Aces High Bulletin Board
General Forums => Aces High General Discussion => Topic started by: Gremlin on August 24, 2002, 01:19:20 PM
-
Guys,
Got a mail from Ripsnort with title 'gremlin, congratulations!' It contains I-Worm-Elkern virus, which proceeded to run riot through my system, totally screwing up my BoB frame 1. If you get this mail DO NOT EVEN PREVIEW IT.
I had turned off my virus scanner because I didnt want any other proggies runnin during BoB. That'll teach me. This virus infecteds .exe (executable) programs rapidly. You have been Warned.
Just want to be very clear, this infection WAS NOT Ripsnorts fault, rip is a victim of this virus, just as I am.
-
Eudora is a nice email client.
Outlook is a security hole.
-
Grem,
when you say "from Ripsnort", what email addy was it from exactly? I know Rip uses about 4.
(http://www.boomspeed.com/swoop/logo_small.jpg)
-
Rip--
Pls take my email addy out of your address book:D
-
Norton Antivirus is good to have. If you insist on using Outlook and exposing yourself unnecessarily to all these security vulnerabilities, the least you can do is get good AV (like Norton).
-
pft, I always knew that "Ripsnort" guy was dodgy, sheesh!
-
It's that damn klem virus again..
If you can put anything you want to attach on your own server space then send a link that's the better way.
I won't open attachments from anyone. This virus goes through your addr book and sends it from somebody you know. I'm sure Rip didn't do it intentionaly.
TOD and BOB CO's take note. Put all the maps and stuff on your own server space.
-
It is most definately his fault for not using AntiVirus software in this day and age. That he uses Outlook makes it that much more egregious.
-
I do have a really good virus scanner, AVG from grisoft it really is good and its free, BUT. Because I didnt want any other software running during the BoB frames I disabled it as I was not expecting to make any other internet connection other than to HTC server. Then I am told that there are some additional orders in the email! Ok I'll just have a quick shifty at those, big mistake. The rest is history. I spoke to rip last night and he seems to feel that its possible that this virus came from someone else who has rip in their address book. However I wonder if a virus could send mail from a users account without the password for that account.
Just to be clear, I was never ever suggesting that rip did anything un-to-ward, just want to be clear on that.
Chairboy, yes it was stupid of me to lower my guard like that. However, who can stand up honestly and say they have never done something like that too?? You were just lucky you got away with it.
Swoop: I daren't preview that mail again to find out. However I will be rebuilding that image sometime this week (the virus completely thrashed it). When I am building it I will check out which mail addy it was. (In case your wondering swoop, our little piece of co-op work;) is ok.) This thing seems to only infect .exes .dlls .scr etc.
-
Originally posted by Chairboy
It is most definately his fault for not using AntiVirus software in this day and age. That he uses Outlook makes it that much more egregious.
How do you know I use outlook????
-
Originally posted by Gremlin
How do you know I use outlook????
I spoke to rip last night and he seems to feel that its possible that this virus came from someone else who has rip in their address book. However I wonder if a virus could send mail from a users account without the password for that account.
These worms are usually outlook specific. Running executables attached to an email is stupid. Outlook lets some files do things to disguise thier true nature. Try eudora.
You don't need an account to SEND mail, only to receive. Trusting a from address is not a good idea. The only way to verify it came from the person who it claims to be from is to reply to them and ask, and have them reply to you again with your message. Because of the way email works, an SMTP(mail sending) server simply believes what it's told.
Checking email headers is a good idea for such emails. You can tell where the message originated, and if it came from an isp other than the one the message claims to be from, you know something is fishy. Also, any email sent from AOL will get an "X-Apparently-From:" header showing the senders REAL aol email.
-
... running "The Bat!" here - handsdown the best ever emailclient :) wonder if someone knows that one here...
outlook / office with broadband without firewall / antivirus on win98 / XP = big ouch
-
Run your Windows Updates. I also recommend ZoneAlarm (the Pro version - not the free one.)
-
Turbot, I got the free one, what does the pro one do the free one doesnt??
Thx
-
Originally posted by Gremlin
Turbot, I got the free one, what does the pro one do the free one doesnt??
Thx
http://www.zonealarm.com/store/content/company/products/znalm/comparison.jsp
-
In Ripsnort's defence, I would like to point out that this particular virus does not come from the person it appears to! It chooses the Sender's name at random from the address book, and sends to others in the same address book.... so, although it is somebody you know who is supposed to have sent the email, it will in fact be someone else who has you both in their address book.
I have had several incidences of this worm - all caught on the way in by Norton Anit-virus - and most coming from people I know; however, I have not laid into these people, as I know it hasn't actually come from them and they are as innocent victims as we are in receiving it.
Like Sveno, I also use TheBat and, in conjunction with Norton Anti-Virus, have a very safe system.
-
I go this email today - people are trying to be more clever and get you to circumvent your security (It did in fact have the virus attched and ready to rumble if you let it)
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.
Of course the "email me" was a link to a website with bad code in it too!
-
Thx Turbot,
Yes it seems ill part with the 50 bucks for the pro version, seems worth the few bucks, however I would still recommend to anyone that the free version is still better than no version.
Did I mention http://www.grisoft.com
V.Nice (and free) virus scanner. Certainly caught this virus (when I re-enabled it :D)
-
Originally posted by Flossy
I have not laid into these people, as I know it hasn't actually come from them and they are as innocent victims as we are in receiving it.
Flossy, Do you think I 'laid into' rip?? I certainly didnt mean to.
-
Originally posted by Gremlin
Flossy, Do you think I 'laid into' rip?? I certainly didnt mean to.
Sorry, Gremlin.... didn't mean it to sound like that! Absolutely not! I was just saying that I haven't responded to any of the emails I have received in this way, as I know they were not sent by who they appeared to be. Although you appeared to receive your email from Ripsnort, it does not follow that everyone else will..... they could appear to receive it from anybody else in the person's address book - even you! :) Did not in any way mean to imply you were 'laying into' Ripsnort! :o
-
I though as much flossy, just you and rip are two people I respect and I didnt want any misunderstanding:)
-
Same goes for you and Ripsnort from me!
:)
-
I spoke to rip last night and he seems to feel that its possible that this virus came from someone else who has rip in their address book.
Bah, don't listen to Rip. He'll be back in a few days posting a link to some conservative techie website that traces the virus back to the Clinton administration, heh.
-
Rule #1 of strange emails.
If it's written in engrish, and claims to come from a commercial organization or a friend of yours, just delete it.
I get a copy of klez every day or two sent to me. (Some aol jackoff who, even after being warned about it has done nothing.)