Aces High Bulletin Board
General Forums => Aces High General Discussion => Topic started by: hblair on March 21, 2001, 10:32:00 AM
-
I'm normally not of the 'virus scare' sort, but after 4 months of constant junk email ( and I mean junk, porn, get rich quick schemes, etc., etc.) I got a letter 2 nights ago. It said something like "The real story of snow white and the 7 dwarfs" figured it was some funny AVI from my brother or somethin. Like an idiot I opened it, didn't even see who it was from. It's the first virus I've picked up in abut 7-8 yrs on the web. PC fried, gotta research tonight how to get rid of it.
What's really troubling is the fact that the only people I exchange email with is my brother, sister and mom,...and all the people in this simm. But I do have it posted on my squad page, and in a couple of other places. Apparently some tardicus put me on a list a few months back, and thats where all the crap mail is coming from.
Anyways, this post is to warn you guys of the "7 dwarfs" virus letter from "hahaha". Don't open that muther, and, is there anyway to stop getting crap email other than changing your addy?
Thanks
[This message has been edited by hblair (edited 03-21-2001).]
-
2 of my squaddies have told me they have the virus email too. Beware.
-
I use an e-mail programm what reads the e-mails directly on the server without downloading it. If I find a mail what is suspicious to me i just delete it directly on the server.
A good one is the Avirmail (spam blocking included - freeware) and the Popcorn (very small and handy - freeware too)
And thanks for the warning (http://bbs.hitechcreations.com/smf/Smileys/default/smile.gif)
Sailor
-
Damn Hb, I got that virus email too. I accidentaly opened the email, but not the attachment. Comps ok so far, hope it stays that way. edit: just recieved your email, whew!
-
I recieved it as well, but deleted it as I got that familar gut feeling that something was not right...whew! (http://bbs.hitechcreations.com/smf/Smileys/default/smile.gif)
------------------
Ice
13thTAS
It's not the Big that kill the Small, but the Fast that kill the Slow!
-
Known virus that's been around for about a month. Sign up for the SARC newsletter; best source of virus info out there:
www.sarc.com (http://www.sarc.com)
PS never use Outlook, grab Eudora since it's a lot less prone to virus problems.
-----------------------
Flakbait [Delta6]
Delta 6's Flight School (http://www.worldaccessnet.com/~delta6)
Put the P-61B in Aces High
"For yay did the sky darken, and split open and spew forth fire, and
through the smoke rode the Four Wurgers of the Apocalypse.
And on their canopies was tattooed the number of the Beast, and the
number was 190." Jedi, Verse Five, Capter Two, The Book of Dweeb
(http://www.worldaccessnet.com/~delta6/htbin/delta6.jpg)
-
Couple of things...
Always run a virus scanner, and keep it updated. I run my own mail and web servers, and those also run the anti-virus programs, so we try to nip the bud so to speak, scanning the mail as it arrives and is spooled.
Keep your anti-viurus software updated. I happen to use Norton and like it best. I'm sure the other brands are just as good but Norton has served me best for years.
I know this does little good now, after the fact, but the only time I turn my anti-virus software off is to get online and play aces.
As for how the email address is divulged to these guys? Thank the folks at Network Solutions and others....if you own a domain (I have 12), your contact info (email, addres, etc) are all sold to spammers on a regular basis and the info is freely available just by doing a WHOIS on any domain.
I had the same problem with my AOL account I use for when I travel. All kinds of spam and junk, and they refused to stop it, so I forwarded it all to Steve Case, AOLs CEO. That got noticed, and I never had a spam message again (http://bbs.hitechcreations.com/smf/Smileys/default/smile.gif)
------------------
Paul J. Busiere
Aces High Arena handle: BD5Pilot
http://bd5.checksix.net (http://bd5.checksix.net)
BD-5 "T" (TurboProp) 90% complete, first flight in 2001 (We hope!)
-
got that one too .. but fortunately i'm not trusting any mails that come from folks i don't know and i deleted it right away ..
DW6
-
My wife got that one as well. I was cleaning out here mail store on the server using webmail and it hit my machine. My Norton caught it and no harm was done but was a scare.
-
There is a simple solution for Outlook users.
I use MS Outlook. Not Outlook Express the toy client, but the full Outlook that comes with Office 2k. There is a great little patch for Outlook here: http://office.microsoft.com/2000/downloaddetails/Out2ksec.htm (http://office.microsoft.com/2000/downloaddetails/Out2ksec.htm)
It just rips out anything that is on the list of "bad" attachements. The only downside is that if you are emailed executable attachements that you want to get via email, you need to get the sender to rename them first. It's not a big deal for me (even though I work at a software firm) and I never have to worry about getting a virus.
Problem solved for Outlook users. (http://bbs.hitechcreations.com/smf/Smileys/default/smile.gif)
------------------
Sean "Lephturn" Conrad - Aces High Chief Trainer
A proud member of the mighty Flying Pigs
http://www.flyingpigs.com
Check out Lephturn's Aerodrome (http://users.andara.com/~sconrad/) for AH articles and training info!
-
5 or 6 Sturmjaegers got it also. EDO got the warning out to everyone before anyone opened it. Pure luck and a tight nit bunch of guys saved the day for us.
Vati
-
Hi Vati (http://bbs.hitechcreations.com/smf/Smileys/default/smile.gif)
-soul-
------------------
Ice
13thTAS
It's not the Big that kill the Small, but the Fast that kill the Slow!
-
Do you just have to open the email or do you have to click on something in the email.
Reason for asking i got that email a few weeks ago and i dont remember if i clicked on it of just trashed it? What does the virus do?
/me get worried...
-
Hey HB
I ran off last night after you told us about the thing on squad channel.
I went afk before to help my older brother set up machine for hotmail. When I got it set up, I saw the above said email and figured it was from one of his friends.
I ran back to his apartment (phone line busy) and bolted upstairs - yep, he opened it, but Hotmail caught the virus before it could do any damage.
Seems like a popular bug going around
-
If you are using a mail reader with preview panes enabled, turn it off. It functions just like opening an email. One can accidentally "open" a suspect email this way.
-
Yep - turn off the preview pane. Also, don't forward in Outlook/Express as that opens the e-mail too. About the only thing you can do in Outlook/Express is go to properties and then view the message source. That will reveal the actual code of the message.
Leave it to the spammers and the virus kiddies to make e-mail almost as dangerous as unprotected sex.
---
PakRat
63rd FS, 56th FG
"Zemke's Wolfpack"
(http://home.att.net/~ahpakrat/pakrat.jpg)
"Juggies, dance us back in history!"
-
The virus you got was W32.hybris.gen. I posted a warning about this virus WAY back in December.
Get it cleaned off fast, it could seriously damage your computer. Norton can remove it if you have the newest updates.
(BTW: This is the virus that turns your gunsight white, messes up your sounds and views.)
------------------
bloom25
THUNDERBIRDS
-
Man, what kinda freak would go through this kind of trouble?
Virus Characteristics
When first executed, this worm tries to infect the WSOCK32.DLL file in the WINDOWS\SYSTEM directory. First it tries to infect the WSOCK32.DLL file directly. If it fails because the file is already in use, then it creates an infected copy on the WSOCK32.DLL in a new file. This new file goes by an extensionless filename made up of 8 random characters. A line is then created in the WININIT.INI file to rename this newly created file to WSOCK32.DLL, thus overwriting the original WSOCK32.DLL file. This change takes place the next time the system is booted. A registry value under Software\Microsoft\Windows\CurrentVersion\RunOnce\(default) is also created to run the worm at the next bootup, in case the previous attempts to infect WSOCK32.DLL fail.
The modified WSOCK32.DLL file watches all Internet activity and attempts to mail a copy of the worm, in the form of a .EXE or .SCR file, to any valid e-mail address sent over the Internet connection, whether part of a e-mail message, web page, or newsgroup posting. AVERT cautions all users to delete unexpected attachments. W32/Hybris.gen@M is sent unknowingly by the infected user.
This Internet worm originally downloaded encrypted update components from an Internet web site, similar to the method first used by W95/Babylonia, but the site hosting the virus was taken down. The original plugins were:
HTTP.DAT
NEWS.DAT
ENCR.DAT
PR0N.DAT
SPIRALE.DAT
SUB7.DAT
DOSEXE.DAT
AVINET.DAT
Currently this virus downloads plugins from alt.comp.virus. The virus contains an internal list of several news servers it can access. It searches the newsgroup for any plugins that it doesn't have, or has older versions of. Since the worm searches all Internet activity for e-mail addresses, people who post to alt.comp.virus using their real e-mail address may get many copies of the worm when Hybris searches alt.comp.virus for new plugins.
When a full moon occurs according to the computer's internal clock, the virus will randomly post its plugins to the alt.comp.virus newsgroup. It uses a mail-to-news gateway at anon.lcs.mit.edu to send plugins with a fake return address of root@microsoft.com.
This Internet worm contains the text:
HYBRIS
(c) Vecna
-
punt
-
Originally posted by Moose11:
Hey HB
I ran back to his apartment (phone line busy) and bolted upstairs - yep, he opened it, but Hotmail caught the virus before it could do any damage.
Hotmail, Yahoo or any free web based email account automatically scans attachments for viruses or anything that resembles a virus string and will notify you. Typically if it's a known virus, a big warning pops up and it won't immediately download the file without first warning the user.
Whenever someone I know buys their first PC and isn't very computer literate, I tell them to register for a free email account... it usually keeps them clean of viruses.
In the 8 years I've been using computers, I've never had a virus on my own computer. Luck of the draw or I just know what I'm doing, not really sure which. :-)
-SW
-
Originally posted by LePaul:
As for how the email address is divulged to these guys? Thank the folks at Network Solutions and others....if you own a domain (I have 12), your contact info (email, addres, etc) are all sold to spammers on a regular basis and the info is freely available just by doing a WHOIS on any domain.
I had the same problem with my AOL account I use for when I travel. All kinds of spam and junk, and they refused to stop it, so I forwarded it all to Steve Case, AOLs CEO. That got noticed, and I never had a spam message again (http://bbs.hitechcreations.com/smf/Smileys/default/smile.gif)
Forwarded it to the CEO ! Nice job ! (http://bbs.hitechcreations.com/smf/Smileys/default/biggrin.gif)
Like you say..
-always use AND update your virus scanner.
-like your mom said "you don't know where it's been" so don't open it unless you do.
Just because it came from a friend doesn't mean they sent it.
It could just be a virus using your friend's address book.
If you don't expect the file, don't open it. Check with who sent it.
Scan every damn file you get or download.
I got a patch from a commercial site and found that it was infected, so don't assume that legit files are O.K.
How to avoid Spam email....
Keep a few accounts.
One for trusted individuals.
One for other individuals
One for a junk account.
never put your main email address on any website. (THere are apps that search the net for any email address and add them to a database)
-Many free sites sell your email address.
-those FREE e-cards are a great way for companies to collect email addresses to sell
- don't reply to those "remove me from your list" emails. (most of these are just a way of testing which emnails are valid, by replying, your are letting them know the email address is valid and you get ADDED to a list NOT REMOVED.
-Join "www.spamcop.net". A site dedicated to stopping spam. (includes tools to report spammers to their ISPs)
bottom line: if your email is on a inscure web page,or you sent it to a site, then some email database now has it, and it has been sold to spammers.
(think bbs sigs)
one way of avoiding this is
by posting your email as
blah@hotmail.com.nospam
as opposed to blah@hotmail.com
that way a human can figure out how to email you but a email bot cannot.
It is prefered to put the 'nospam' text as the last entry, otherwise an email server, or domain server will have to check if it's valid.
In this case there is no domain called nospam so the email doesn't even go to the .com domain at all
This obviously doesn't work for signup forms processed by machines, or boards like this one. The solution for that is to create a throw away account that you change every month, and use it for sites like the AH board.
BTW
I have been able to keep my main email account free from spam for 3 years and counting. (http://bbs.hitechcreations.com/smf/Smileys/default/biggrin.gif)
HBLAIR: Sorry to hear about it (http://bbs.hitechcreations.com/smf/Smileys/default/frown.gif) that does really suck.
the only way to stop spam is never let them get your email address.
once they have it, the only option is to change it or put up with the spam.
Once you change it, be very wary of who you give it out to, or where you post it.
Good Luck
Snoopi
[This message has been edited by Snoopi (edited 03-23-2001).]
-
Got this months ago and deleted it immediately. No one I know sends .scr files.
I use Outlook Express and have always survived in the past. I just don't automatically open these things.
------------------
Voss
13th TAS
-
Most of the new virus auto send to every one in you address book all ways check attachments with virus checker before you load them u should have no problems if you follow this. I use 2 diffrent ones mcfree and InoculatIt. got InoculatIt from. www.rocketdownload.com. (http://www.rocketdownload.com.)
------------------
[This message has been edited by NHMadmax (edited 03-23-2001).]
-
I got this exact same file sent from some guy called hahaha about six months ago.....just after I had got a new email addy, and the ONLY place anyone could have got it from was this board, as far as I am aware.
I had to format C: to get rid of it.....the only things I could see that it actually did was remove gunsight picture and sound from Aces High.
Another suss bit is there is a guy playin' AH that goes by the handle hahaha, not blaming him, whoever it may be, it just all seems a little bit TOO coincidental to me.
<S> Blue
-
received the snow white email several times. Something told me, "that has just got to be a virus." so I always deleted the message...