Another virus attempt-get a load of this.

richpalm

Banned
Joined
Jun 21, 2003
Messages
965
Location
Central Pa.
Here is the copy/paste-I did not include the link.


Date: Tue, 13 Jan 2004 10:29:30 -0600
From: Ozell <[email protected]>
Subject: Virus Alert From Your ISP
To: [email protected]
Reply-to: [email protected]
Original-recipient: rfc822;[email protected]


Virus Alert
To:richpalm
From: Internet Virus Department

We have detected a possible computer virus on your computer, You must open the details of the report within 24 hours our we will be forced to shut down your internet service.

Please Click Below Then Press "open" To View The Report




I didn't dare!!!! /ubbthreads/images/graemlins/ooo.gif /ubbthreads/images/graemlins/icon15.gif

Rich
 

Empath

Flashaholic
Joined
Nov 11, 2001
Messages
8,508
Location
Oregon
Something learned from the "I Love You" virus by the virus/worm/trojan community is that you can tempt people into opening an attachment, even if they've heard that they're not suppose to. The "I Love You" virus played on people's desire to find their secret admirer, or simply the need to be told they're loved. Now they're playing on peoples security concerns by pretending to be a Microsoft advisement or other urgent matters; in this case a concern that they might loose their internet provider.

Unless you're expecting an attachment from someone, and you know exactly what the attachment is for, DON'T OPEN IT. A malicious attachment is totally benign, and can't do anything unless it is initiated by opening the thing. Once opened, it can do exactly what it's designed to do, and that's to plant a virus/trojan or worm in your system, and provide a method of initiation every time you boot up.

The simplest and seemingly one of the most effective propagation methods of malicious files is to simply send someone the file as an email attachment, and ask them to run it. All the other attention getting tactics and fancy words in the texts are just the unimportant details. <font color="red"> DON'T OPEN ATTACHMENTS. </font>
 

Silviron

Flashlight Enthusiast
Joined
Jun 24, 2001
Messages
2,477
Location
New Mexico, USA
Better yet, don't even download the crap from the server. Use Mailwasher (or something like it) That will let you preview the messages safely and delete it before any malicious code can even get on your computer.

Also keeps the spammers guessing because it doesn't activate any of the codes that tell them that yours is a valid email maddress.

People who fall for this kind of stupid trick don't deserve to be on the internet. And people who intentionally send virii don't deserve to continue breathing IMHO.
 

Greta

Flashaholic
Joined
Apr 8, 2002
Messages
15,999
Location
Arizona
RE: the "I love you" virus. I got that one way back when. Yep, I opened the attachment. The reason that I opened it was because it was from my cousin. One that I had just recently re-established contact with after some 30 years. In previous emails, he had said he was going to be sending some pictures. So when I saw the email from him, and the attachment, I very happily clicked on it to see the family photos. Mind you, this was years ago before I really even knew much about viruses. The "I love you" virus is one of the ones that emails itself to everyone in your address book... but only if you reboot your computer. Luckily, I didn't reboot and ran down to the computer store and bought Norton anti-virus. The only damage done to my computer was that I lost all of my image files.
 

Empath

Flashaholic
Joined
Nov 11, 2001
Messages
8,508
Location
Oregon
The day the I Love You virus broke, I accessed my work email from home, and received a copy from one of our staff members that I barely even knew by name. I noticed the attachment, and also noticed it carried an extension of vbs. Knowing that was a visual basic script, I also knew that it would do something when initiated. I copied the attachment to a folder, changed it's extension that wouldn't rattle the cage of my virus scanner, and opened it with a programmer's editor. It was then obvious what all it did. I thought, hmmm... "unfortunately, this guy's chosen a pretty effective way of spreading this; this things going to be a problem." I then rechecked my work email, and found that I had received about thirty or more additional ones. The campus network and internet access had to be shut down, until each infected computer could be confiscated and removed from the network. The interesting thing was that everyone on the staff had already been instructed to not open any unexpected attachments, but the nature of the email subject, and the fact that it came from their co-workers and acquaintances let them drop their guard.
 

Charles Bradshaw

Flashlight Enthusiast
Joined
Sep 14, 2002
Messages
2,495
Location
Mansfield, OH
You can also get infested by visiting websites, so be wary. This is why I decided to use linux for my internet surfing and email. Much less likely to get infested. Just a security measure for me.

I am not advocating any OS here, just stating the reasoning for my decision. I use both windows and linux.

In windows, AVG Antivirus from www.grisoft.com (free version) is extremely good at filtering out those pests.
 

Negeltu

Enlightened
Joined
Aug 28, 2003
Messages
724
Location
Oregon, USA
It has more to do with what browser you are using than the OS. As the browser is OS's point of contact...(interface) to the internet.
 

Avix

Newly Enlightened
Joined
Oct 9, 2003
Messages
199
the scarey thing is my ISP used to send out messages just like that, now they just lock out your account if you have a virus.
 

James S

Flashlight Enthusiast
Joined
Aug 27, 2002
Messages
5,078
Location
on an island surrounded by reality
There are some new ones going around. iv'e gotten several very different emails. Including that one. I got another one that claimed to be from the RIAA with a list of the music I was going to be taken to court for sharing. Since I never ran any servers and it was so obviously a scam I didn't feel any need to open the file. But the new ones are getting better at tricking you into opening them. This was a very legal sounding letter telling me how long I was going to prison unless I opened the attachment and handled the list.
 

kakster

Flashlight Enthusiast
Joined
Feb 6, 2003
Messages
1,903
Location
London, UK
If you're on windows, be wary about clicking on links from unsolicited emails also. The .com can also be an executable file extension, and works like a .exe file. Ive never seen one personally, but its one you should be aware of.
 

BB

Flashlight Enthusiast
Joined
Jun 17, 2003
Messages
2,129
Location
SF Bay Area
A few (of many) problems with Windows:

1. So many executable extensions besides the .bat, .com, .exe--you have the automatic associations for various scripts and programs too to worry about (remember the .doc and .xls script files from a decade or so ago?). Now your media player, VBS scripting, MP3 player, Active-X, and any number more....

2. Windows, by default, hides the file extension so they send "virus_list.txt.exe" and you see "virus.txt"

3. HTML and automatic file open/execution by default in Microsoft Outlook Express and others...

4. Avoid installing Freeware (like Kaza, download helpers, search engine tools, games, etc.). Leaves so much spyware and pop-up advertising software on your machine as to make it practically unusable for any real work

Keep your Anti-Virus up to date and don't open attachments unless you know (and how to you know???).

I have been pretty lucky over the years (pretty much Windows and DOS before that on my desktop)--I set my email (text only, do not preview messages) and browser (set to high security, Spybot Search and Destroy, Spyware Blaster, Lavasoft Ad-Aware for IE) to be very paranoid. Plus Zone Alarm software firewall. Use Google Tool Bar to stop almost all pop-up ads.

I have even had some luck un-polluting an acquaintance's computer using the above. It probably only took a few days for her son to make her computer almost unusable (pop-ads, home page hijacking, search engine hijacking, porn-pop-ups, spyware killing performance) just from adding some of those "freeware" programs like Kaza (sp?) and others).

<font color="red">One last warning. If you are on DSL/Cable or other highspeed connection. USE A FIREWALL! And if you don't know what that is or how to use it, get/pay somebody to install one for you (while you and/or a friend watch-learn the basics).

One of the very nastiest problems out there are Child Porn folks that will try and hijack your computer and make it a child porn server. This can send you to jail for a long time and leave you (and your lawyer) trying to prove your innocence. And you won't even know it is there.
</font>

-Bill
 

Bill.H

Enlightened
Joined
Nov 25, 2002
Messages
630
Location
Maine USA
Please Click Below Then Press "open" To View The Report


So there was a link for you to click on? That's the big problem - you're reading HTML formatted email!

DON'T. DO. THAT.

HTML belongs on web pages, not in email or Usenet posts. If people would stop using HTML for email and not use the Windows Address Book, virus problems - and fraud attempts like this one - would be only a tiny fraction of what we see today.

By default AOL and Outlook Express will send HTML mail. Guess what two mailers are used by most internet users? The sad part is most of them don't even know what HTML is, they are non-technical people. Frankly, you shouldn't need a CSc degree to send or read an email, so there's nothing wrong with that. I blame AOL and MS.

You can save yourself a lot of trouble and worry by just avoiding it. Here's a good link that will explain in more detail and tell you how to secure whatever mail program you're using.
 

Charles Bradshaw

Flashlight Enthusiast
Joined
Sep 14, 2002
Messages
2,495
Location
Mansfield, OH
Negeltu, I fail to see your argument as an absolute. The vast preponderence of the worms, trojans, viruses, and other malware circulating on the Internet, only affects Windows OSes. There are a few for Linux and a few that affect Macs.

Yes, I see your argument about browsers. In windows, I don't use IE, except for Windows Update, and use Mozilla for everything else. I don't even have OE installed.
 

Al_Havemann

Enlightened
Joined
Sep 11, 2002
Messages
302
Location
New York City
If your computer savvy enough and willing to pay the price and buy a copy of Virtual PC or VMware then you can have some fun with all this. Here's what I use for browsing when I suspect there may/will be some problems. I also use it for forensics work when there are "delicate" client issues involved and I want absolute security. 70-80% of my computer usage now is inside a VM.

I use VMware but Virtual PC works equally well and is cheaper. Both allow you to create a virtual PC and load any operating system into it that will run on an Intel processor. I loaded Windows XP into a VM. After setting it up, I activated it with Microsoft, tuned it to look and feel the way I wanted it then set the virtual machine to what's called "non-persistent mode" (I'll explain later).

Now I can boot my Win2K machine, a Micron 2.5ghz laptop and start VMware which loads Windows XP. I can run XP in a window or full screen. Now I go do all the browsing, downloading, opening of attachments or any other dangerous behavior. If the machine is infected, pirated, blown away or whatever I just reboot the WinXP VM (a mouse click on the host).

When the VM-WinXP reboots, it discards all changes made to the VM and it's back to the same state as it was when I set it in "Non-Persistent" mode. In other words, every change made to the WinXP VM is gone, every virus, trojan or whatever and it's back to as installed.

A virtual machine is just a folder on the host C: drive but to the VM it looks like its own C: drive. The VM folder can be copied to another machine (it's just a folder, after all) that is completely different from the system it was created on and it will work perfectly.

The reason for that is that VMware and Virtual PC both "virtualize" the hardware creating a hardware abstract layer, the OS in the VM always see's the exact same hardware configuration regardless of what machine it's on.

It's a lot of fun to see exactly what a particular virus or trojan will do, how it works and what countermeasures work best. A VM is the perfect platform for that.

VMware and Virtual PC are very similar in functionality with the edge going to VMware overall. VMware though costs about three times what Virtual PC does.

This stuff's a real gas to play with. Want to run Linux?, do it in a VM. How about old Windows 3.1, Win98, Win95, DOS and all it's various flavors, remember DRDOS (it came from the old CP/M world, and yes, I was even able to load OS/2 Warp, all in a VM, created by VMware running under Win2k on a laptop.

I also use it to test server platforms and configurations. I've loaded Novell NetWare 4.11, 501 and 6.3. All three come up with no problem. The same for WinNT, Win2k, Win2k server, advanced server and datacenter edition, all in VM's. All of them look and perform exactly the same as a real, physical server, all of them hardware abstracted, all portable between physical machines. I can even run several different OS's at the same time on my laptop, subject to performance limitations of course.

The difference between "Persistent" and "Non-Persistent" mode is whether or not changes made to the VM during operation stick. In persistent mode they do, exactly like a real system. In non-persistent mode all changes made to the VM during operation are discarded when the VM is shutdown or rebooted. And yes, before you ask, you can switch the Non-Persistent mode on and off at need.

Al
 

x-ray

Flashlight Enthusiast
Joined
Jul 1, 2002
Messages
1,941
Location
London
Hi Al,

Thanks for VM explanation, I have a few questions:

1. Do attached peripherals (printers / cable modems / networking & general USB gadgets) work ok with VM's ?

2. How well do graphics/processor intensive applications run (compared with running them directly on the host PC's operating system)

3. What about drivers ? (do VM's have their own drivers (sound / graphics etc.) or simply run from the host OS ?

Thanks
 

Charles Bradshaw

Flashlight Enthusiast
Joined
Sep 14, 2002
Messages
2,495
Location
Mansfield, OH
Thanks Al. Good explanation of those two. I happen to use Win4lin Workstation version 4 (soon to get version 5). Win4lin uses its own drivers to go through the Linux drivers. It also fools windows 95-ME into thinking that the linux file system is native windows file system. The difference, is that Win4lin uses a Win4lin enabled Linux kernel. You do need to install your printer driver, and set the to Raw, instead of parallel or USB. Win4lin is for productivity applications, of which, Lotus Smartsuite is an example. Version 4 has no DirectX or any other Direct(whatever) support, while the current version 5 only has Software DirectX support (media player, realone, quicktime). DirectX games won't work. Win4lin does not support USB, while VMWare does.

VMWare is more versatile in what OSes it will run, but, you have to get the correct one for the Host OS. Win4lin only runs on supported Linux distros, or, you can download a generic kernel and compile. VM does have the advantage in the non-persistent mode.

VMware sets up a true virtual machine, while Win4lin does not. Win4lin costs around $90-100 depending on shipment method (electronic or physical). I think that is about the same as Virtual PC.
 

Negeltu

Enlightened
Joined
Aug 28, 2003
Messages
724
Location
Oregon, USA
I didn't say my argument was an absolute /ubbthreads/images/graemlins/smile.gif What I said will hold true in most situations. Mozilla is much more secure than IE. I never said it was fullproof. Where did you think I meant it was an absolute? I've done my own testing and found mozilla to be more secure than IE in most instances. Active X is often the method used to commit malicious acts on another system. Though there is an active x plugin for firebird.....Firebird does not come with it installed. I'm not looking for a silly mac pc...or linux microsoft argument. That's for children. My statement holds true for now.
 

Charles Bradshaw

Flashlight Enthusiast
Joined
Sep 14, 2002
Messages
2,495
Location
Mansfield, OH
Negeltu, I wasn't trying to argue with you, either. It is just that code made to run on one type of OS, won't run on another. Every OS has strong and weak points, as well as Good and bad ones.
 
Top