Just wanted to report here that I got an email from a member here known as "Jhon@24.??.??.??" I looked up Jhon to make sure that name was valid. The reason I believe this person is from BYOND is case it was sent to [email protected] which is an email I only use within the BYOND community. The email had a pif attachment and was made out to be from my own domain's management team. I being the sole owner of the site recognized this immediate as bogus and investigated. They were trying to get the recipient to click on the attachment claiming it to be an anti-virus protection program. Also references were made that make it seem as though [email protected] had seen a large amount of traffic coming out of the sent-to email account.
Just reporting and informing others in case I was not the only one this was sent to.
-LJR
ID:135760
 Mar 2 2004, 11:24 pm
|
|
On top of CableMonkey's account, I should add that the worm was probably sent by one of your own team. The worms going around most tend to scan your cache for HTML files, and extract any e-mail addresses they can; the sending address is always faked.
Lummox JR | |
Ah ha.. I see.. thanks for clearing this matter up Lummox JR.
-LJR Lummox JR wrote: On top of CableMonkey's account, I should add that the worm was probably sent by one of your own team. The worms going around most tend to scan your cache for HTML files, and extract any e-mail addresses they can; the sending address is always faked. | |
CableMonkey wrote:
Edit: Thanks for all the good info, I first saw it as a prank rather than thinking of it as a worm.. But of course.. I always delete rather than open things. -LJR | |
The same thing was sent to [email removed for spambots] which goes to the hub reviewers. The wording of the message made me believe it was a virus, or at least automatically generated by a script, though.
Whichever it is, I'm imagining that a lot of people around BYOND will be getting it soon. | |
well that just sucks...
at least we know about it though. Should dantom do a mass e-mailing to tell everyone or just have the mods post about it in Announcements? Or what? | |
I am the administrator of the richland.k12.la.us server. We have been getting flooded with the new NetSky, Bagle, and Mydoom variants here recently. I've had to manually update our virus signature files several times a day over the past week....and monitoring this page reguarly. In fact...I was just at that page about 3 minutes ago...and a new one was just posted as I went to go find that URL to post here. gah!
| |
Airjoe wrote:
Should dantom do a mass e-mailing to tell everyone or just have the mods post about it in Announcements? Or what? Neither. E-mail worms have become commonplace. Lummox JR | |
and monitoring this page reguarly. Good link. It appears the email going around here is none other than W32/Bagle.j@MM (I hate naming conventions virus scanners use, by the way). More info: http://us.mcafee.com/virusInfo/ default.asp?id=description&virus_k=101071 | |
Jhon is a BYOND friend of mine, and I dont believe he would hack... Although if someone hacked him and used his key...
Anyways. Someone could have hacked him for his BYONDimes | |
nick.cash wrote:
(I hate naming conventions virus scanners use, by the way). I like the new naming convention being used. The format is: [OS/Script virus type]/[virus family].[variant][@type][!subtype] So... W32/Bagle.j@MM W32 means its a virus that effects Windows Bagle is the virus family j is the variant @MM means that its a mass-mailer You can find a listing of prefixes (what I called "OS/Script virus type") and suffixes (what I called "type") at http://securityresponse.symantec.com/avcenter/vnameinfo.html | |
Lummox JR wrote:
Airjoe wrote: I've never ever, ever, got a vrius over my email. I fell leftout :(. | |
No one hacked anybody or even tried to hack anybody. It's a virus that spoofs email addresses... and if I see a bunch of people on pager and in chats and games talking about who is or isn't "sending viruses", I'll be deeply disappointed in humanity but not particularly surprised.
The perpetrator is someone a thousand steps removed from the BYOND community... the only thing the "senders" here are guilty of is being careless and getting themselves infected from emails that were likewise sent from the infected computers of other careless people, and so on. | |
The exception is when you receive personally-targetted emails which are talking to you using colloquial terms which a virus would have no way of picking up upon -- calling you by name instead of by address, talking about things you've done, and using text that couldn't have been harvested from emails which someone could have sent.
| |
Spuzzum wrote:
The exception is when you receive personally-targetted emails which are talking to you using colloquial terms which a virus would have no way of picking up upon -- calling you by name instead of by address, talking about things you've done, and using text that couldn't have been harvested from emails which someone could have sent. I wouldn't be surprised at all if a virus writer could pull random "sent" emails from your email history, and attach a virus with a sentence to the end of the message...in fact to be very clever they could do by re-forwarding the message with a statement at the top saying "Oops I forgot to include the attachment". Ooh, that would be a good one. | |
Deadron wrote:
I wouldn't be surprised at all if a virus writer could pull random "sent" emails from your email history, and attach a virus with a sentence to the end of the message...in fact to be very clever they could do by re-forwarding the message with a statement at the top saying "Oops I forgot to include the attachment". Good, but not as good as the one with a subject of "THIS IS A VIRUS" that contains a single link saying "Do not click me." which would then infect the computer with a virus. It could be the most infectious email virus ever! | |
Deadron wrote:
I wouldn't be surprised at all if a virus writer could pull random "sent" emails from your email history, and attach a virus with a sentence to the end of the message... Its sorta been done...only that it was any email that it could find. I believe it is was the Klez virus that did this. ::edit:: BugBear did this... | |
I bet if you save the file to your hard drive (DO NOT RUN IT!) and run an updated virus scanner (like...updated today, for two new viruses have already been discovered this morning), I bet it will detect it as something.
Something else to watch out for these days is password-protected zip files containing viruses. The body of the email contains the password. Many virus scanners won't detect the virus because its passworded/encrypted.
Edit:
If it is one of the new viruses, the sender didn't send it on purpose.