YD Scuba Diving Forums banner

1 - 15 of 15 Posts

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #1 ·
Imported post

<font color='#810541'>My wife got a weird email on our personal email account last night.  It's left me wondering - has anyone heard of something similar:

The email text is as follows
[b said:
Quote[/b] ]
From:  [email protected]
To:  Jo <[email protected]>
Reply-To:  [email protected]
Date:  16 Oct 2003, 07:13:38 PM  
Subject:  your account ioxrofco  

--------------------------------------------------------------------------------

Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.

---
Best regards, Administrator
ioxiofco
I have substituted DOMAINNAME for my real domain name (which is the same as my YD username, funnily enough).

It purports to be from [email protected], but as I am the owner of that domain, and I didn't send it, it's obviously someone trying to pass themselves off as the admin.  There is an attachment, which I chose not to open (it's still on the server, I was checking email using my mobile phone and PDA when I found it).  Is this some kind of sophisticated spam, or worse, virus attempt?

Any clues?

Andy
 

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #2 ·

·
Registered
Joined
·
1,476 Posts
Imported post

<font color='#000080'>Andy,
Can you give me any more details of this? Any chance of finding out the attachment name (without openning the file, of course!)
If so, I'll try a search on the McAfee Virus Information Library (I don't have enough info in your posting to get any meaningful info from the library.
Can I suggest that you make sure that your Anti-Virus software is enabled and up-to-date...

Regards
abucksdiver (who happens to work for a "leading" AV company...)
 

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #4 ·
Imported post

<font color='#810541'>All that was attached was a file called message.zip.  I could have told you more if I was still using my late lamented psion, as the mailer program gave more information about email contents, but on this new palm pilot all it does is tell me that there was an attachement and it didn't download it.

Suffice to say, I'm going to update my virus software tonight - I dodged it this time, no time to let my guard down (like I did with the msblast virus!)

Andy
 

·
Registered
Joined
·
3,914 Posts
Imported post

[b said:
Quote[/b] (aclivity @ Oct. 17 2003,10:46)]Suffice to say, I'm going to update my virus software tonight - I dodged it this time, no time to let my guard down (like I did with the msblast virus!)
I'd recommend anyone to have their AV prog set on to "auto update", this is how my McAfee one is configured.

However, updated AV files wouldn't have protected you from the  "blaster" episode as, IIRC, this was based on a DCOM RCP exploit which I understand to be quite different to a virus, worm or trojan as it requires a patch from MS for their "rushed to market" pish. f***ing Mr Billion Gates and his substandard products!  

Soon as my new HDD arrives I'm starting my migration to Linux
 
 

·
Registered
Joined
·
1,476 Posts
Imported post

<font color='#000080'>Steve,
Only partially correct...

Yes, Blaster (Lovesan) and several other "exploits" recently have been aimed at Microsoft "Deficiencies", but they all involve the sending and receiving of known groups of data... which your up-to-date AV software can scan for.

Therefore, as soon as your AV DAT (for McAfee) and engine files are updated to include signatures for the exploit, they can be detected and blocked...
(Check any of the "exploit" descriptions on the McAfee Virus Information library... you will see minimum DAT and Engine versions for all of them!)

(Edited to add the following...)
But of course, you should then add the MS Security Patch when it is posted.. to prevent other expolits using hte same "holes". (However, the AV fixes tend to be issued weekly or more often, whereas MS sometimes wait for several weeks before posting fixes...

Regards

abucks
 

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #9 ·
Imported post

<font color='#810541'>I don't have mcAfee, I have a freeware software called Grisoft.  It did pick up and disinfect msblast (after I had updated the database, also after I had downloaded the patch and deleted the registry entry myself - it removed the files from the system recovery area).  It's probably not as fully featured as other (paid for) virus software but as I am a pretty lightweight user on my home PC, it's probably enough.  My work pc's (desktop and laptop) is autoupdated from the internal netork.

Completely agree about the 'evil empire' software comments, I have considered moving to something else (for a while, I didn't use a home PC at all and relied on my psion) but it's pervasive; much cheaper to buy an XP laptop than an apple powerbook, most software that I use is available for winduhs long before anything else.  I probably should consider one of the available linux versions but it seems more like hard work?

Andy
 

·
Registered
Joined
·
5,966 Posts
Imported post

<font color='#0000FF'>One thing I don't understand about Anti virus programs. If I have an updated version and receive an e-mail with a virus and open it does the AV block it straight away or only finds out when you next run the AV program? If I don't open the e-mail (with the virus) will the AV program still find it?

( I have the McAfee AV which I download the updated version from www.NAI.com. but since having it I have not found any viruses. I'm happy about that but makes me wonder if is working well or it's just my habit of deleting all suspicious e-mails)
 

·
Registered
Joined
·
1,476 Posts
Imported post

<font color='#000080'>Chris,
AV software usually have two main components... one is a Windows Service (assuming use on a Windows PC, of course) that is started up when you start your PC, and that then checks all incoming e-mail, file saves etc. (another assumption... you must have on-access scanning enabled - the default setting - for this to apply)

The second "component" is the interface, which you can start from the "Start" menu, from the taskbar etc. This usually has options such as "update", "scan now", "change settings" etc.

So, in answer to your question, it should check each time you download e-mails or other files, assuming it is correctly configured.

Hope this helps...

abucksdiver
 

·
Shipwrecked & Comatose, drinking fresh mango juice
Joined
·
2,614 Posts
Discussion Starter · #12 ·
Imported post

<font color='#810541'>is there a simple way of testing that it's working, I mean, without risking infection on your PC?  Do AV software companies keep copies of viruses that they could email to customers to prive that the software stops it?

(this is a bit like the stealth bomber approach
AV Company: "did you receive an email entitled VIRUS TEST?"
Me: "No."
AV Company:  "It's working then"
Me: "How do I know you sent the email in the first place?")
 
1 - 15 of 15 Posts
Top