e-mail virus - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 9 (permalink) Old 09-20-2003, 12:34 AM Thread Starter
Banned
 
sig239's Avatar
 
Join Date: Oct 2002
Location: N. Richland Hill TX
Posts: 2,483
e-mail virus

Any one getting hit with shit loads of e-mail that looks like a letter from microsoft with a virus in it, telling you its a patch to run. Also getting a bunch saying its a returned e-mail unable to be delivered with the virus attached to it? Bet I have received them at-least 100 times today.
sig239 is offline  
Sponsored Links
Advertisement
 
post #2 of 9 (permalink) Old 09-20-2003, 11:43 AM
98 SVT Cobra
 
MoonDog's Avatar
 
Join Date: Sep 2002
Location: Central IL
Posts: 5,109
Yeah, I have gotten several of them over the past couple of days. They all have the Worm.Automat.AHB attached.

Word of warning, if and when Microsoft sends out a security patch update email they never send an attachment, there is always a link to their website where the update is located.
MoonDog is offline  
post #3 of 9 (permalink) Old 09-21-2003, 08:49 AM
98 SVT Cobra
 
MoonDog's Avatar
 
Join Date: Sep 2002
Location: Central IL
Posts: 5,109
Here is more info on the virus.

http://www.symantec.com/avcenter/[email protected]
MoonDog is offline  
 
post #4 of 9 (permalink) Old 09-21-2003, 09:12 AM
MaveRick
Guest
 
Posts: n/a
More in particular, to download the fix, see:

http://securityresponse.symantec.com...oval.tool.html

I got inundated by incoming alerts from this worm. My 'free' Anti-Virus program from Grisoft managed to prevent the virus from being loaded though.

BTW, the virus can be downloaded by simply previewing the message (depending on your "read" settings). In hopes of preventing the OE from allowing it in, I changed my 'read' option to dis-allow a message as being 'read' by changing the following:

1) Tools
2) Options
3) Read
4) Mark Message Read after displaying for ____ seconds. (I put mine to 60 seconds".

The freebie AVG (Anti-Virus by Grisoft?) program can be downloaded at http://www.grisoft.com/us/us_dwnl_free.php

The thing to do with the freebie is to allow scheduled updates and scanning (I have no idea what the full version offers - don't care, as the freebie seems to work fine).

Under the "Control Center" in AVG, check the "Use Outlook Exress Plug-In" as this appears that it might help prevent your being PC from being infected also.


I'm sure there are plenty other fixes out there that will do the same, this just being one of many.

Hope this helps some folk.

-Rick

Last edited by MaveRick; 09-21-2003 at 09:49 AM.
post #5 of 9 (permalink) Old 09-21-2003, 01:24 PM
You lookin' at mah EYE?!
 
DarkWolf's Avatar
 
Join Date: May 2000
Location: Portland, OR
Posts: 8,316
That won't help you much, if there's an attachment that automatically runs whenever you read the email. Changing the time it takes OE to mark a message read, has nothing to do with protecting yourself from being infected by a virus that runs whenever an email is opened, or previewed.

If you insist on just opening every email that comes in, regardless of whether or not something might be attached to it, set your mail reader to only render the message in plain text (in OE: Tools > Options > Read tab > Read all messages in plain text ). That will open any emails, but all the text will be just that, text. Any html code that would have been present, has been stripped, and added as an attachment. If you know the email's safe, and would like to view it as intended, you can just open the ATTXXXX.htm attachment.

Of course, while that's generally safe, I still prefer to play on the side of caution, and just open my emails in raw text, when I'm not sure what they're about. All email readers should be able to do this, but I can't say for certain. In OE: Right Click the message > Properties > Details tab > Message Source button. That will open a window with the raw text, all the headers, mime declarations, etc, will be plainly visible, any text will be readable, unless it's spam. If spam, they like the surround ever one or two letters in html comments. It's retarded. A friend sending you email in html form however, will result in you seeing the html code, and the text or body of the html/email will be fully ledgible. Links will not by hyperlinks, you'll have to physically copy and paste them into your browser, if you want to check them out.

DarkWolf
Graphic Design / Photography / Web Design
DarkWolf is offline  
post #6 of 9 (permalink) Old 09-21-2003, 05:44 PM
MaveRick
Guest
 
Posts: n/a
Quote:
Originally posted by DarkWolf
That won't help you much if there's an attachment that automatically runs whenever you read the email.


"This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message."


source = http://www.symantec.com/avcenter/[email protected]
post #7 of 9 (permalink) Old 09-22-2003, 11:28 AM
You lookin' at mah EYE?!
 
DarkWolf's Avatar
 
Join Date: May 2000
Location: Portland, OR
Posts: 8,316
Quote:
Originally posted by MaveRick
"This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message."


source = http://www.symantec.com/avcenter/[email protected]
Exactly. When you open or even preview the message. Meaning, when the message appears in that little preview window ... you're fucked. Setting the "mark message read after x seconds" does absolutely nothing other than set the amount of time between opening a message (be it either double-click opening, or looking at it in the preview pane), and when OE determines you've looked at it long enough to consider it read. Thus it un-bold's it, so the next time you come in, you don't get confused and think you have new email, even though you've already read that message. If that message has a virus attached that automatically executes upon viewing, it doesn't matter if your "mark message read after x seconds" equals 0 seconds, or 190238740123745012385712093857123 seconds ... as soon as the mail is viewed, you get the virus.

I'd also suggest turning off the preview window. That's one of the main reasons these worms get so widely spread, because people are too lazy. They leave that preview window open, so as soon as an email with the virus attached gets in the preview window, it's already too late. Turning that crap off will at least force you to consciously think about opening the email ... which if you're not completely retarded, you won't open every email that comes into your inbox (another major reason these worms spread). In OE: View > Layout > uncheck Show Preview Pane. Much more of a pain in the ass in Outlook 2000 (not sure about XP as I've never used it), as you have to disable the preview pane for EVERY folder individually. There's no way that I know of disable the preview pane globably in Outlook 2000 (or earlier).

Once you've got that preview pane shit turned off, then follow my steps above to either open all messages in plain text, or better yet, start opening ANY questionable emails in raw text (instructions in my post above). What constitutes a questionable email is up to you, but my rule of thumb: If it doesn't come from someone I know personally, it's questionable. Occasionally, even if it does come from someone I know, it becomes suspicious when the title is a little ... off. I've gotten a few emails from friends of mine, that were automatically generated by various worms. They'd either gotten them from a network at school, or just plain not thinking about what they were doing. They've since been educated, and I haven't received any questionables from friends, or family, in a long time.

DarkWolf
Graphic Design / Photography / Web Design
DarkWolf is offline  
post #8 of 9 (permalink) Old 09-23-2003, 02:04 AM
MaveRick
Guest
 
Posts: n/a
All I know is.... wait a sec...WTF DO I know?!



Thx
post #9 of 9 (permalink) Old 09-23-2003, 03:10 AM
You lookin' at mah EYE?!
 
DarkWolf's Avatar
 
Join Date: May 2000
Location: Portland, OR
Posts: 8,316
No problem

DarkWolf
Graphic Design / Photography / Web Design
DarkWolf is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome