Be Careful Of Mail From Ripsnort

[Gremlin]

Guys,

Got a mail from Ripsnort with title 'gremlin, congratulations!'  It contains I-Worm-Elkern virus, which proceeded to run riot through my system, totally screwing up my BoB frame 1. If you get this mail DO NOT EVEN PREVIEW IT.

I had turned off my virus scanner because I didnt want any other proggies runnin during BoB.  That'll teach me.  This virus infecteds .exe (executable) programs rapidly.  You have been Warned.

Just want to be very clear, this infection WAS NOT Ripsnorts fault, rip is a victim of this virus, just as I am.

[Innominate]

Eudora is a nice email client.

Outlook is a security hole.

[Swoop]

Grem,

when you say "from Ripsnort", what email addy was it from exactly?  I know Rip uses about 4.

[-ammo-]

Rip--

Pls take my email addy out of your address book:D

[Chairboy]

Norton Antivirus is good to have.  If you insist on using Outlook and exposing yourself unnecessarily to all these security vulnerabilities, the least you can do is get good AV (like Norton).

[Saintaw]

pft, I always knew that "Ripsnort" guy was dodgy, sheesh!

[10Bears]

It's that damn klem virus again..

If you can put anything you want to attach on your own server space then send a link that's the better way.

I won't open attachments from anyone. This virus goes through your addr book and sends it from somebody you know. I'm sure Rip didn't do it intentionaly.

TOD and BOB CO's take note. Put all the maps and stuff on your own server space.

[Chairboy]

It is most definately his fault for not using AntiVirus software in this day and age.  That he uses Outlook makes it that much more egregious.

[Gremlin]

I do have a really good virus scanner, AVG from grisoft it really is good and its free, BUT.  Because I didnt want any other software running during the BoB frames I disabled it as I was not expecting to make any other internet connection other than to HTC server. Then I am told that there are some additional orders in the email!  Ok I'll just have a quick shifty at those, big mistake.  The rest is history.  I spoke to rip last night and he seems to feel that its possible that this virus came from someone else who has rip in their address book.  However I wonder if a virus could send mail from a users account without the password for that account.

Just to be clear, I was never ever suggesting that rip did anything un-to-ward, just want to be clear on that.

Chairboy, yes it was stupid of me to lower my guard like that.  However, who can stand up honestly and say they have never done something like that too??  You were just lucky you got away with it.

Swoop:  I daren't preview that mail again to find out.  However I will be rebuilding that image sometime this week (the virus completely thrashed it).  When I am building it I will check out which mail addy it was.  (In case your wondering swoop, our little piece of co-op work;) is ok.)  This thing seems to only infect .exes .dlls .scr etc.

[Gremlin]

Originally posted by Chairboy
It is most definately his fault for not using AntiVirus software in this day and age.  That he uses Outlook makes it that much more egregious.

How do you know I use outlook????

[Innominate]

Originally posted by Gremlin


How do you know I use outlook????

 I spoke to rip last night and he seems to feel that its possible that this virus came from someone else who has rip in their address book. However I wonder if a virus could send mail from a users account without the password for that account.

These worms are usually outlook specific.  Running executables attached to an email is stupid.  Outlook lets some files do things to disguise thier true nature.  Try eudora.

You don't need an account to SEND mail, only to receive.  Trusting a from address is not a good idea.  The only way to verify it came from the person who it claims to be from is to reply to them and ask, and have them reply to you again with your message.  Because of the way email works, an SMTP(mail sending) server simply believes what it's told.

Checking email headers is a good idea for such emails.  You can tell where the message originated, and if it came from an isp other than the one the message claims to be from, you know something is fishy.  Also, any email sent from AOL will get an "X-Apparently-From:" header showing the senders REAL aol email.

[sveno]

... running "The Bat!" here - handsdown the best ever emailclient wonder if someone knows that one here...

outlook / office with broadband without firewall / antivirus on win98 / XP = big ouch

[Turbot]

Run your Windows Updates.  I also recommend ZoneAlarm (the Pro version - not the free one.)

[Gremlin]

Turbot,  I got the free one, what does the pro one do the free one doesnt??

Thx

[Turbot]

Originally posted by Gremlin
Turbot,  I got the free one, what does the pro one do the free one doesnt??

Thx

http://www.zonealarm.com/store/content/company/products/znalm/comparison.jsp