Jump to content
  • Who's Online   0 Members, 0 Anonymous, 1 Guest (See full list)

    • There are no registered users currently online

All About Viruses


Recommended Posts

Someone said on another board...

Since I received the email from "her" (the worm gets into address books and starts emailing it to everyone listed), I am sure she wasn't as lucky as I was.  I sent her an email advising her of this, and haven't heard anything back from her, so that's why I think she may be having computer problems.  In addition, I think I also received one in email from Eileen (didn't try to download this one), and also emailed her to advise her.  She may be in the same boat as Barbie with this, but I think she probably doesn't even know it yet... she is gone out of town this week.  

It's quite possible that neither of them has even seen the email that looked like it came from them.  This virus goes through people's email addressbooks, makes up an email and sends it out - all by itself, with the virus attached.

Here's more info on this:

Viruses come "just because".  No one you know is sending out these viruses.  The virus does it all.  It is sent to people in an address book.  If only 1 of the people in that address opens is, it will send itself to all of the people in that person's address book.  If only 1...

Think what will happen if 2 people open that mail.  It spreads like wildfire.  If you're in the address book of someone who opens this program you will get it at least once in your email.

These programs particularly like Microsoft Outlook.

So, it might appear that person X has sent along an email, but they're not even aware of it.

Something interesting with this - one of my email addresses sent a copy of the virus along to my PianoMary name.  No way would I have sent myself a file like this!

Remember - never, ever download an exe or a zip file even from someone you know unless you're absolutely, positive that they sent you this file.

A good, up to date, virus scanner is a must, too.

From ZDNet, a computer/web oriented site.  URL available on request.

 

Worms--who's the deadliest of them all?
By David Becker Special to ZDNet NewsApril 29, 2002, 4:25 PM PT

The latest fast-spreading versions of the Klez worm have so far infected more than 7 percent of PCs worldwide, surpassing totals chalked up by previous threats such as SirCam and Nimda, according to a new survey by an antivirus company.

Panda Software scanned more than 2,000 PCs around the world and found that 7.2 percent had the H or I versions of the Klez worm, said Patrick Hinojosa, chief technical officer for the Glendale, Calif.-based company.

Considering that the H and I versions of Klez have been in the wild for only a few weeks, that's an alarmingly fast spread, said Hinojosa. "I was pretty surprised at the percentage," he said. "This thing started slowly, but it's proliferating at a tremendous rate now."

The Klez.h worm began spreading about two weeks ago and quickly became the top pest on the Internet. As of midday Monday, e-mail screening company MessageLabs had intercepted 16,700 copies of Klez.h in the past 24 hours, making it by far the busiest bug.

The Klez.i worm is a slight variation on Klez.h that also infects PCs with the Elkern.d virus, which antivirus company Trend Micro ranked as the most active virus Monday.

While neither of the Klez worms is particularly destructive, they pose a security threat by sharing files plucked from infected PCs as they spread.

Steve Trilling, director of antivirus software maker Symantec's security response team, said the Klez worm's use of its own e-mail engine and its unpredictable variation of e-mail subject lines helped the virus spread.

"Whenever we see these threats, it's always a combination of technical and human factors that they feed on," Trilling said. "The human factor is: Does it start inside a company that doesn't have good antivirus protection in place, so it can grab a number of e-mail addresses at the start?"

Hinojosa said Klez.h has also been effective in spreading confusion because it "spoofs" e-mail addresses as it propagates, making it look like an infected message came from a familiar address--one randomly grabbed from an Outlook address book. An infected message can look like it came from a legitimate source, and replies can accuse unaffected PCs of being infected.

"Just watching our traffic here, I've seen several messages supposedly from our tech support that were generated by Klez," Hinojosa said. "I think that contributed to people opening a lot of e-mails that they wouldn't otherwise open, because it looks like it's from somebody legitimate."

Recommendations include running updated antivirus software, making sure the proper security patches are installed for Microsoft Outlook and running a standalone virus checker, such as Symantec's downloadable Klez removal tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Tips on Avoiding Computer Worms

1. Most of the worms which use e-mail to propagate use Microsoft Outlook or Outlook Express to spread. If you need to use Outlook, download and install the latest Outlook security patch from Microsoft. In general, keep your operating system and applications up-to-date and apply the latest patches when they become available. Be sure to get the updates directly from the vendor.

2. When possible, avoid e-mail attachments both when sending and receiving e-mail.

3. Configure Windows to always show file extensions. In Windows 2000, this is done through Explorer via the Tools menu: Tools/Folder Options/View - and uncheck "Hide file extensions for known file types". This makes it more difficult to for a harmful file (such as an EXE or VBS) to masquerade as a harmless file (such as TXT or JPG).

4. Never open e-mail attachments with the file extensions VBS, SHS or PIF. These extensions are almost never used in normal attachments but they are frequently used by viruses and worms.

5. Never open attachments with double file extensions such as NAME.BMP.EXE or NAME.TXT.VBS

6. Do not share your folders with other users unless necessary. If you do, make sure you do not share your full drive or your Windows directory.

7. Disconnect your network or modem cable when you're not using your computer - or just power it down.

8. If you feel that an e-mail you get from a friend is somehow strange - if it is in a foreign language or if it just says odd things, double-check with the friend before opening any attachments.

9. When you receive e-mail advertisements or other unsolicited e-mail, do not open attachments in them or follow web links quoted in them.

10. Avoid attachments with sexual filenames. E-mail worms often use attachments with names like PORNO.EXE or PAMELA_NUDE.VBS to lure users into executing them.

11. Do not trust the icons of attachment file. Worms often send executable files which have an icon resembling icons of picture, text or archive files - to fool the user.

12. Never accept attachments from strangers in online chat systems such as IRC, ICQ or AOL Instant Messenger.

13. Avoid downloading files from public newsgroups (Usenet news). These are often used by virus writers to distribute their new viruses.

Link to comment
Share on other sites

The responses to the original post:

The responses:

Kalanie

Thanks for the info Mary... very good tips.    I did do some more research at Trend Micro's site on this over the weekend, mostly to help Barbie out... her computer is in quite a mess because of some variation of this Kleze worm.  I was very sure that neither Barbie nor Eileen was aware that this worm had been sent out with their email addresses in the "from" line.  I found it interesting how this virus/worm can do that a little more "efficiently" than other previous ones.  The particular one that was sent to me from "Barbie" was the kleze.h worm, and I cannot believe that I tried to download the attachment... just a few minutes before hers arrived, I returned one to Eileen that I thought suspicious, without opening it, asking if she had sent it.  Her reply was that she had not, of course.  BTW, Trend Micro rates the Kleze as fairly destructive.

I use aol as my personal email, but Outlook Express for my work-related email.  I think I will have to make sure I get the latest security patch from Microsoft.  Thanks again.

--------------------------------------------------------------------------------sweetface        

Hi Vickie....I  also got the "Klez" rotten virus from Barbie...I'm sure that she didn't realize it either....She emailed me to tell me that you had contacted her about it...About the time you emailed her, I was fighting it too....I can't believe how ignorant I was not to keep my anti virus updated...Especially with Outlook Express...I'm back up and running now, and free of that horrible virus....Boy, that one was very destructive ! Taught me a valuable lesson in keeping the putor anti virus updated like I should ! Take Care,

-------------------------------------------------------------------------------- Kalanie

Wow, Deb... I am so sorry you had such a time with this worm.  I feel pretty lucky that my AV program picked it up, because I do understand it can be pretty destructive.  The AV program I use gives me a nag screen almost everyday with updates to download, so I don't have to remember to go looking on the internet for updates, like so many other programs I have had in the past.  Good thing I answer that nag screen and do the updates!    

Barbie said something interesting...said her server kept bouncing back your emails to her, talking about the kleze worm, so who knows who got it first, lol.  Just glad you got yours fixed and are back here again.  

Link to comment
Share on other sites

I don't download anything with attachments unless I have made a previous arrangement for someone to send me something attached and then we arrange for a "symbol" in the mail, so I know it's safe.

One tip, I no longer save any addresses to my address book in Outlook Express because the hackers have the ability to pick up names from your address book and E.mail them all. You think you're getting mail from a friend and you end up downloading a virus that wipes out your machine. Case in point, two years ago I downloaded a file attached to an E.mail from Susan Love, I ended up getting the Kriz virus that wiped out my hard drive on Christmas Day. ?When I wrote to Susan about it, she'd never sent the E.mail (sigh). Truly, don't save names to your address book in OE and don't download anything unless you first write to the person (preferably at another E.mail address for them) and make sure they sent you something.

You can't be too cautious and you can't worry about what the other person will think if you don't download their file. If you're in doubt, delete the mail.

By the way, I just this past Thursday lost my entire C: drive. I do regular virus checks. I'm very conscientious (I almost typed "conscious"). The tech people didn't know why my C: drive was deleted, but even with all the virus checks with my Norton Anti-virus program, I'll bet it was a virus.

Dearest

Link to comment
Share on other sites

By the way, I just this past Thursday lost my entire C: drive. I do regular virus checks. I'm very conscientious (I almost typed "conscious"). The tech people didn't know why my C: drive was deleted, but even with all the virus checks with my Norton Anti-virus program, I'll bet it was a virus.

Sounds kind of like my computer last April (March?).  It just stopped working.  They never figured out why, but I keep thinking it was a virus that did it.

Link to comment
Share on other sites

You know, I have an AV program now that is part of a program called, "Fix It".  This is the best AV program I have used to date... I always had so much trouble with Norton, myself.   BTW, my husband was alerted about a virus contained in a jpg file a couple of weeks ago that he was about to download, so I guess people have now figured out a way to get them into jpg files.  Such nasty people in the world.   :(

So sorry to hear about you losing your C drive, Dearest, and I appreciate the information from both you and Mary.  :)

Link to comment
Share on other sites

Ooh, all this stuff scares me, :o I know very little about computers etc, but am learning! I have heard of people having everything wiped from their computers like that, and this is my big worry, mainly due to many mails from my friend who died, which are only stored on the computer,I should print them all off or something I guess.

Link to comment
Share on other sites

Just be careful, Beth.  It's like everything else in life - you know, don't accept candy from strangers.  Don't download things from people you don't know.

If you get a file from someone you know, but there's no email or explaination with it, and you weren't expecting it, ask the person if they sent it before downloading it.

If you don't download it, you can't get the virus.  Just reading an email doesn't give it to you.

Link to comment
Share on other sites

This is also why when configuring the registration for these boards, I made sure your E.mail address would default to "private" so that it wouldn't show when you posted. Of course, everyone has the option when registering or afterward to make her E.mail address public (by going into your profile - click on Profile on the menu at the top). I don't advise it. One never knows who's coming into these boards to pull out E.mail addresses, so my suggestion is to keep yours private!

Power Surge does everything in its power to protect its visitors.

Dearest

Link to comment
Share on other sites

Hmm, thanks for that, no I never would open anything from strangers, my Yahoo account does not accept spam, and I rarely use my AOL one.One the rare occasion I have had something from someone I don't know I have deleted and not downloaded. It is the ones which look as if they are from friends which are the problem, I see that.I take on board what you say about private e-mail, Dearest,I have posted mine here, as my mailbox has a 'block senders' address ' facility, so I figured if I had any unwelcome mail I would block the sender.I realise that this does not protect me from the danger you mention, so think I must remove my e-mail address from my profile.This is a pity, I would not be in touch privately with the 2 people on P-S who I regularly mail but for the address on my profile. :(

Link to comment
Share on other sites

HI, I thought I'd post here, being one of the "culprits", that is my contact list is.  You know at least Vickie remembers opening the email she "received" from me with the zip file, but I don't remember opening anything at all.  

What I thought is that the e-mail addresses just go into contact list automatically (that is without entering details of who they are one by one).  For instance, if I'm included in a forward that someone I know sends me, all the names go there, so from time to time I root them out thinking who the heck is this?

I have a two accounts, the public one is the one I use here and for all commercial sites, like sending cards and stuff - I don't even block the spam since on average I get 200 emails a day, so I just delete them,  With my other server, that's different, I've only recently been receiving junk there and I block all the senders, but they must just change one letter or something, since the same ones come in time and time again.

Thanks, Dearest, Mary and Vickie for all the helpful advice here - my computer is really messed up, but reading here that the worm isn't that destructive and it's danger lies in sharing information, something happened to my computer.

Dearest, that is just awful that you lost the "C" drive, so I hope you had it all recorded and Mary, I remember in March when your compu crashed and with all that info you needed.

Doesn't it just feel just awful, when you know your "computer" is infected (like no-one wants to talk to you lol). Kisses, Barbie xxxxxxxx

Link to comment
Share on other sites

What I thought is that the e-mail addresses just go into contact list automatically (that is without entering details of who they are one by one).  For instance, if I'm included in a forward that someone I know sends me, all the names go there, so from time to time I root them out thinking who the heck is this?

This is why it's good to learn about blind carbon copies or BCC.  I get emails that have been forwarded several times with perhaps hundeds of email addresses on them.  If any of those other people is unscrupulous, they've got access to lots of other names, for whatever purpose they choose.

AOL

In the To: (or CC:) field, enclose the e-mail address(es) of the recipient(s) of the blind carbon copy in parentheses. For example: (AOLMember1, AOLMember2)

You can combine regular recipients and blind carbon copy recipients on the same list.

For example: AOLMember1, (AOLMember2)

In this example, AOLMember2 will see that the e-mail was addressed to AOLMember1, but AOLMember1 will not know that AOLMember2 received a blind carbon copy.

Recipients of blind carbon copies will not see the names of any other recipients of blind carbon copies.

For example: (AOLMember1, AOLMember2, AOLMember3)

In this example, AOLMember1, AOLMember2, and AOLMember3 will each see their name on the e-mail they receive, but not the names of the other two recipients.

As the sender of the e-mail, you will always see all names on the e-mail (even those who received blind carbon copies) -- whether you look in your online mailbox, or your offline mailbox, or if one of the e-mail recipients forwards a copy of the e-mail back to you.~~~~~~~~~~~~~

Outlook Express

To send a basic e-mail messageOn the toolbar, click the Compose Message button. In the To, Cc, and Bcc boxes, type the e-mail name of each recipient, separated by a comma or semicolon ( ; ). To add e-mail names from the Address Book, click the To icon in the New Message window, and then select names. In the Subject box, type a message title. Type your message, and then click the Send button on the toolbar. In the new version of Outlook Express you have to open a new messagethen click on View then click All Headers and you will see the Bcc box.Once you do this the Bcc box will always be there in new messages.~~~~~~~~~~~~~ Netscape Messenger

Adding Addresses to the Address List To add addresses to the address list of your current composition, you can use either or both of the following methods: Select addresses from the results of a directory service or address book search. To launch a directory search, click Address on the toolbar. Click the Address List tab and use your keyboard to type in addresses: 1.Click the Recipient button and from the resulting menu choose a recipient type. 2.Click the blank line to open it for editing. 3.Type addresses, using a space to separate a new address from the previous. All addresses typed on a single line obtain the current recipient type for that line. Press Return to close the line. Multiple addresses will be converted to individual lines.

Recipient Types and What They Mean

An address in an address list can have one of the following recipient types:

ToPrimary recipients of your message. CCCarbon Copy, for secondary recipients. BCCBlind Carbon Copy, for secondary recipients not identifiedto the other recipients, including those in the CC list. Group or DiscussionPosting to a discussion group.

Editing Addresses in the Address List

To edit addresses in the address list of your current composition

1.With your cursor, select part or all of an address you want to edit.

2.Type your correction and press Return.

To change an address's recipient type, click the Recipient button and from the menu choose a different recipient type.

Deleting Addresses from the Address List

To delete addresses from the address list of your current composition

1.With your cursor, select part or all of an address you want to delete.

2.Press Delete to remove the selection. If the line is now empty, to delete the empty line, press Delete again. ~~~~~~~~~~~~~

Eudora

Creating an Outgoing Message  Example test message, ready to send Message Header Outgoing message headers consist of six fields: To:, From:, Subject:, Cc:, Bcc:, and Attachments:. Each field holds a different piece of information. The To:, Subject:, Cc:, and Bcc: fields can be directly edited.

To move the insertion point from field to field, press the [tab] key or click in the desired field with the mouse. When entering information into the fields, use the standard Macintosh text-editing tools provided under the Edit menu. Here is a brief description of the intended contents of each field:

To:The intended recipient's E-mail address, or a nickname you have defined (see the "Creating and Using Nicknames" section). Multiple addresses are allowed, but must be separated by commas.

From:The sender's E-mail address. This is usually your POP account plus your real name. You can use a return address other than your POP account by entering the desired address in the Return Address field of the Settings dialog (Personal Information).

Subject:Brief text indicating the contents of the message. This field can be left blank (though it is a breach of E-mail etiquette to do so).

Cc:E-mail address or nickname of person to whom a copy of the message is to be sent. Multiple addresses are allowed but must be separated by commas. This field may be left blank.

Bcc:"Blind" carbon copy. Like addresses listed in the Cc: field, addresses listed here receive copies of the message. Unlike addresses listed in the Cc: field, addresses listed here do not appear in the message header of the recipients. This is useful when you want to send a copy of a message to someone without everyone else knowing you did so. Multiple addresses are allowed but must be separated by commas. This field can be left blank.

Attachments:List of documents being sent along with the message. Specify these through the Attach Document command under the Message menu (see the "Attachments" section). To delete an attachment from a message, select it and press [delete]. You cannot enter information directly into this field. This field can be left blank. ~~~~~~~~~~~~~

Yahoo Mail

You may send the same mail message to up to 100 people. Just put the recipients email addresses in the "To", "CC" or "BCC" fields as appropriate.

Be sure to separate addresses with a comma. If you do not, the message will be sent, but only to the first person in the field. He will receive a message with a "To:" line containing his name, a comma, and then "UNEXPECTED_DATA_AFTER_ADDRESS@.SYNTAX-ERROR".

Note: Sending junk mail or "spam" will not be tolerated and is a violation of the Yahoo! Mail Terms of Service. Since the "Bcc" field is often used for this, there is a limit of 10 Bcc addresses per message. ~~~~~~~~~~~~~

Hotmail

The 'BCC:' Field"BCC" stands for "Blind Carbon Copy." The 'BCC:' field is used to send a copy of an email message to a person without any of the other recipients knowing it. The address(es) of the person(s) you blind carbon copied are hidden from the other recipients.

Example: If you were to enter these email addresses: 'To:' user_xyz@hotmail.com 'CC:' 'BCC:' TheBigBoss@hotmail.com

Both user_xyz and TheBigBoss would receive a copy of the message, but the header of each person's message would look like the following: From: "Scarlett O'Hara" . To: user_xyz@hotmail.com. Cc: ~~~~~~~~~~~~~

MailCity

To send bcc mail to people listed in your address book:

Click on Write Mail on the left tool bar. Click on the Address Book to the right of the To field. Click the bcc checkbox next to the address(es) you want to send a blind carbon copy to. Click on Mail To at the top of the page.

Link to comment
Share on other sites

Hi Barbie!!  

Well, I will talk to you, gladly.  :)  I am glad to see you posting here again today, and hope you get your computer back in order soon!  

Your comment about addresses automatically going into your contact list... I assume you must be using Outlook for email?  You can change the options in Outlook so that addresses of ppl who send you emails (as well as everyone else who is on that email) do not automatically go into your contact list.  I have forgotten exactly where it is, but I think it is in "tools" or "options" in the Outlook program.  

Take care and hope to see you posting alot here again real soon... we miss you!   :)

Link to comment
Share on other sites

Hi everyone. ?I got the virus email that had Barbie's name on it. ?Unfortunately I opened it and it immediately caused our system to go down. ?Did anyone get a virus email from me? ? My computer has been down for over 2 weeks and I don't think that anyone received an email with my name on it during that time, but I don't know for sure since we have just been online now for about 1 hour. ?Maybe it shut us down so completely that the virus didn't have time to send anything. ?MaryO, Dearest, Barbie, Sylvrymoon, Hedda and a few others are in my address book. ?Let me know. ?I hope it didn't get passed on thru me.

? ? Barbie, I know you didn't send it! ?:) ?When the email said something about system boot, I should have known not to open it. ?I'm glad to see that you're back online again. :)

Link to comment
Share on other sites

Ruth, I don't remember seeing anything from you :)

I have a tendency to delete emails with attached files if I'm not expecting anything - or if the email has no text, or weird text.

Sorry that you had the virus, too.  It would be nice if the people who made these things worked on world peace or some other better use of their time.

Link to comment
Share on other sites

I agree with you Mary. ?It would be a much better world if the people who go to so much trouble to create these viruses would put that much effort into doing something helpful. ?I just can't understand what motivates these people to do this. ?Oh well. ?We got a new antivirus program that has the more recent viruses on it now so hopefully we are safe, at least for a while. ?We also are having mouse driver problems (sounds like a rodent chauffer! ?:biggrin: ?lol ?) so that probably also confused things. ?Anyway, like I said, our system came down immediately and the only times that we accessed anything from our offline files to save them, we did it in Safe Mode, so maybe the virus ?wasn't able to send itself on to others. ?I hope that's the case anyway.

?Thanks for posting all the information about viruses, Mary. ?Actually I don't think that we have Outlook so we probably didn't pass it on. ?:)

(Edited by HippieHeron at 11:44 am on Aug. 5, 2002)

Link to comment
Share on other sites

Hi Ruth...The virus/worm can be picked up and sent from any email program, but Outlook is really susceptible.  The worm came to me via my AOL email, and could have been forwarded from me from any of my address books stored on my computer if my AV program hadn't detected it.  Glad you have an updated AV program now and hope you don't have any more problems!  :)

Link to comment
Share on other sites

  • 2 weeks later...

Hiya:

Again, it seems there's still something crawling around on my computer.  Vickie let me know that she received an e-mail attachment to a message I sent her, but I didn't send anything with the email.  My AV has not detected the attached file "tech.gif" as a virus and quite possibly it isn't (it's just so weird it attached itself).  So if anyone should receive this, albeit automatically, without my sending even an email, don't open it just in case.

Heck, it might just be a case of poltergeist!!! :biggrin:Barbiexxxxxxxx

 

Link to comment
Share on other sites

Well, Barbie, you didn't have to send it.  If the virus got your name before, it can still send out things using your email address all on it's own.

I sometimes get email attachments from another of my own email addresses - and I know I didn't send them to myself.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Members

    No members to show

×
×
  • Create New...

Important Information

By using this site, you agree to our Privacy Policy.