New Virus

[Jeff Mottle]

Is anyone else getting slammed with this new virus that sends attachments with the titles: "Thank You", "Wicked Screen Saver", "my Details" etc.

 

My system is quarantining and deleting them all, but I must have received over 200 in the last 6 hours!!

[kainoa]

Yep,

 

Im getting all kinds of .PIF attachments. Not really keeping track, but I musta got 8 this past hour.

[Fran]

Hmmm...feeling left out of things. I haven't gotten anything like that. I wonder if they have web bugs - I have it set so that messages with web bugs are automatically deleted from the server. NAV hasn't nabbed anything either. Okay, now that I've jinxed things for myself, I get to join in on all the fun!

[Jeff Mottle]

Well this is the one I am getting W32/Sobig.f@MM

 

Nothing comes though my system though as my I have Zone Alarm set to scan all emails for anyhting that contains an attacment that could execute and quarantines it, then when Virus Scan sees it it deletes the attachment, then my SPAM filter trashes the email and clears it from the recycle bin. Like it never happened.

 

Add a few other tib bits of security and in over 40,000-50,000 emails over the past 2 years I have never caught anyhting...knocking on wood now.

 

That Blaster thing did not make it past my two firewalls so I was safe there too.

 

I'm curious, how tight are the rest of you locked up?

[Chad Warner]

I got slammed by the Sobig virus today, didn't catch anything, but received WAY too many emails with the .pif attachment. I was also lucky not to get hit with the Blaster virus.

 

As far as network security, I have a hardware firewall (router with NAT) and have been using the AVG antivirus software. So far been lucky.

 

-Chad

[Fran]

Originally posted by Jeff Mottle:

I'm curious, how tight are the rest of you locked up?

Hi Jeff,

 

I have a hardware firewall (router) with all ports closed. I also have Norton Antivirus and lots of email filtering.

[Ernest Burden III]

I'm curious, how tight are the rest of you locked up?

Well, I have the same Linksys router as you, Jeff, all ports shut tight, and Norton AV with auto definition updates.

 

But who knows, if the virus is an attachment it will get through a router, and if the def's aren't updated as fast as the viruses are written...

 

Oh, and I also pre-view email on the server, so I can delete all the crap before I DL any email. I see if there are attachments while its still on the server.

 

But no security system is perfect. But you have to try...

[Jeff Mottle]

Ok this is just getting ridicuous, over 400 emails today from this damn Klez virus! I think it should be mandatory that if you own a computer you install a virus scanner and keep it updated. If you don't and you were responsible for inadvertantly sending a virus you would get fined $10,000.

[RErender]

I'll jump in here too, I've gotten about 50 of these today and yesterday, also starting to get -This Message was undeliverable...- with my email even though I have not been infected. Most of the addresses are CG related seems as though a major CG database was infected. I have no idea how to stop them except to set a rule to send them to the trash.

 

Eric B

[Ernest Burden III]

also starting to get -This Message was undeliverable...- with my email even though I have not been infected.

I haven't seen much of the virus emails, but I have seen the 'undeliverables'. It was enough to make me stop working yesterday to let Norton do a full scan. I hope the def's are keeping pace with the virii.

 

Several times in the past I have had spammers use my email address, or one that 'works' on one of my domains. I really hate that. At the time I favored bombing Romania where the spams were set to direct victims--(I got a copy of the email that had been bounced back to me as the supposed sender). It is another form of identity theft. People who write viruses and trojan-horse spams really SUCK.

[quizzy]

well i got 15 e-mails, not all with attachments though. but all the subjects were like : "re:Thank you", "your info" etc... well, allthough my ports are all closed through a hardware firewall/router, there isn't much to do with these attachments, other than delete the emails... i'm using netscape mail BTW, and I think thats a little more secure than outlook or outlook express....

ah well.... we all know that opening a .pif file is asking for trouble, but what about all the "basic" users out there....

[psyanide]

I don't have any virus protection on my home PCs and the one I use all the time is the most stable computer I have ever seen. I haven't received any viruses by email there, and have only ever suffered from a virus once at home. Even then that was my own fault, I was looking for a video codec and clicked OK to whatever popped up. Turned out it wasn't a video codec. It dialled premium rate numbers in the background once I'd logged onto the net. Happened 3 times to me and twice when my wife was on-line. Cost me £80 in phone charges, but I had premium numbers blocked from my line, and just got kicked off the net when it tried to activate.

[Jeff Mottle]

I haven't received any viruses by email there, and have only ever suffered from a virus once at home.

How do you know you are not spreading viruses or have one now if you don't have a virus software? There are many viruses that spread without you knowing.

 

To give you an example: A few years ago the company I worked for was lax in updating their DAT files. Well we got a virus that shut down the entiere building for a day (Cost them about $150,000 I heard). I was one of the people that went to every machine to install the latest DAT and scan the system for viruses. Do you know how many had viruses that the user was not aware of? At least 70% of the 500-600 computers!

 

So moral of the story....you can have a virus and not know it. Now go out and buy some virus software like a responsible computer owner.

 

You should also download a software firewall too. I personally use Zone ALarm and there is a free version.(There are many others too) That would have prevented you from having a connection dial out without you knowing becuase you wuold have been warned that something was goign to connect to the net.

[mbr]

I've probably gotten about 200 or so with the PIF attachment at one address, but nothing at the other 4. Norton has caught them all and I've been scanning regularly and updating.

I haven't bought a firewall, though. I will soon (duh!) once I move and upgrade my hardware.

I am going to delete the email account altogether for a few days, and hope that does something (that's the best advice I could get from my host). Manually deleting each email would take ages. There's probably 600 waiting there for me! :ngesighw:

[Jeff Mottle]

Manually deleting each email would take ages. There's probably 600 waiting there for me! :ngesighw:

From someone who get's 50-60 emails a day (not including the 200-400 from this latest virus, I'll let you in on my "system" that I mention briefly above.

 

1. Email comes in and is checked for viruses by McAfee. If viruses are detected in an attachment it is set up to automatially delete the attachment.

 

2. If there was an attachment then the subject line get's changed to "EMAIL SCAN:VIRUS ALERT..."

I check for that in the subject line and if it's detected I have my spam filter (Outlook rules will also work) delete the message altogether. This way I never see it or have to waste time dealing with it.

 

3. I also have a few rules that look for attachments that conatin the extension .pif or .zlo and then deletes the message. This can't be done with Outlook rules so I use SpamInspector.

 

4. The reason I delete .zlo files is becuase Zone alarm is configured to change the extension of any attachment that contains an executible file to .zlo (like .exe, .bat, .pif etc) This way if McAfee misses is becuase the virus is too new or someone just for fun decides to sent me a malicious executibel I am am still protected.

 

In the last 4 months alone I have caught and deleted over 3000 spam emails with this system. There is not much that get's though anymore. Of course everything does still get downloaded, but I don't like the idea of having to use an app like mailwasher to check the server manually.

 

The only true way and most reliable to protect yourself from virus emails and spam is to use one of these new services. The service requires everyone that sends you an email to manually go the a site and confirm that you did send the email to that person by typing in the letters from a randomly generated graphic. Once you do this once the receipeint will continue to receive emails from you. I'd love to do this, but I rely on too many mass email lists for news.

[psyanide]

How do you know you are not spreading viruses or have one now if you don't have a virus software? There are many viruses that spread without you knowing.

The address book on my home PC is empty, and in order to get my emails from everywhere, I've recently redirected incoming emails through my hotmail account.

I used to have a full address book, and got tons of spam, but no-one ever told me they were getting junk emails from my account.

[mbr]

Thanks, Jeff, I appreciate the insite. I'll be printing that one out for use later on. I am planning on buying a new computer soon and will be getting a hardware firewall and will certainly look into your suggestions.

This is all relatively new to me, so I'll have to admit it's a little intimidating.

Ironically, I do not get ANY spam on the email account that I am getting the viruses from and I'd say I got one email every 4-5 days on it before. Must have been someone that I sent an email to ages ago.

 

I tried to set Norton up to quarantine the emails all at once, instead of having to do it manually, but couldn't figure it out (or if it is possible?). I'll have to look again. Same thing with Outlook, my rules aren't working. Although, I'll admit, it was a half hearted attempt (I never pay too much attention to MS stuff, just learn as I go).