SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 28
  1. #1
    SitePoint Zealot
    Join Date
    Apr 2000
    Location
    Earth
    Posts
    133
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    spam with a possible virus?????

    I got a piece of what is probably spam (it looks like spam, sort of) and I think it has a virus attached. This is the worst I've gotten. The worst part is that it came to my webbased email address @ visto.com


    I know this may get moved, but I need answer: Is

    New_Napster_Site.MP3.pif a virus? If so, I'll delete it right away.



    Moderators: Please move this if its necessary!!!!

    btw: yahoo is getting really bad at catching real spam! It never has gone to the bulk mail folder.

  2. #2
    Sports Publisher mjames's Avatar
    Join Date
    Jan 2000
    Location
    Charlotte, NC
    Posts
    5,891
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you have any virus protection running? You ought to, as it would detect it. Indeed, it's the Badtrans worm: http://securityresponse.symantec.com...rans.b@mm.html

  3. #3
    SitePoint Zealot
    Join Date
    Apr 2000
    Location
    Earth
    Posts
    133
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation

    I want to know how I got this email! It must have been that stupid bigdeals spam list. I didn't download the attachment. Thanks for confirming that it is a virus. I can now permanently delete it from my trash folder at visto.

    I do have anti virus software- Norton 2002, it came with the new memory my dad got me for my computer.


    this is who I got it from, I suspected it when I saw the attachment name. I *ALMOST* downloaded the html attachment.

    name: _jessica@odyssey.net

    The email is now permanently deleted. Sheez, I really hope none of my relatives gets this. This visto email is the one I use for family email.
    Last edited by clueless; Dec 8, 2001 at 21:05.

  4. #4
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Someone on your mailing list has the virus, it then sends itself to everyone on his/her mailing list. If you are on that list then you get it

    Get the latest updates for your antivirus program WEEKLY at least!

  5. #5
    SitePoint Zealot Andthensometoo's Avatar
    Join Date
    Aug 2001
    Location
    Michigan
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    He's right, watch out for those double extensions. they are most likely a virus, and email filters as well as a lot of PC configurations will not detect them.
    As far as who sent it to you, they did it unkowingly as the virri sends itself out to all addys in can find on the infected PC. So don't hold it against the sender, they didn't send it to you on purpose.
    I use JBmail which makes it impossible to be infected by virri.
    "If you handle with products .. this is a word to see It"
    elvis.isnotalive.com
    My Complaint Dept
    Visit Interceptor's AV review

  6. #6
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I'm getting tons and tons of these (spam with .pif attachments) in just about all my email addresses. It's getting worse.

    Heaps of them are coming from my subscribers, indicating that many of their computers are infected, and are forwarding these possible viruses to me.

    Should I put out an announcement?
    [mmj] My magic jigsaw
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    The Bit Depth Blog Twitter Contact me
    Neon Javascript Framework Jokes Android stuff

  7. #7
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I might have got my wires crossed somewhere along the line, but I'm sure I read somewhere that this virus can also pick up email address from web pages stored in your temporary internet folder. So, if somebody with the virus visits your website and you have an email link on there, you can be 'had' that way.
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  8. #8
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry to wrack your brains Saz but where did you read that?

    Here is the info on it from Macafee
    http://vil.mcafee.com/dispVirus.asp?virus_k=99069&
    Last edited by tdevil; Dec 10, 2001 at 03:55.

  9. #9
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did a search for the virus on Google and a page came up on sarc.com, but it seems to be missing now.

    Anyway, I'm sure that's where I read it!
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  10. #10
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Found it.....Google must be listing an old link.

    http://www.sarc.com/avcenter/venc/da...rans.b@mm.html
    If RAS support is present on the computer, then the worm waits for an active RAS connection. When such a connection is made, with a 33-percent chance, the worm searches for email addresses in *.ht* and *.asp in %Personal% and Internet Explorer %Cache%. If it finds addresses in these files, then it sends mail to those addresses using the victim's SMTP server. If this server is unavailable, the worm will choose from a list of its own.
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  11. #11
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good thing I rarely use IE and NEVER use outlook express!!

  12. #12
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I use both all the time but my system is fine. I've been sent the virus a few times, but I'm a good girl and keep my definitions up to date and Norton is always active!

    That said, it doesn't really matter what you use if somebody using IE visits your site and they have the virus.
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  13. #13
    Gone!
    Join Date
    Aug 2001
    Location
    Witty Location Parody
    Posts
    3,889
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmmmm, i ve just started using Outlook Express for the first time ever because I wanted a POP email account because I was getting tired of hotmail/yahoo etc.

    If I keep my AV updated weekly will this be enough to stop possible virus threats?

    Bit off topic, but saves a new thread and its relevant!

    You can get a free pop3 email address @ hotpop.com btw!

  14. #14
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, I'm no techy-type person (blonde and naturally dizzy, I'm afraid), but I make sure my virus defs are updated at least once a week, and keep Norton's 'Auto Protect' running and that seems to do the trick.

    One thing I have noticed with BadTrans though is that, even with the 'email scanner' running, Norton doesn't pick up the virus while the email is being downloaded. It's not until the attachment tries to open (something it does automatically with this virus) that Norton catches it.
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  15. #15
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Saz249
    One thing I have noticed with BadTrans though is that, even with the 'email scanner' running, Norton doesn't pick up the virus while the email is being downloaded. It's not until the attachment tries to open (something it does automatically with this virus) that Norton catches it.
    Yes that is something I have noticed too, but in hotmail at least it is seen as an attachment. There is no visible attachment in my private mail, and I guess that is why it is spreading so easy

    glenplake, if your AV program has the service, get it to alert you to new viruses by email as macafee does for me, otherwise, at least once a week is good.

  16. #16
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the biggest problem lies with the fact that so many users are complacent and don't think to run anti-virus software. A friend of ours sent us a virus a few months back, and when we told her about it and asked her if she had opened any attachments that didn't seem to do anything, her response was "Oh, I might have done. I can't remember." The daft thing is, she had a copy of Norton but didn't bother to put it on as she didn't think she would need it!!
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  17. #17
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That is sad

    I can say with pride that I have never had a virus in all my years on the net

    What gets on my goat, is when I send the latest virus info to all on my email list, with a link to the info, and a couple of days later I get at least three calls for "help - I have a virus!!" (usually the same people)

    "Oh didn't you look at the URL I sent you?" "yes, but this was from a friend"

  18. #18
    Bimbo With A Brain! silver trophy Saz's Avatar
    Join Date
    Mar 2001
    Location
    Kent, United Kingdom
    Posts
    5,275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    People like this should be banned from connecting to the internet!!

    My husband said the other day that one of the UK ISP's, NTL, closed over 1000 (I think) accounts because these people had the virus on their systems and continually ignored advice from NTL to sort it!
    Saz: Naturally Blonde, Naturally Dizzy!
    No longer Editor of the Community Crier.

    Don't mind me, I'm having a BLONDE moment!

  19. #19
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wowsers!!!!!!!

    I do hope NTL explained in nice plain Sesame Street language how to fix it?

    There are toooooo many who shouldn't be in control of a computer

  20. #20
    SitePoint Zealot Andthensometoo's Avatar
    Join Date
    Aug 2001
    Location
    Michigan
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If it wasn't so sad, it would be funny.
    "If you handle with products .. this is a word to see It"
    elvis.isnotalive.com
    My Complaint Dept
    Visit Interceptor's AV review

  21. #21
    SitePoint Addict
    Join Date
    Oct 2001
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Anyone know of a filtering system which will automatically delete .scr, .exe or .pif attachments? I've been using Spamweasel but since a recent update my Norton anti-virus gets to the infected files first and stops Spamweasel from changing the file in any way.
    Last edited by laurieb; Dec 16, 2001 at 05:34.

  22. #22
    SitePoint Evangelist tdevil's Avatar
    Join Date
    Aug 2001
    Location
    Australia
    Posts
    441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should be pleased that Norton picks it up first!

    What will spam weasel do with it?

    Your antvirus program is to pick up viruses, I assume spam weasel is for spam. Viruses are more dangerous to computer users than spam.


  23. #23
    Gone!
    Join Date
    Aug 2001
    Location
    Witty Location Parody
    Posts
    3,889
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And what if it was an *.exe that you actually wanted? I can understand .pif and .scr but I get a few exes that I actually want and would be annoyed if they were deleted before I had a chance to check them out first.

  24. #24
    SitePoint Addict
    Join Date
    Oct 2001
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by glenplake
    And what if it was an *.exe that you actually wanted? I can understand .pif and .scr but I get a few exes that I actually want and would be annoyed if they were deleted before I had a chance to check them out first.
    Wow. I never, but NEVER touch a .exe attachment. You may have different circumstances but I cannot see any reason for anyone to send me a .exe unless it is malicious.

  25. #25
    SitePoint Addict
    Join Date
    Oct 2001
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by tdevil
    You should be pleased that Norton picks it up first!

    What will spam weasel do with it?

    Your antvirus program is to pick up viruses, I assume spam weasel is for spam. Viruses are more dangerous to computer users than spam.

    Before I upgraded my Norton software Spamweasel was set to detect .scr, .pif or .exe attachments and rename the title of the email to INFECTED. I set Outlook to automatically delete any emails with this title and it worked OK until the Norton upgrade poked it's nose in. Now it tells me about them (no point, I know that they are virii!) and I have to delete them all manually. I get quite a few every day so I want to get rid of them automatically.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •