Post by thread:FYI : New e-mail virus [OT][ADIM]

Wow... Has anyone else noticed the deafening silence? ...the lack of virus carrying posts ricocheting through the PICList? How have we managed to not be affected by this one? Knock on wood? Could it be that a few people posted warnings before the thing got here and ALL the list members with Outlook listened and avoided it? Good job (so far... knock, knock, knock...) --- James Newton (PICList Admin #3) spam_OUTjamesnewtonTakeThisOuTpiclist.com 1-619-652-0593 PIC/PICList FAQ: http://www.piclist.com or .org {Original Message removed}

Although I consider myself a humble man, I suspect that the critical mass of grey matter on the list is such that it does not allow these things to propogate through OUR machines. I got a love letter.. but I figure all of us on the list know when we see a VBS extension that the fix is in. I called the fellow and told him that I love him too, then deleted it. I open nothing that I did not expect to show up. With the exception of JPG's, which are predictably harmless jokes. Chris Eddy James Newton wrote: > Wow... Has anyone else noticed the deafening silence? ...the lack of virus > carrying posts ricocheting through the PICList? How have we managed to not > be affected by this one? Knock on wood?

> -----Original Message----- > From: James Newton [.....jamesnewtonKILLspam@spam@piclist.com] > Sent: Friday, May 05, 2000 11:00 AM > To: PICLISTKILLspammitvma.mit.edu > Subject: Re: FYI : New e-mail virus [OT][ADIM] > > > Wow... Has anyone else noticed the deafening silence? ...the > lack of virus > carrying posts ricocheting through the PICList? How have we > managed to not > be affected by this one? Knock on wood? > > Could it be that a few people posted warnings before the > thing got here and > ALL the list members with Outlook listened and avoided it? I must have had nearly 100 e-mail messages carrying the worm before I saw the first PICList posting about the worm. It's more likely that those of us on the PICList forced to use Outlook are smart enough not to open e-mail with attachments that look so suspicious. Secondly, I imagine that most PICList members that use Outlook and choose to carelessly open e-mail attachments, don't have the PICList in their address books. -Mike

> -----Original Message----- > From: Chris Eddy [.....ceddyKILLspam.....nb.net] > Sent: Friday, May 05, 2000 9:11 AM > To: EraseMEPICLISTspam_OUTTakeThisOuTmitvma.mit.edu > Subject: Re: FYI : New e-mail virus [OT][ADIM] > > > I open nothing that I did not expect to show up. With the > exception of JPG's, > which are predictably harmless jokes. In the case of this worm, it replaces every JPG it can find with a copy of it's vbe. If you have JPG viewer that executes VBEs (does such a thing exist?), and someone sent you a worm effected JPG, you'd be infected. -Mike

On Fri, 5 May 2000, Dipperstein, Michael wrote: > In the case of this worm, it replaces every JPG it can find with a copy of it's > vbe. If you have JPG viewer that executes VBEs (does such a thing exist?), and > someone sent you a worm effected JPG, you'd be infected. Yes, ACDSee (as well as others, I'm sure) will launch a file if you double-click it. Of course, it wouldn't show up as a JPG or other image file, so you'd still have to be pretty stupid and/or pretty careless to do it. Dale --- The most exciting phrase to hear in science, the one that heralds new discoveries, is not "Eureka!" (I found it!) but "That's funny ..." -- Isaac Asimov

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 11:55 AM 5/5/00 -0700, William Chops Westfield wrote: >I go ZERO "I Love you" virus-containing emails, and about 50 messages >containing assorted levels of warning... That's about where I am. Now tell me, why is it a good idea to have an email program that automatically runs software sent to you by some random bozo? - -- Are you an ISP? Tired of spam? http://www.spamwhack.com A pre-emptive strike against spam! Where's Dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBORM2PIFlGDz1l6VWEQIYUgCfZVcSEQ00WH1dIFfzRdSDlwqz8mkAoP47 jkmBsYn0cGJDUavRqtfNP1sw =Vh1x -----END PGP SIGNATURE-----

I think it's a wee bit cleverer than this. I understand that it re-assigns the default "viewer" for jpegs and layer for MP3's to act as if they are vbs files (which they now are) and thereby runs itself. when you try to run a copy of itself which has a jpg extension. Russell McMahon _____________________________ >From other worlds - http://www.easttimor.com http://www.sudan.com What can one man* do? Help the hungry at no cost to yourself! at http://www.thehungersite.com/ (* - or woman, child or internet enabled intelligent entity :-)) {Original Message removed}

Can this virus affect win98 boxes without outlook? i.e., if the user runs the attachment? At 01:21 PM 5/6/00 +1200, you wrote: {Quote hidden}>I think it's a wee bit cleverer than this. > >I understand that it re-assigns the default "viewer" for jpegs and layer for >MP3's to act as if they are vbs files (which they now are) and thereby runs >itself. when you try to run a copy of itself which has a jpg extension. > > > Russell McMahon >_____________________________ | | Sean Breheny | Amateur Radio Callsign: KA3YXM | Electrical Engineering Student \--------------=---------------- Save lives, please look at http://www.all.org Personal page: http://www.people.cornell.edu/pages/shb7 shb7spam_OUTcornell.edu ICQ #: 3329174

Yes. We had one, and only one, infected machine on our campus. The person was running Netscape and just had to open the attached file. She double clicked on it after she saved it, the Windows Scripting Host ran and she had a destroyed machine (with users who are numb, the safest bet is to format the drive and start over - they'll find a file on there somewhere that is infected and rescrew the system if you don't). It didn't replicate to the rest of us because it wasn't opened in Outlook (Outlook wasn't available). It was the President's secretary. A very nice lady, but not very computer wise. She had to *try* to open the file - which is something I've already commented on. Dan {Original Message removed}

> It was the President's secretary. A very nice lady, but not very computer > wise. She had to *try* to open the file - which is something I've already > commented on. > I notice from McAfee's website (http://www.mcafee.com) that people are quickly changing both the content of the ILOVEYOU email, and the name of the attachment, and forwarding it onwards. I found one example particularly worrying: SUBJECT: "Mothers Day Order Confirmation" MESSAGE: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day!" ATTACHMENT: " mothersday.vbs" Kieran