Gossamer Forum
Quote Reply
Virus Alert!
Well I just checked my emails and some cheeky chappy had sent the following to my WiredON address:

>>
----- Original Message -----
From: webmaster <webmaster@luvshades.com>
To: <support@wiredon.net>
Sent: Saturday, August 18, 2001 2:52 AM
Subject: Rescued Document


Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks
<<

Would you have guessed, the attachment was an all so convincing..."Rescued Document.doc.com" - 157kb

Well just for fun I decided to download it to my pc and scan it - the virus it contains is...

W32.Sircam.Worm@mm

So just warning you all - don't bother opening the attachment if you receive it Smile

...ugh...some people.....you'd think they'd realise that no-one is going to open a .com...well obviously some people do or viruses wouldn't spread!

I was kinda hoping for non-binary code so I could drag it into Notepad and take a look Smile

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
Mail log entry:

Code:
Aug 17 21:40:47 www sendmail[9111]: f7I1eis09111: from=<webmaster@luvshades.com>, size=213712, class=0, nrcpts=1, msgid=<2001081801$
Aug 17 21:40:47 www sendmail[9113]: f7I1eis09111: to=<support@wiredon.net>, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=2430$
I'm assuming luvshades.com has been used as a relay?

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
That virus has been around for a while now... Someone's even posted it here already :)

Infected people email people in their address book random documents on their hard drive. I hear it can do other funky stuff too.. like formatting your hard drive (if you're lucky).

Adrian
Quote Reply
Re: Virus Alert! In reply to
Yeah,

I get a couple of these emails every day. I have Norton Antivirus just delete it all for me. It'd be good if Outlook had some built in anti virus to stop people new to the net spreading these viruses.

Michael Bray
Quote Reply
Re: Virus Alert! In reply to
Adrian:

Yeah, I read about it a few weeks ago but I think this is the first time I've received an email virus so was excited...in a sad kinda way Smile

Michael:

I use my server's built in protection - I can get it to bounce files with certain sized attachments and also luvshades.com is blocked now :)

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
M$

plain and simple :-P

**************************************
on the pages in between ...
Quote Reply
Re: Virus Alert! In reply to
You would think people could find better stuff to do in their time, instead of writing stupid viruses! Frown I have had this email over 100 times now, one of the attachments was over 3Mb!

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Quote Reply
Re: Virus Alert! In reply to
I believed that flood was over. Haven't received any of these since more than a week.

Thomas
http://links.japanref.com
Quote Reply
Re: Virus Alert! In reply to
I'm not getting as many now, but I am still getting them. At least you don't catch the Virus unless you open the attachment... *phew* Smile

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Quote Reply
Re: Virus Alert! In reply to
OK, I know that this thread is targetted at email viruses but what about Code Red II ?

How are you M$ foks holding out? Me, I'm OS X so, so far I'm sorta safe .... but my DSL router is taking a nice beating, that has slacked off finally.

Also, here's a link to a ekkk a mac site.

http://maccentral.macworld.com/storyforum/forums/2001/08/17/codered/?read=61

One person has taken a different somewhat not legal approach to offenders. :-) send back code to shut down the twit server. Not nice, but should get the admin's attention.

I keep getting hit by Chinese and Korean servers. Not something to play games with.

Why don't you just send it back? I do that with all my junk mail -- if it's html things I send 3. NO response, No comment, just return it. After that they basically stop, I guess it makes them think ??? or the email might have automatic shut off code built in somewhere ???



just a thought.



**************************************
on the pages in between ...
Quote Reply
Re: Virus Alert! In reply to
Paul, FYI, any program with the extension .com is executable and windows will automatically run it if you double-click it. Just to let you know.

Later,
Paul

http://www.fullmoonshining.com for Pearl Jam Fans
Quote Reply
Re: Virus Alert! In reply to
Yep I knew that - thats why I didn't click on it and why I said I was hoping for non-binary code so I could take a look....like I did with the "I love you virus" Smile

...however once downloaded to my pc it changed to .DAT

You should NEVER open .com .bat .vbs .exe from someone you don't know, or even someone you do Smile

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
I figured you probably did, just making sure, alot of people don't.
In Reply To:
You should NEVER open .com .bat .vbs .exe from someone you don't know, or even someone you do
Totally agree. There's a cool program over at http://www.analogx.com/...d/system/sdefend.htm that will throw up a prompt asking if you are sure you want to run this program when you double-click a .vbs extension, as well as some others. It can also be configured to add more.

Later,
Paul

http://www.fullmoonshining.com for Pearl Jam Fans
Quote Reply
Re: Virus Alert! In reply to
As long as you have anti-virus software installed then it will halt the system anyway if you click on an infected file, but I suppose an extra tool can do no harm.

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
Are you talking about the antivirus program running in the background, like norton's autoprotect. I prefer not to have that sort of software running. The program I was refering to registers itself in the registry as the default program to run when the extensions you have configured in it are double clicked. So, no program is ever running wasting resources. Unless there is some antivirus software out there that does this sort of thing. I hadn't heard of any of them doing it, I could be wrong though. I've just heard about things like autoprotect.

Later,
Paul

http://www.fullmoonshining.com for Pearl Jam Fans
Quote Reply
Re: Virus Alert! In reply to
I get best part of 5 sircams a day. If you remove mailto: links from the site they stop generally.

Quote Reply
Re: Virus Alert! In reply to
Thats the weird thing - I have absolutely no mailto: links on my site, only cgi contact forms.

It is either someone I know, some who dislikes me or someone who has gotten my email address from another site or some sort of list or something.

If I do use a mailto (which is VERY rare) I use:

Code:
<script language=javascript>
<!--
var linktext = "Contact Us";
var email1 = "support";
var email2 = "wiredon.net";

document.write("<a href=" + "mail" + "to:" + email1 + "@" + email2 + ">" + linktext + "</a>")
//-->
</script>
.........but I've not used that for ages....all cgi at the moment.

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
He is one that I got just today.. actually a couple days ago but haven't had time to check it.

-----
Date:   Sat, 18 Aug 2001 17:23:09 -0700
From:   "ROBIN GARNER" <rgarner@tfnisp.com>
To:   webmaster@indianawebsites.com
Subject:   RICK
------------------------------------------------------------------------
Part: 1
Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks


------------------------------------------------------------------------
Part: 2
Attached File: RICK.doc.pif
-----
Seems like the same text message just different file name and different email address.

Just FYI peoples... Smile



Jeremy Kerr
http://www.indianawebsites.com
Quote Reply
Re: Virus Alert! In reply to
Yeah, from reading a a website (think it was Nortons) there is a bit about what it does.

Apparently it searches your hard-drive for .doc files, and if it finds one, sends it to them. If it doesn't, it will search you .exe files, and send one of them. One of the attachments I got was EditPad.exe, which was over 3mb Frown The subject line also changes to the name of the file to try and make it harder to pick up!

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Quote Reply
Re: Virus Alert! In reply to
There seem to be more hazards waiting. Read that short thread on worms that download from web sites => http://www.webhostingtalk.com/...e&threadid=18899

Thomas
http://links.japanref.com
Quote Reply
Re: Virus Alert! In reply to
how about this method ????

http://www.workingmac.com/john_siracusa/35.wm

**************************************
on the pages in between ...
Quote Reply
Re: Virus Alert! In reply to
Is the .wm extention dangerouse, or is it just an info link??? Just incase people don't click it and then get the Worm Wink

Andy

webmaster@ace-installer.com
http://www.ace-installer.com
Quote Reply
Re: Virus Alert! In reply to
The link QooQ gave is fine.

If he wanted to give you a virus he would't make it tha obvious..lol

Mods:http://wiredon.net/gt/download.shtml
Installations:http://wiredon.net/gt/
Quote Reply
Re: Virus Alert! In reply to
i have been getting several of the same emails, just dumping them as they come in.

Quote Reply
Re: Virus Alert! In reply to
youradds,

I would never do anything to harm these forums or through the forums since I owe way too much to people here who have helped me. I might hold personal opinions but that's it.

.wm extensions ?? never heard of them before today. the beauty of mime types. But I'm sure .wm is much safer than .asp or the up and coming .net by M$


The only thing is that link points to a Mac OS X solution. You might be able to run it straight on other unix based systems.


good luck and sorry if I didn't explain the link a little more.

**************************************
on the pages in between ...