[va-bird] Re: recent messages with viruses
- From: Katrina Knight <kknight@xxxxxxxx>
- To: va-bird@xxxxxxxxxxxxx
- Date: Tue, 09 Dec 2003 15:00:48 -0500
At 10:33 AM 12/9/03 KurtCapt87@xxxxxxx wrote:
Let me note for all that I do not have a hotmail account. And never
had one. If you see a message that purports to be from kurtcapt87
using a hotmail account, do not open it.
Various viruses work in different ways. The one involved here
obviously picks a message that the infected computer had received at
some point in the past and attaches its dirty work to that. Viruses
sometimes pick one address that they find on the infected computer
for the from: address and one for the to: address. Another method
they use is to take the ID part of the address from one address and
the domain name part from another address and use that in the from
header. This appears to be one that does the latter. It will probably
pick a different combination and a different old message for each one
it sends out.
From notes sent to me from a few people, it appears that the
criminal sending these messages (and yes, it is a felony) is
targeting selected individuals. I am not sure what can be done,
but, if you get one of these messages, contact your ISP and ask for
their help. Perhaps others with more savvy out there can suggest
other approaches.
Tracking down which ISP the message was sent through may do more good
then telling your ISP. Sometimes that can be done, sometimes it
can't. That depends on whether the virus is one that uses the
infected computer's default SMTP server or whether the virus is its
own SMTP server. If an ISP's server is being used, that ISP can track
down who is sending the infected messages from the information in the
full headers of the sent messages. Some ISPs will bother to do so,
some won't. On one occasion, I had to resort to getting my ISP to
apply pressure to another ISP to stop someone with a virus who was
sending me several copies of a large infected file every few minutes.
It stopped within minutes of my ISP talking to the other one.
Although my home and work computers are fully up to-date with Norton
anti-virus programs, I take further precautions as added
insurance. This is because both machines had been infected over two
years ago.
* I do not open any mail from people I do not know if the subject
line is not sensible or related to my activities.
When a message appears to be from a mailing list you subscribe to,
and quite possibly from someone on that list whose name you
recognize, that's a problem. As the earlier poster suggested, setting
up your email program to filter mail that is really from the list to
a separate location makes it easier to notice the faked messages. If
your email program lets you filter on a header of your choice instead
of just to:. from: and subject:, set it up to look at the X-list:
header for "va-bird". That is always going to be the same for every
message sent to this list, and no message sent by anything else
should ever have it. Doing something like looking for the [va-bird]
tag in the subject line won't work for this purpose because the virus
can just use the subject line of a prior message, including that.
* I do not open any mail without a subject line.
Inexperienced users fail to put anything in the subject header fairly
common, and most viruses do put something there. They want you to
open them after all. Messages with missing header information should
definitely be looked at with suspicion though.
* I never reply to spam.
Replying to random spam is generally a very bad idea. Replying to
non-random, unwanted commercial messages can sometimes be a good idea
if you don't want to get any more messages from that source. Knowing
whether the company sending the spam is reasonably legit or not makes
a difference there. When in doubt, don't reply. Replying to spam is
generally not what causes you to get viruses though. It just
(usually) causes you to get a lot more spam.
* Messages with attachments are never opened unless I am expecting
such.
Always a wise idea.
It isn't a bad idea to run a virus-checker on any attachment before
opening it, even if you are expecting something.
Other suggestions:
Not using Outlook Express is one of the best ways to avoid getting a
virus. Outlook can be a problem that way too, although newer versions
are generally more secure than older versions. MS has a tendency to
release internet programs with too many security flaws and
virus-writers tend to target MS programs because of those flaws and
because they're widely used, which gives them the most bang for their
buck in their quest to spread their nastyness.
Change the Windows default setting that tells it to hide file
extensions in the Windows Folder options. VIrus writers use this
"feature" to make you think that a file has a "safe" extension when
it doesn't by giving the file a name like this: FileName.jpg.exe. If
your computer is set to hide known extensions, that ends up looking
like it is a harmless jpg graphic.
Use a firewall that is set up to alert you when new programs try to
contact the internet. This can quickly alert you if a virus is trying
to send messages other than through your default email client, or if
it is trying to send information elsewhere.
I hope that no one gets infected and that this criminal is soon
caught.
The one who wrote the virus? Not likely. Very few virus-writers get
caught. The person responsible for actually sending the infected
messages is probably just an inexperienced computer user who doesn't
know how to avoid getting infected.
Keep your software up-to-date - make sure you frequently check for
security updates to your OS and any software that is used to access
the internet. Also make sure your anti-virus software is frequently
updated with new virus definitions.
Note that some viruses are transmitted over the internet connection
rather than just via email.
At 11:57 AM 12/9/03 Martin, Janet wrote:
I'm not 100% sure about the FCC but it could be worth a call - they
might
put you on to who could help. Especially if it seems to be a very
specific
virus attack - I would think that could be traced more easily than
some of
the large general attacks that make the news.
This is quite unlikely to be a specific virus attack. It is almost
certainly just a matter of a list member being infected with a virus
and sending out infected messages to other people without knowing it.
(The description of what is happening fits one of the viruses that
was going around a lot several months ago, although I forget which
one that was.
And to include at lest a few on-topic words here, it looks like I'm
going to be doing four counts in Virginia over a space of 8 days this
year, then a couple of later ones in Pennsylvania. Am I trying to
punish myself? I'm looking forward to seeing lots of finches this
year. I did a little birding at Woodpecker Ridge Nature Center
(Troutville, Botetourt County) last week during a quick trip to
Virginia for other purposes, and there were Purple Finches all over.
I had 43 together at one set of feeders at one point, and there were
obviously a lot more than that in total. People have been seeing Red
Crossbills go through here in PA, so I'm hoping maybe some of might
show themselves to me in the mountains on the Peaks of Otter Count,
or maybe even one of the others.
--
Katrina Knight
kknight@xxxxxxxx
Reading, PA
You are subscribed to VA-BIRD. To post to this mailing list, simply send email
to va-bird@xxxxxxxxxxxxx. To unsubscribe, send email to
va-bird-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field.
Other related posts: