally get entered) I get about thirty spam messages a day (one third of which are viruses).

A single one from the poster is nothing to be surprised at. For a good free anti-virus go to www.grisoft.com and download AVG6.0 I've used it for five years now and it has never failed to detect a virus.

Next get a firewall. If you have installed Windows XP service pack 2 you will have the XP firewall turned on by default. You can turn on the XP firewall anyway if you have XP. It doesn't stop outbound connections though, and I turn it off and use ZoneAlarm; you can download the free version from www.zonelabs.com To give you an idea of the necessity of a firewall, I have a dial-up connection, and thus do not have a static IP exposed to the internet. I still get around a hundred illicit attempts to enter
my machine every hour. If you have cable or DSL expect an intrusion attempt every two or three seconds.

And finally, if you get a message tellint you that any message with a given subject line will automatically drain the battery on your mobile phone, destroy your hard drive, post obscene pictures of your baby sister on the internet or whatever, that the virus can't be detected by any anti-virus vendor, and that you should pass this message on to everybody, then delete the message. It's a chain letter. Http://www.vmyths.com will give you a list of the most common.

[migo]

I've had AVG fail to catch several which is why I switched to Nod32. For free AV programs Avast is probably best.

[Ludwig]

I had a few PMs regarding my reference to 'zombie' PCs. Here is a link that will set you off in the right direction:

http://www.usatoday.com/tech/news/computersecurity/2004-08-30-cyber-crime_x.htm

[Stephen Jones]

Dear Migo

How often do you download updates? I do so daily and so far AVG has caiught every single virus, and not found any false positives.