Virus Warning

[Charlieje (imported)]

I hate to do this after Andrew went to all the trouble to lighten the mood (thanks, Andrew, that story was COOL!) but I thought everyone on this site should be aware.

I received an infected email msg this morning... one of those ones that automatically send themselves to everyone on your address list. I am posting this info here because I am pretty sure it came from someone who has at least visited this board.

I am not complaining, not looking for a confession or an apology because I realize these things happen. I merely want to make everyone aware. It did no harm on my system... I was suspicious of it and ran a scan and sure enough, my trusty Norton AV set off the alarms.

The reason I think it came from someone on this board is that I set up a special email account that is ONLY used for response to my stories. The address is eucharlie@nc.rr.com, and that is where the virus appeared. So for anyone here who has that address in your address book, I suggest you check your system for viruses.

Again, this is NOT an accusation or criticism, I just don't want to see anyone's system trashed.

[Paolo]

Everything's fine here. Of course I haven't received anything FROM you with any kind of attachement either.

Recently I encountered an odd problem with a virus or something. I was downloading email from my cousin when suddenly my NAV crashed. The typical invalid page fault in module la la la ... oddly enough, when I closed it, the NAV icon stayed on, but the program wouldn't open up. Upon hitting CRTL ALT DEL, I found in the task manager box that NAV was indeed NOT running. I tried to restart it by using the START PROGRAMS menu, and the computer froze.

I figured a hard boot was in order. So, naturally, I smacked it. This usually slams it into the wall and causes a reboot. After rebooting, everything seemed fine. Sure enough, launched Outlook Express and/or Netscape mail, and it did it again!

I posted a note to Symantec's website, and they claim to have never heard of the problem. However, after asking around, I found 3 other people here in the neighborhood with the same problem. Funny that after I posted the note on the Symantec / NAV boards, I had a live update that night and the problem went away.

I am using NAV 2002 (8). My neighbors all have 2001 (7). One other person here, farther off, has 8. I recal reading a story onlnie somewhere about the same time, although I don't recall where I read it, about this being a small virus that does two and only two things : it comes in, propagates to your address book, then crashes NAV while making it LOOK like it's running so any other virus can enter.

My uncle got the most interesting Magister virus from it. It made his desktop icons run away from him. You could chase them all over the screen with the mouse and never catch them!

My recommendation is that you keep anti-virus software up to date and don't open email from strangers. If the attachement isn't a picture file ... such as JPG, BMP, PNG, PSD, TIF (refer to your imaging programs for a full list), as image and sound files CANNOT carry viral payloads. MP3 and WAV & MPG cannot do this either. HOWEVER, thanks to the way Uncle Bill had MS WORD written, DOC, RTF and TXT files can do plenty of damage, as can SCR and VBS files, not to mention EXE files. So can malicious scripting at a webpage. Beware of any file that end in something like .JPG.COM.

If anyone else has any other strange things going on, or tips, please share them with us. Share the description, rather, not the problem ...

[Charlieje (imported)]

Paolo,

I have to disagree with you on one point. There are some viruses, so I am told, that merely previewing them will infect you, like it or not, especially if you are using Outlook or Outlook Express. There is a "hole" in those mail clients that can be plugged with a patch available from Microsoft.

The virus I encountered this morning was one of these. Its name is W32.KLEX.E. According to Symantec, merely previewing this email could infect you.

I do not have the same problems as many email users because I do not use mainstream email clients. I use a product called PMMAIL, a throwback to my OS/2 days. It is a good program, and one of the benefits of it is that it is not susceptible to all the pitfalls of most viruses.

Ok, all of the above just to say simply that we all need adequate protection against these viruses.

[Sexless (imported)]

Any attachment that I e-mail automatically goes through a Norton Virus Scan. I don't believe that I have sent any attachments to this site. I very much appreciate the warning. I hope everyone here is as careful.

[talula]

I know of teachers that won't accept homework from students if it is on disk. This is difficult if it is a computer programming class.

tal

[haltlos (imported)]

That "Preview-Problem" is a general design flaw, if you want to say so.

You have to be aware that what's called "preview" means indeed "view". (... because there's no other way to accomplish it but to "open" the mail.)

Therefore it's always better to just switch that prewiew OUT, so that you have to open every email you want to read by hand.

This is done qiete easiely in Outlook (3 klicks) but I don't know the english menu names.

Then it's also interesting that a Email's contain only TEXT (even pictures are encoded into pages and pages of letters) and that with any decent mail-client you may also look at that TEXT (source code) by, for example (outlook), right-clicking onto a mail and choose "properties".

That will look something like this:

Return-path: <RBB-83_stpt-267036@eros.stoen.net>

Delivery-date: Sun, 10 Mar 2002 21:17:47 +0100

Received: from [xxx ] (helo=xxx)

by xxx with asmtp (Exim 3.33 #4)

id 16k9lL-0006p6-00

for xxx ; Sun, 10 Mar 2002 21:17:47 +0100

Received: from buddha.stoen.net ([209.164.21.228] helo=stoen.net)

by xxx with smtp (Exim 3.33 #4)

id 16k9lK-0007gA-00

for xxx ; Sun, 10 Mar 2002 21:17:47 +0100

Received: (qmail 27788 invoked from network); 10 Mar 2002 20:13:53 -0000

Received: from unknown (HELO stoen.net) (209.164.21.226)

by 0 with SMTP; 10 Mar 2002 20:13:54 -0000

Message-ID: <1015789664.17319@eros.stoen.net>

Content-Transfer-Encoding: 8bit

Content-Type: multipart/alternative; boundary="_----------=_101578966417319"

MIME-Version: 1.0

Date: Sun, 10 Mar 2002 PST

From: Privacy Protection <editor-0212@rb-primary1.rboen.net>

To: xxx

Subject: YOU'RE BEING WATCHED!!!

Envelope-to: xxx

This is a multi-part message in MIME format.

--_----------=_101578966417319

Content-Length: 1904

Content-Transfer-Encoding: 8bit

Content-Type: text/plain

YOU'RE BEING WATCHED!!!

Your Internet activities are being recorded.

Every picture you've seen is copied to your

hard drive, every website is recorded in a

secret file in Windows.

[... and so on and on]

The cryptic messages at the top are not uninteresting if you know how to read them, but there you also have the TEXT of the message!

Ready to be read without opening. (well, without having outlook open it and interpreting (and executing) everything that is written there).

That's what I* would call a preview!

But then btw, I have true respect for anybody who is able to write a stable and working AND unsuspicious virus for that M$-platform.

Hell, many regular programs find it difficult to run on my machine... *GGG

bis bald

gus

PS: Be also aware that most LINKS in avertising letters are formed like this:

http://www.something.net/stpt.html?U=267036&L=44

That means: Not only an adress but also a unique number that your browser sends when looking for that page.

By that way one can connect your visit there with the email (-adress) he send (used).

(Solution? Try "copy link location", paste it in your browsers adress bar and cut away everything suspicious from the end.

I mean, IF that offer is really so great...*g)