[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: virus-containing "tesla" / "vacuum tube" message circulated (fwd)


---------- Forwarded message ----------
Date: Mon, 8 Sep 2003 21:22:28 -0700
From: Dave Halliday <dh@xxxxxxxxxxxxxx>
To: 'High Voltage list' <hvlist@xxxxxxxxxx>
Subject: RE: virus-containing "tesla" / "vacuum tube" message circulated
    (fwd)

I do IT work for a living and have some familiarity with Windows.

The issue here is that someone clicked on an attachment, didn't see
anything that interested them and then moved on.  The attachment they
clicked on was actually a program that installed itself on that person's
computer, looked at their Outlook address book and sent copies of itself
to every member in the address book (ie: those parties and lists that
person ever sent e-mail to).


Couple of things here.

#1) - if you ever get an e-mail with an attachment that you are not
specifically EXPECTING, do NOT open it without first pinging the person
who sent it.  If they did not knowingly send it to you, their system is
infected and needs to be taken offline and fixed (Windows is
multi-tasking and the virus program can be running in the background
sending copies of itself without your knowledge)

#2) - if you run anti-virus software, keep the definition files updated
- new shit comes out every week and if you don't have a definition for
it, it will not register on your anti-virus software.  BugBear.B was
found June 5th 2003, if your AV definition file predates that, it is of
zero use to you.  Updates are generally free from the vendors website...

#3) - if you suspect that you do have an infection, get your system
offline immediately unless you have no other way of downloading a virus
removal tool.

#4) - virus removal tools are available for free from the various AV
companies.  I use Symantec (Norton) - the other big players are also
good.  For this specific one (BugBear) go to:
http://securityresponse.symantec.com/avcenter/tools.list.html
specifically:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm
.removal.tool.html

(caution, URL may wrap)


P.S. - Some AV software attempts to use sophisticated analysis of the
incoming files to determine if a virus is present.  There have been a
couple big players trying this.  They have uniformly been complete and
total failures.  The only thing that seems to work at this time is a
good up-to-date definition file and caution with opening attachments.

P.P.S. - you can safely have a virus attachment on your hard disk if you
do not activate it or try to run it or double-click or anything like
that.  You can safely have a bottle of poison sitting on your desk if
you don't open it and take a swig.  You do not need to be a raving
paranoid, just cautious...  Very very cautious...



Dave

> -----Original Message-----
> From: High Voltage list [mailto:hvlist@xxxxxxxxxx]
> Sent: Monday, September 08, 2003 7:45 PM
> To: hvlist@xxxxxxxxxx
> Subject: virus-containing "tesla" / "vacuum tube" message
> circulated (fwd)
>
>
> Original poster: Steven Roys <sroys@xxxxxxxx>
>
>
>
> ---------- Forwarded message ----------
> Date: Mon, 8 Sep 2003 12:34:30 -0600
> From: Gomez <gomez@xxxxxxxxxxxx>
> To: hvlist@xxxxxxxxxx, Colorado Tesla Coilers <gnats@xxxxxxxxxx>,
>      Tesla list <tesla@xxxxxxxxxx>, Denver Mad Scientists
> Club <dmsc@xxxxxxxx>
> Subject: virus-containing "tesla" / "vacuum tube" message circulated
>
> FYI...
> The following message arrived in my inbox today, with an
> attached script titled 'videos.lnk.scr'.  The attachment
> contains W32/Bugbear.b.dam.  Either the author was targeting
> electronics / tube enthusiasts specifically, or the virus
> writer was more than usually clever.  Note that I am not
> subscribed to the alleged (and probably
> non-existent) mailing list in the From: line.
>
> 	Diagnose Scan started at 2003-09-08 12:23:59
> -0600Scanning /Users/lemieux/Desktop/Videos.lnk.scr
> 	Scanning file /Users/lemieux/Desktop/Videos.lnk.scr
> 	/Users/lemieux/Desktop/Videos.lnk.scr
>
>          Found the W32/Bugbear.b.dam virus !!!
>
>   As ever, make sure your anti-virus software has the most
> recent data file and is correctly configured.  This is
> especially important if you run Windows, but _critically_
> important if you use any version of Outlook under Windows.
>
> Begin forwarded message:
>
> > From: "Tesla list" <tesla@xxxxxxxxx>
> > Date: Mon Sep 8, 2003  11:43:04  AM America/Denver
> > Subject: Fwd: RE: 833a Sockets
> > Return-Path: <tesla@xxxxxxxxx>
> > Received: from ls401.hinet.hr (ls401.hinet.hr [195.29.150.2]) by
> > fractal.kaosol.net (8.12.8/8.12.7) with ESMTP id h88HsmUC000857 for
> > <gomez@xxxxxxxxxxxx>; Mon, 8 Sep 2003 11:54:48 -0600 (MDT)
> > Received: from pentium (ad3-m14.net.hinet.hr [195.29.131.14]) by
> > ls401.hinet.hr (0.0.0/8.12.9) with SMTP id h88Hh4ZS015966;
> Mon, 8 Sep
> > 2003 19:43:04 +0200
> > Message-Id: <200309081743.h88Hh4ZS015966@xxxxxxxxxxxxxx>
> > Mime-Version: 1.0
> > Content-Type: multipart/mixed; boundary="----------LLT1ACRIEH4RL4"
> > X-Trace: ls401.hinet.hr 1063043028 15967 195.29.131.14 (Mon, 08 Sep
> > 2003 19:43:48 +0200)
> > X-Warning: This mail MAY contain virus | Ova poruka MOZDA sadrzava
> > virus
> > X-Spam-Status: No, hits=0.3 required=5.0
> > tests=FWD_MSG,MICROSOFT_EXECUTABLE,MISSING_HEADERS version=2.55
> > X-Spam-Level:
> > X-Spam-Checker-Version: SpamAssassin 2.55
> (1.174.2.19-2003-05-19-exp)
> >
> > Original poster: sundog <sundog@xxxxxxxxxxxx>
> >
> >
> > Hi All, Dan,
> >
> > A valve is the old-time (and over-the-pond, I believe) term for a
> > vacuum tube.  Goes back to the electricity being like water
> analogy,
> > and the tube
> > is likened to a
>
> (here the message ended and the attachment began)
>
> let's be careful out there...
>
>   - Bill "Gomez" Lemieux
>
> ..............................................................
> .........
> The box said, "requires Windows 95 or better", so I bought a
> Macintosh.
>
>
>