Re: COMP: Virus -Bogus (STEVE)

Thanks Steve

I do have Norton on my machine and all my email attachments are
scanned through McAfee, but I did run into a situation a couple of months
ago that I was receiving email messages about my PC being infected (in
reply to an email message that I supposedly sent).  Of course I didn't know
what was going on so I deleted their messages thinking "they" were the ones
spreading the virus, and then checked my machine for viruses.

I noticed Linda M asking about someone 'stealing' your email address a while
back as well.

Thanks for explaining this.

Sandra

Steve Szabo wrote:

> Sandra,
>
> That is correct.  However, it does not spoof the IP address of the machine
> from which the mail is sent.  Since mail programs only use the return
> address for a reply (such as this reply going to Yahoo! Groups iris-talk
> list rather than somewhere else) irate messages can be sent to you about
> spreading a virus.  I've had to change the response in several anti-virus
> installs at client sites so that it reflects the current state of things,
> i.e. the spoofed address.  The only way to track down the offending machine
> is to try to trace back through the e-mail header.  There are several
> programs that will parse the header for you (Sam Spade is one), but, since
> most people do not have a static IP address, and use a largish ISP, it can
> be like finding a needle in a haystack.  You may be fortunate, if you track,
> to find the ISP and be able to narrow the possibilities down to one of
> several people you know to have your address.  However, this is not
> foolproof.  The virus may have originated from someone else who happens to
> have your address because one of your "suspects" on your list may have
> forwarded them a joke you had sent, or some other piece of mail that
> included your address.  Or, as in the case of this list, a copy of a message
> you sent to it is residing on the infected machine.
>
> There is not much one can do about this other than to urge everyone to get a
> decent anti-virus program, and keep it up to date.  The tag at the bottom of
> this message shows that this message has been checked on its way out of
> here.  If you follow the link provided, the product is available in a free
> version that lacks some of the bells and whistles of the version you
> actually pay for.  If one feels they cannot afford a virus checker, or they
> don't want to pay for one--give this one a whirl.  I've tried to get some
> viruses through it, and it has caught each one.
>
> Also, as a double check, one may wish to make use of a free online scan
> available at http://housecall.antivirus.com/.  This is not meant to be the
> be all and end all of scanners, but serves as a handy double check for your
> machine.  I use it about once a month.  Works best with IE.  Modem users may
> have some problems getting it up and running the first time (at least that
> has been my experience, and it does not affect all modem users, just some).
> Just follow the directions, and go.
>
> A few other tips.  If you use Outlook in any of its forms, disable the
> preview pane.  If there is a virus or trojan embedded in the e-mail shown in
> the preview pane, it will run as if you have opened the message.
>
> If you have the option of opening the next e-mail after disposing of the
> current one, do not use the option.  You could accidentally set a virus or
> trojan loose on your machine.
>
> Never open any attachments you are not expecting.  Even if it is from your
> mother.  Always save the attachment, and scan it prior to opening.  Usually,
> the best way is just not to open it, and delete it.
>
> \\Steve//
> who is finally hoping to have time to do up a Linux machine this weekend]
> Zone 6/7 No. VA, USA
>
> -----Original Message-----
> From: Sandra Barss [b*@mb.sympatico.ca]
> Sent: Friday, June 07, 2002 7:58 AM
> To: iris-talk@yahoogroups.com
> Subject: Re: [iris-talk] COMP: Virus -Bogus (STEVE)
>
> Do I understand you correctly that if someone has my email address on their
> PC
> in
> any form, the virus can use my address as if I sent the email, but really
> the
> email came from the infected machine ?
>
> Sandra
>
> Steve Szabo wrote:
>
> > Cathy,
> >
> > That e-mail was not from "billmaryott@home.com".  home.com no longer
> exists.
> > That email contained one of the variants of the KLEZ virus that is making
> > the rounds again and again.  One of the things it does is to spoof the
> > return address by choosing an address at random from those found on the
> > infected computer.  You may be able to track down who it came from by
> > tracing the IP address of the sending computer found in the header of the
> > message, but I cannot tell you how to do so with AOL mail since they have
> > such a weird way of handling their mail.
> >
> > This virus is also interesting in that it will pick addresses not only
> from
> > the address book, but from any file that has addresses stored in them.
> This
> > may be from a cached web page, a file with e-mail addresses in it, etc.
> It
> > also uses its own SMTP engine to send the messages so the infected person
> > will not see the messages sent in their sent items folder of their e-mail
> > program.  The only real clue, besides a slowing of the normal processing
> of
> > files is extraordinary usage of the internet connection (and since most
> > people no longer have an external modem, which I highly recommend, they
> > never see all that activity).
> >
> > Bottom line is that bill and mary are not the ones who sent the
> > e-mail--someone else did who had their now defunct address and your
> address
> > on their computer.
> >
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.370 / Virus Database: 205 - Release Date: 6/5/2002
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/


 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index