RE: Re: RE: VIRUS ON DML

From: William H. Hiatt III (william@hiatt.net)
Date: Sun May 13 2001 - 17:02:59 EDT


Ok.. Here's the scoop.

Kevin accidentally opened an e-mail attachment infected with an ever
infamous VBS scripting virus'. Outlook is vulernable to these because these
files are in essence, macros. The virus will then open the address book in
Outlook, and send itself to those addresses. Some just stay resident in the
system, automatically attaching themselves to all outgoing mail messages.
This would explain why it was sent to your home address. He either sent you
a mail directly or you were in his address book.

Outlook really is quarky when it's run out of the box. By applying the
security patches, and using some good ol' common sense, you will greatly
reduce your risk of having something like this happen. I believe Kevin did
not know about this. I've seen it happen to many times (Case and point, a
client of ours recently was affected by the latest Outlook virus. In a 24
hour window, my mail servers rejected over 1,000 mail messages)

Which brings me to my next point. Administrators running Exchange/Outlook
without some kind of attachment filtering, or virus software shoult be shot.
Now adays, since everybody has e-mail, you should and need to take the
necessary precautions. (E-mail gateways, attachment filtering, server side
message scanning) Would you leave your backdoor on your house wide open and
unlocked? No.

william

-----Original Message-----
From: owner-dakota-truck@BUFFNET.NET
[mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of Kevin Hoegen (MAGNUM
S/T)
Sent: Sunday, May 13, 2001 1:38 PM
To: dakota-truck-moderator@bent.twistedbits.net
Subject: DML: Re: RE: VIRUS ON DML

I thought about that Ron, but it was sent to my home email address. It also
had the DML thread and the message from this person specifically said "take
a look at the attachment"...also his(or her) email was a bogus one.

The only reason I mention it to the list is because this person obviously
has some type of connection with the DML and may try it on someone else
""Ronald Wong"" <ron-wong@home.com> wrote in message
news:NDBBIHDGKKJOIJDEOCBMGEDDEHAA.ron-wong@home.com...
> Kevin,
>
> It may be the person doesn't know he's infected. The virus is spreading
> using his MS Outlook without him knowing it. That's what happens with
most
> of these viruses. They propagate themselves. Then, after propagation,
some
> start destroying the system they're on. So please don't sling stuff until
> you know. WPG has been on the list for a while and I don't believe he
would
> knowingly do that. Besides that if it's a DML thread response how is
there
> an attachment on it? Jon doesn't let attachments go through.
>
> Ron
> 00 PB SLT QC 4X2 5.9 46RE 3.92 LSD
> For modifications see my DML Profile (URL follows)
> http://www.twistedbits.net/WWWProfile/dakota/Kw9pV1EkFeOYY
>
>
> -----Original Message-----
> From: owner-dakota-truck@BUFFNET.NET
> [mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of Kevin Hoegen (MAGNUM
> S/T)
> Sent: Sunday, May 13, 2001 9:33 AM
> To: dakota-truck-moderator@bent.twistedbits.net
> Subject: DML: VIRUS ON DML
>
>
> The following person has maliciously sent as EMAIL VIRUS to me via one of
> the threads we have been reading. As I believe this was sent
intentionally,
> I am warning my fellow DMLers!
>
> Person Who Snet virus: WPG [wpgottes@worldnet.att.net]
>
> Virus type: W32.Badtrans.13312@mm
>
> This individual specifically noted in the email to me to "take a look at
the
> attachment"...which was a virus. As I have Norton Antivirus 2001 with
proxy
> server, it identified the virus prior to me ever reading the message.
>
> Here's the message I recieved:
>
> 'Kevin Hoegen (MAGNUM S/T)' wrote:
> ====
> - Jon Smith is right. Unless you have been flushing the engine on a
regular
> - basis the buildup is "holding things together". If you were to do a
flush,
> - most probably you would have leaks everywhere.
> - "Sterling Dedic" <93DodgeDakota@excite.com> wrote in message
> - news:20763891.989632226089.JavaMail.imail@derby...
> - >
> - > I had my oil changed at Jiffy Lube (I know, but I had a cupon for a
free
> - oil
> - > change, so I figures I would save some work) when the t ...'
>
>
> > Take a look to the attachment.
>
> I don't yet know the individual, but I'm sure a few hacker friends of mine
> will be interested to know this butthole is sending virus attachments
> maliciously!
>
> Later all
> Oh and once again WPG...nice try
>
>



This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 12:01:28 EDT