fox: technical difficulties: please stand by. (technical difficulties)
fox ([personal profile] fox) wrote2003-08-20 02:11 pm
  • Add Memory
  • Share This Entry
  • Current Mood: right-brained
Entry tags:

question for the techies

I've been getting a lot of e-mails lately with essentially the following message: "Your e-mail to [address (hell, domain) you've never heard of] has been returned/rejected/denied because it had an attachment infected with a virus/that we flagged as malware." The attachment in two cases was document_all.pif, which does not exist on my harddrive; in one case it was wicked_scr.scr, which does not exist on my hard drive. Another message tells me the file movie0045.pif, which does not exist on my hard drive, is infected with I-Worm.Sobig.F; yet another says "Our viruschecker found the W32/Sobig.f@MM virus in your e-mail to [address (domain) you've never heard of] [in fact, e-mail you never sent]." Finally, I have one that says it can't accept e-mail with .pif attachments.

My virus software is up-to-date, and I just ran a scan this morning -- everything here is clean. Additionally, I use webmail, which I understand isn't so vulnerable to this massive spoofy blitz-everyone-in-your-book type behavior. I've certainly never deliberately sent any e-mail to any of the addresses claiming to have bounced any of this crap back at me; and I'm about 80% confident that my e-mail account has never taken it upon itself to send any e-mail to these addresses, either.

Is my thinking correct, that these "we rejected your e-mail, you better check your system" stuff is itself the crap in question, and just delete the hell out of it without opening any attachments (should it have them)? And further, that I should trust my scanny stuff when it tells me my system is clean? In short, that I have nothing to worry about?

[eta: i did get all A's in russian for the summer, despite a rather distressing number of absences. that's for anyone with a particular interest in my academic pursuits. :-)]
Threaded | Top-Level Comments Only

[identity profile] bougrelasxiv.livejournal.com 2003-08-20 11:19 am (UTC)(link)
That is correct.

Here is the info. (http://64.4.26.250/cgi-bin/linkrd?_lang=EN&lah=70285027669014c3c19e081560bf326b&lat=1061403442&hm___action=http%3a%2f%2fwww%2esymantec%2ecom%2favcenter%2fvenc%2fdata%2fw32%2esobig%2ef%40mm%2ehtml)

If the email has a subject of Re: [Fill in the Blank] or something about mail undeliverable, and you don't know why it was sent, just delete.

jordan.

[identity profile] darthrami.livejournal.com 2003-08-20 11:27 am (UTC)(link)
Basically, people are messing around with e-mail, and some people's addresses are getting spoofed in order to get access to their address book to send out SPAM. I forwarded you an e-mail our IT guy here at work sent out about it.

[identity profile] darthfox.livejournal.com 2003-08-20 11:30 am (UTC)(link)
that link says
Your email message has been idle and this link has become inactive. To access the link, . Then click the browser's Refresh button or close your message and reopen it.
:-) but i believe you. thanks for reassuring me.

[identity profile] bougrelasxiv.livejournal.com 2003-08-20 11:37 am (UTC)(link)
http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

[identity profile] fafou.livejournal.com 2003-08-20 11:56 am (UTC)(link)
WOO!! & HOO!! on your grades. and Boo! & Hoo! at your virus-y issues.

GO apple!

[identity profile] jgesteve.livejournal.com 2003-08-20 01:00 pm (UTC)(link)
Yeah never ever open up an emailed .scr and/or .pif file... always delete them summarily. A .pif is a shortcut to a DOS-based command and a .scr (technically a screensaver file) can include executable scripts... another one to avoid is .shs (shell script) files. Basic rule of thumb if you've got no idea what the hell the email is talking about, just delete to be safe.

[identity profile] darthfox.livejournal.com 2003-08-20 01:28 pm (UTC)(link)
no, right, i obviously wouldn't open such attachments, and have been deleting the e-mails left right and center. my concern was that they were a sign there was something on my harddrive that shouldn't be there, despite the all-clear from the scan -- or that my e-mail account was misbehaving. but it seems to be that it's other people's e-mail accounts doing the misbehaving, so i feel better. :-)

[identity profile] lwood.livejournal.com 2003-08-21 01:36 am (UTC)(link)
Even better: Outlook Express opens .scr and .pif files automagically, without need for user intervention... or, at least, it did.

This is appallingly stupid behavior, and, well, why many sysadmins call that particular client Outbreak Express...

-- Lorrie

[identity profile] darthfox.livejournal.com 2003-08-21 07:14 am (UTC)(link)
... and why i've never laid a finger on Outlook, Express or otherwise. :-D

[identity profile] lwood.livejournal.com 2003-08-21 09:19 am (UTC)(link)
Smart!

-- Lorrie

[identity profile] jgesteve.livejournal.com 2003-08-21 01:28 pm (UTC)(link)
I believe they've fixed both Outlook and Outlook Express to avoid that now... personally as an IT guy I feel they over fixed it since I'm often forced to email files around that Microsoft has outlook block (small Access DB files, small executable zips, etc.). Now if I want to send files like those I have to rename the extension, and hope that the receiver is smart enough to understand how to rename it back... Grr... damned virus makers...

Apparently though the virus that was being reported to [livejournal.com profile] darthfox is apparently now officially the most virulent one to date... which is odd since I didn't even hear about it, but heard tons about the much ado about nothing that was the Blaster virus
Threaded | Top-Level Comments Only