ATTN: AMV Creator with a VIRUS

Garylisk · Post by **Garylisk** » Tue Oct 22, 2002 5:32 pm

is wonka on your ICQ list? in his profile, does he list his real email address? or maybe on his AIM profile? or anything else? the virus looks at instant messenger programs and other such things to find email addreses.

Garylisk · Post by **Garylisk** » Tue Oct 22, 2002 5:34 pm

AbsoluteDestiny wrote: 3) The person is probably american as the email I received came via netservers.net which is a LA-based company and originated from charter-stl.com

Crap, I use outlook, windows, and my ISP is charter-stl.com

Maybe I should scan for the cirus again, I might be the one sending out this stuff.... but I ran the removal tool yesterday and it said i was not infected. This is so confusing.

Red Wolf · Post by **Red Wolf** » Tue Oct 22, 2002 7:47 pm

Vegeta for president wrote:2. The hotmail server is infected and a lot of people are going to be screwed.

Aside from the fact that would suck for a lot of y'all that would EXTREMELY funny. I can just see the news blurp now...

trythil · Post by **trythil** » Tue Oct 22, 2002 10:26 pm

Vegeta for president wrote: 1. This is the smartest virus ever; It opens internet explorer, goes to hotmail, knows my login name and password (which are not cookied or saved anywhere), finds Wonka off of an email I once recieved by him (he's not in my adress book) and sends him a virus file I don't even have.

Nah, a smart virus would be one that propagated itself through printers via PostScript. This is theoretically possible on some printers, like a few HP models; if I recall correctly, they have a PostScript interpreter built into their (flashable) firmware.

Imagine the fun you could have with something like that.

Of course, I didn't respond in any useful way there, and I'm sure #1 was meant to be funny.

Most likely it's just some random psycho who has a lot of the more famous AMV creators' e-mail addresses in his Outlook databases for some reason. There's really nothing that can be done about it, except praying that whoever it is figures out that his b0x0rz have been 0wn3d.

oh yeah. Hey, AD, could you post the full headers, just in case somebody here is any good at tracking things down? They're not the best way to track somebody, but they can sometimes be useful.

Kusoyaro · Post by **Kusoyaro** » Mon Oct 28, 2002 10:58 am

I just got one from AXNY@spja.org

OmniStrata · Post by **OmniStrata** » Mon Oct 28, 2002 11:19 am

I'm virus immune since NOBODY EMAILS ME!

^_^

Legend Killer · Post by **Legend Killer** » Mon Oct 28, 2002 9:31 pm

There is also a very good, easy to use Anti Klez program here

Only 50k download.[/url]

Dannywilson · Post by **Dannywilson** » Tue Oct 29, 2002 3:51 am

Ok. Just a little explanation of how the klez virus works. It enters the affected persons comp, (By their own stupidity mind you. Ie opening attachments without scanning them and whatnot) it then searches their computer for email addresses in the outlook history and addy book, it then looks for them in the Explorer history and temp files directory. It takes random person A's addy, and sends a message with a copy of itself to random person B. meanwhile the original infected computer C has no idea this is happening. It repeats this process at random intervals with random addresses from the infected computer, or for even more fun, it makes the "From" addresses up using info it gathers, Ie: "Webmaster@yahoo.com", or "Services@animemusicvideos.org". These factors make it a very smart little piece of malicious programming, and very hard to track. It can even fiddle with your virus protection, so if you get a virus scanner after the fact, it can screw with it to make itself invisible to it.

dokidoki · Post by **dokidoki** » Tue Oct 29, 2002 2:50 pm

Dannywilson wrote:Just a little explanation of how the klez virus works. It enters the affected persons comp, (By their own stupidity mind you. Ie opening attachments without scanning them and whatnot)

Viruses in recent years use bugs in Microsoft products to auto-execute. You only have to read the email, not click on an attachment.

From http://www.microsoft.com/technet/treevi ... 01-020.ASP :
"Because HTML e-mails are simply web pages, IE can render them and open binary attachments in a way that is appropriate to their MIME types. However, a flaw exists in the type of processing that is specified for certain unusual MIME types. If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail."
(as the page explains, IE is used to render HTML in MS mailreaders)

This particular one is an old bug, but some people use old software.

Dannywilson · Post by **Dannywilson** » Tue Oct 29, 2002 6:21 pm

There is this little option in Outlook that lets you disable opening of any attachments, if you haven't turned this on DO IT NOW. In addition, there is another option to not show any messages as html, and show them as formatted text, TURN THIS ON. This will rectify those problems.