Searching \ for 'FYI : New e-mail virus [OT][ADIM]' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=
Search entire site for: 'New e-mail virus [OT][ADIM]'.

Truncated match.
PICList Thread
'FYI : New e-mail virus [OT][ADIM]'
2000\05\05@140227 by jamesnewton

face picon face
Wow... Has anyone else noticed the deafening silence? ...the lack of virus
carrying posts ricocheting through the PICList? How have we managed to not
be affected by this one? Knock on wood?

Could it be that a few people posted warnings before the thing got here and
ALL the list members with Outlook listened and avoided it?

Good job (so far... knock, knock, knock...)

---
James Newton (PICList Admin #3)
spam_OUTjamesnewtonTakeThisOuTspampiclist.com 1-619-652-0593
PIC/PICList FAQ: http://www.piclist.com or .org

{Original Message removed}

2000\05\05@141233 by Chris Eddy

flavicon
face
Although I consider myself a humble man, I suspect that the critical mass of
grey matter on the list is such that it does not allow these things to propogate
through OUR machines.  I got a love letter.. but I figure all of us on the list
know when we see a VBS extension that the fix is in.  I called the fellow and
told him that I love him too, then deleted it.

I open nothing that I did not expect to show up.  With the exception of JPG's,
which are predictably harmless jokes.

Chris Eddy

James Newton wrote:

> Wow... Has anyone else noticed the deafening silence? ...the lack of virus
> carrying posts ricocheting through the PICList? How have we managed to not
> be affected by this one? Knock on wood?

2000\05\05@142915 by Dipperstein, Michael

face picon face
> -----Original Message-----
> From: James Newton [.....jamesnewtonKILLspamspam@spam@piclist.com]
> Sent: Friday, May 05, 2000 11:00 AM
> To: PICLISTspamKILLspammitvma.mit.edu
> Subject: Re: FYI : New e-mail virus [OT][ADIM]
>
>
> Wow... Has anyone else noticed the deafening silence? ...the
> lack of virus
> carrying posts ricocheting through the PICList? How have we
> managed to not
> be affected by this one? Knock on wood?
>
> Could it be that a few people posted warnings before the
> thing got here and
> ALL the list members with Outlook listened and avoided it?

I must have had nearly 100 e-mail messages carrying the worm before I saw the
first PICList posting about the worm.  It's more likely that those of us on the
PICList forced to use Outlook are smart enough not to open e-mail with
attachments that look so suspicious.  Secondly, I imagine that most PICList
members that use Outlook and choose to carelessly open e-mail attachments, don't
have the PICList in their address books.

-Mike

2000\05\05@143316 by Dipperstein, Michael

face picon face
> -----Original Message-----
> From: Chris Eddy [.....ceddyKILLspamspam.....nb.net]
> Sent: Friday, May 05, 2000 9:11 AM
> To: EraseMEPICLISTspam_OUTspamTakeThisOuTmitvma.mit.edu
> Subject: Re: FYI : New e-mail virus [OT][ADIM]
>
>
> I open nothing that I did not expect to show up.  With the
> exception of JPG's,
> which are predictably harmless jokes.

In the case of this worm, it replaces every JPG it can find with a copy of it's
vbe.  If you have JPG viewer that executes VBEs (does such a thing exist?), and
someone sent you a worm effected JPG, you'd be infected.

-Mike

2000\05\05@145734 by William Chops Westfield

face picon face
I go ZERO "I Love you" virus-containing emails, and about 50 messages
containing assorted levels of warning...

BillW

2000\05\05@150159 by rleggitt
2000\05\05@150207 by Dale Botkin

flavicon
face
On Fri, 5 May 2000, Dipperstein, Michael wrote:

> In the case of this worm, it replaces every JPG it can find with a copy of it's
> vbe.  If you have JPG viewer that executes VBEs (does such a thing exist?), and
> someone sent you a worm effected JPG, you'd be infected.

Yes, ACDSee (as well as others, I'm sure) will launch a file if you
double-click it. Of course, it wouldn't show up as a JPG or other image
file, so you'd still have to be pretty stupid and/or pretty careless to do
it.

Dale
---
The most exciting phrase to hear in science, the one that heralds new
discoveries, is not "Eureka!" (I found it!) but "That's funny ..."
               -- Isaac Asimov

2000\05\05@151007 by David VanHorn

flavicon
face
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 11:55 AM 5/5/00 -0700, William Chops Westfield wrote:
>I go ZERO "I Love you" virus-containing emails, and about 50 messages
>containing assorted levels of warning...

That's about where I am.

Now tell me, why is it a good idea to have an email program that
automatically runs software sent to you by some random bozo?


- --
Are you an ISP?  Tired of spam?
http://www.spamwhack.com  A pre-emptive strike against spam!

Where's Dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBORM2PIFlGDz1l6VWEQIYUgCfZVcSEQ00WH1dIFfzRdSDlwqz8mkAoP47
jkmBsYn0cGJDUavRqtfNP1sw
=Vh1x
-----END PGP SIGNATURE-----

2000\05\06@011911 by Russell McMahon

picon face
I think it's a wee bit cleverer than this.

I understand that it re-assigns the default "viewer" for jpegs and layer for
MP3's to act as if they are vbs files (which they now are) and thereby runs
itself. when you try to run a  copy of itself which has a jpg extension.


     Russell McMahon
_____________________________

>From other worlds - http://www.easttimor.com
                               http://www.sudan.com

What can one man* do?
Help the hungry at no cost to yourself!
at  http://www.thehungersite.com/

(* - or woman, child or internet enabled intelligent entity :-))


{Original Message removed}

2000\05\06@013322 by Sean Breheny

face picon face
Can this virus affect win98 boxes without outlook? i.e., if the user runs
the attachment?

At 01:21 PM 5/6/00 +1200, you wrote:
{Quote hidden}

| Sean Breheny
| Amateur Radio Callsign: KA3YXM
| Electrical Engineering Student
\--------------=----------------
Save lives, please look at http://www.all.org
Personal page: http://www.people.cornell.edu/pages/shb7
shb7spamspam_OUTcornell.edu ICQ #: 3329174

2000\05\06@120530 by Dan Creagan

flavicon
face
Yes. We had one, and only one, infected machine on our campus. The person
was running Netscape and just had to open the attached file. She double
clicked on it after she saved it, the Windows Scripting Host ran and she had
a destroyed machine (with users who are numb, the safest bet is to format
the drive and start over - they'll find a file on there somewhere that is
infected and rescrew the system if you don't). It didn't replicate to the
rest of us because it wasn't opened in Outlook (Outlook wasn't available).

It was the President's secretary.  A very nice lady, but not very computer
wise.  She had to *try* to open the file - which is something I've already
commented on.

Dan

{Original Message removed}

2000\05\06@183308 by Kieran Miller

flavicon
face
> It was the President's secretary.  A very nice lady, but not very computer
> wise.  She had to *try* to open the file - which is something I've already
> commented on.
>

I notice from McAfee's website (http://www.mcafee.com) that people are
quickly changing both the content of the ILOVEYOU email, and the name of the
attachment, and forwarding it onwards.

I found one example particularly worrying:

SUBJECT: "Mothers Day Order Confirmation"
MESSAGE: "We have proceeded to charge your credit card for the amount of
$326.92 for the mothers day diamond special. We have attached a detailed
invoice to this email. Please print out the attachment and keep it in a safe
place.Thanks Again and Have a Happy Mothers Day!"
ATTACHMENT: " mothersday.vbs"

Kieran

More... (looser matching)
- Last day of these posts
- In 2000 , 2001 only
- Today
- New search...