Re: BCC email virus

[Meritt James]

Right. That is a way they may be run.  Don't do that.  Not that big a
thing to modify your own configuration.

V/R

Jim

John Daniele wrote:
> 
> > Why just don't run emailed executables?
> 
> Because for as long as you are running an email client that interprets
> vb/java/lotus/*scripting code, you are at risk. There have been cases
> where executable code is automatically run simply by clicking on the
> message as opposed to running it manually. I've also seen one one case
> where the executable was executed accidently by buggy code implemented
> as a part of the email client's export-attachment function.
> 
> --
> John Daniele
> Technical Security & Intelligence
> Toronto, ON
> Voice: (416) 605-2041
> Email: [EMAIL PROTECTED]
> Web:   http://www.tsintel.com
> --

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

Re: BCC email virus

[Meritt James]

Works for me.  I've never been infected in the last decade and a half. 
And I know how to read, so I don't need (or want) these bells and
whistles going off.  A coworker down the hall and I share amusing
stories about those who do - he keeps reminding me that there are a
bunch of "less security aware" newbies around that keep 'em spreading.

ah well...

V/R

Jim

John Daniele wrote:
> 
> Heh, I guess I didn't read the thread previous to yours.. IMO, that's
> exactly what you should do. Uninterpreted plaintext can rarely hurt you!
> 
> :-)
> 
> --
> John Daniele
> Technical Security & Intelligence
> Toronto, ON
> Voice: (416) 605-2041
> Email: [EMAIL PROTECTED]
> Web:   http://www.tsintel.com
> --
> 
> On Wed, 30 Jan 2002, Meritt James wrote:
> 
> > So why not simply disable the association to interpreters (including
> > VBS, of course) and modifying the configuration of your whatever reader
> > not to do that?
> >
> > John Daniele wrote:
> > >
> > > > Why just don't run emailed executables?
> > >
> > > Because for as long as you are running an email client that interprets
> > > vb/java/lotus/*scripting code, you are at risk. There have been cases
> > > where executable code is automatically run simply by clicking on the
> > > message as opposed to running it manually. I've also seen one one case
> > > where the executable was executed accidently by buggy code implemented
> > > as a part of the email client's export-attachment function.
> > >
> > > --
> > > John Daniele
> > > Technical Security & Intelligence
> > > Toronto, ON
> > > Voice: (416) 605-2041
> > > Email: [EMAIL PROTECTED]
> > > Web:   http://www.tsintel.com
> > > --
> >
> > --
> > James W. Meritt CISSP, CISA
> > Booz | Allen | Hamilton
> > phone: (410) 684-6566
> >

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

Re: BCC email virus

[John Daniele]

Heh, I guess I didn't read the thread previous to yours.. IMO, that's
exactly what you should do. Uninterpreted plaintext can rarely hurt you!

:-)

--
John Daniele
Technical Security & Intelligence
Toronto, ON
Voice: (416) 605-2041
Email: [EMAIL PROTECTED]
Web:   http://www.tsintel.com
--


On Wed, 30 Jan 2002, Meritt James wrote:

> So why not simply disable the association to interpreters (including
> VBS, of course) and modifying the configuration of your whatever reader
> not to do that?
>
> John Daniele wrote:
> >
> > > Why just don't run emailed executables?
> >
> > Because for as long as you are running an email client that interprets
> > vb/java/lotus/*scripting code, you are at risk. There have been cases
> > where executable code is automatically run simply by clicking on the
> > message as opposed to running it manually. I've also seen one one case
> > where the executable was executed accidently by buggy code implemented
> > as a part of the email client's export-attachment function.
> >
> > --
> > John Daniele
> > Technical Security & Intelligence
> > Toronto, ON
> > Voice: (416) 605-2041
> > Email: [EMAIL PROTECTED]
> > Web:   http://www.tsintel.com
> > --
>
> --
> James W. Meritt CISSP, CISA
> Booz | Allen | Hamilton
> phone: (410) 684-6566
>

Re: BCC email virus

[John Daniele]

> Why just don't run emailed executables?

Because for as long as you are running an email client that interprets
vb/java/lotus/*scripting code, you are at risk. There have been cases
where executable code is automatically run simply by clicking on the
message as opposed to running it manually. I've also seen one one case
where the executable was executed accidently by buggy code implemented
as a part of the email client's export-attachment function.


--
John Daniele
Technical Security & Intelligence
Toronto, ON
Voice: (416) 605-2041
Email: [EMAIL PROTECTED]
Web:   http://www.tsintel.com
--

Re: BCC email virus

[Meritt James]

So why not simply disable the association to interpreters (including
VBS, of course) and modifying the configuration of your whatever reader
not to do that?

John Daniele wrote:
> 
> > Why just don't run emailed executables?
> 
> Because for as long as you are running an email client that interprets
> vb/java/lotus/*scripting code, you are at risk. There have been cases
> where executable code is automatically run simply by clicking on the
> message as opposed to running it manually. I've also seen one one case
> where the executable was executed accidently by buggy code implemented
> as a part of the email client's export-attachment function.
> 
> --
> John Daniele
> Technical Security & Intelligence
> Toronto, ON
> Voice: (416) 605-2041
> Email: [EMAIL PROTECTED]
> Web:   http://www.tsintel.com
> --

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

RE: BCC email virus

[John Herron]

Just for the record, when I used to use this Anti-Virus (well, when I tried it out to 
work around some ex-company AV problems) it used to pick itself up as a virus if using 
heuristic scanning.  Despite attempts to contact them I believe I received no response 
and saw no progress so I left them.  

Their product looks completely different from back then (98/99) and I'm sure it is 
much improved, but I was unimpressed by service, abilities, and claims that I thought 
were overrated.  I haven't heard any responses recently but I have seen a few friends 
start using it again.

- John

>>> "Lemanski, Lahoma J." <[EMAIL PROTECTED]> 01/28/02 01:08PM >>>
I use AVG antivirus, it is free, and will pick up viruses that both Norton
and McAffee will miss. I have never had a virus get loose on my machine
while using this program. Has active email scanning, and Heuristic analysis
capabilities. Works great, got 5 stars from zdnet, and best of all it is
free. Updates are free as well. Go to www.grisoft.com to get it.
Lahoma Lemanski  
 
 Use  
 _o)Linux (o_ 
 //\  (o_   (o_   //\  
 U_/_ (/)_  (\)_  V_/_ 
The Ultimate in Antivirus Protection


>snip
I suggest that you try downloading, and installing another anti virus
scanner.  You never can have enough protection.

RE: BCC email virus

[Arjen De Landgraaf]

Only problem is that, once you are infected, the latest virus (XXparty)
seems to check 
your own email address and its SMTP routine does not propagate to yourself.
Can still do it using an empty contact list, except for an alias address to
yourself.
Some newer viruses only propagate to unread messages too.
The !000 is regarded as a hoax.

-Original Message-
From: McDonald Patrick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 30, 2002 7:55 AM
To: Vincent Lee; [EMAIL PROTECTED]
Subject: RE: BCC email virus


You can test it yourself, if you want.

Simply put the Worm Alert address in an email sent to yourself. See if you
get a copy of the email.

Pat

-Original Message-
From: Vincent Lee [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 1:52 PM
To: [EMAIL PROTECTED]
Subject: Re: BCC email virus


Over the years, I have read mixed reasonings as to whether or not the fix
proposed below works. In theory, it makes sense. Can someone convince me,
without a doubt, which way? Thanks in advance.

Vincent

- Original Message -

Here's what you do: First, Open your Address Book and click on "New Contact"
just as you would do if you were adding a new friend to your list of E-mail
addresses.  In the window where you would type your friend's first name,
type in !000 (That's an exclamation mark followed by 3 zeros).  In the
window below where it prompts you to enter the new E-mail address, type in
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

- End Original Message -

RE: BCC email virus

[Petre Daniel]

i use RAV with redhat sendmail and it stopped it..
www.ravantivirus.com its open licensed
At 02:08 PM 1/28/02 -0500, Lemanski, Lahoma J. wrote:
>I use AVG antivirus, it is free, and will pick up viruses that both Norton
>and McAffee will miss. I have never had a virus get loose on my machine
>while using this program. Has active email scanning, and Heuristic analysis
>capabilities. Works great, got 5 stars from zdnet, and best of all it is
>free. Updates are free as well. Go to www.grisoft.com to get it.
>Lahoma Lemanski
>
>  Use
>  _o)Linux (o_
>  //\  (o_   (o_   //\
>  U_/_ (/)_  (\)_  V_/_
>The Ultimate in Antivirus Protection
>
>
> >snip
>I suggest that you try downloading, and installing another anti virus
>scanner.  You never can have enough protection.

Petre L. Daniel,System Administrator,
Canad Systems Pitesti SRL Romania
http://www.cyber.ro email:[EMAIL PROTECTED]
tel:+4048206200,+4048206201

RE: BCC email virus

[McDonald Patrick]

In response to Mark Palmer's message, setting up a false address will not
prevent a virus from spreading.  Rather it will merely inform the user a
virus attempted to mail itself to a false address.  Email sends a seperate
copy of itself to everyone on its list, it matters not whether the first,
second, or nth address is wrong.  Copies get sent to all valid addresses.

-Original Message-
From: Meritt James [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 1:20 PM
To: Mark Palmer CCNA
Cc: 'Chris Coakley'; [EMAIL PROTECTED]
Subject: Re: BCC email virus


Why just don't run emailed executables?

"Mark Palmer, CCNA" wrote:
>
> I have not heard of that particular exploit (yet).  However I have heard
of
> a way that may prevent the spread of viruses via email.
>
> What do you think about the following method to "prevent" a virus from
doing
> its work
>
> "As you may know, when/if a Worm Virus gets into your computer it heads
> straight for your E-mail Address Book and sends itself to everyone in
there,
> thus infecting all your friends and associates. This trick won't keep the
> virus from getting into your computer, but it will stop it from using your
> address book to spread further, and it will alert you to the fact that the
> worm has gotten into your system.
>
> Here's what you do: First, Open your Address Book and click on "New
Contact"
> just as you would do if you were adding a new friend to your list of
E-mail
> addresses.  In the window where you would type your friend's first name,
> type in !000 (That's an exclamation mark followed by 3 zeros).  In the
> window below where it prompts you to enter the new E-mail address, type in
> <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
>
> Then complete everything by clicking: Add, Enter, OK, etc.
>
> Now, here's what you've done and why it works: The name "!000" will be
> placed at the top of your address book as entry #1.
>
> This will be where the worm will start in an effort to send itself to all
> your friends.  But when it tries to send itself to !000, it will be
> undeliverable because of the phony E-mail address you entered
> ([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ).  If the first attempt
fails
> (which it will because of the phony address), the worm goes no further and
> your friends will not be infected.
>
> Here's the second great advantage of this method: If an E-mail cannot be
> delivered, you will be notified of this in your Inbox almost immediately.
>
> Hence, if you ever get an E-mail telling you that an E-mail addressed to
> WormAlert could not be delivered, you know right away that you have the
Worm
> Virus in your system.  You can then take necessary steps to get rid of
it!"
>
> -Original Message-
> From: Chris Coakley [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 25, 2002 1:36 PM
> To: [EMAIL PROTECTED]
> Subject: BCC email virus
>
> Sorry to bother you, but I can't find this on Symantic or related sites...
>
> A fellow employee was checking his email today and became infected with a
> virus that appears to have the following characteristic: When he emails
> someone, it BCC's the message to the previous person he sent a legit email
> to.
>
> Also, he said outlook froze on him while he was doing his ritual
forwarding
> of humor emails this morning.
>
> Norton AV doesn't detect anything. We are in the process of comparing his
> profile to what was there at the last backup, but I was curious if anyone
> had heard of this.
>
> Thanks,
> Chris Coakley

--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

RE: BCC email virus

[McDonald Patrick]

You can test it yourself, if you want.

Simply put the Worm Alert address in an email sent to yourself. See if you
get a copy of the email.

Pat

-Original Message-
From: Vincent Lee [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 1:52 PM
To: [EMAIL PROTECTED]
Subject: Re: BCC email virus


Over the years, I have read mixed reasonings as to whether or not the fix
proposed below works. In theory, it makes sense. Can someone convince me,
without a doubt, which way? Thanks in advance.

Vincent

- Original Message -

Here's what you do: First, Open your Address Book and click on "New Contact"
just as you would do if you were adding a new friend to your list of E-mail
addresses.  In the window where you would type your friend's first name,
type in !000 (That's an exclamation mark followed by 3 zeros).  In the
window below where it prompts you to enter the new E-mail address, type in
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

- End Original Message -

RE: BCC email virus

[Snow, Corey]

> -Original Message-
> From: Vincent Lee [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 28, 2002 10:52 AM
> To: [EMAIL PROTECTED]
> Subject: Re: BCC email virus
> 
> 
> Over the years, I have read mixed reasonings as to whether or 
> not the fix
> proposed below works. In theory, it makes sense. Can someone 
> convince me,
> without a doubt, which way? Thanks in advance.
> 
> Vincent
> 

It is better to practice safe computing and secure your system against such
attacks than it is to use such a technique as described. It's far better to
prevent an infection from occuring than it is to use something like a false
email address to catch worms sending to your address book. The problem with
such an approach is that by the time the worm hits your trap address, you're
already infected. Besides, why should the worm stop after failing to send to
the first address?

Secure your system, use antivirus software and keep up on the patches for
your mail client. It isn't very difficult. Conversely, you might consider
switching to an email product that isn't likely to be vulnerable to the
constant flood of attacks targeting Outlook/Outlook Express. Worms that can
propogate through other email clients are extremely rare.

And as someone else mentioned, if you don't want to be hit by email worms,
don't open executable attachments unless you're absolutely certain they're
safe. Use common sense, and you can easily remove the need to have a munged
address at the top of your address book, which would be effectively useless
anyway.

Corey Snow

#
The information contained in this e-mail and subsequent attachments may be privileged, 
confidential and protected from disclosure.  This transmission is intended for the 
sole 
use of the individual and entity to whom it is addressed.  If you are not the intended 
recipient, any dissemination, distribution or copying is strictly prohibited.  If you 
think that you have received this message in error, please e-mail the sender at the 
above 
e-mail address.
#

RE: BCC email virus

[Wood, Richard]

Mark,

What you have described is a chain letter that seems to have been doing the
rounds for some time, but is actually of very limited use, and could end up
doing more harm than good. Have a look at this
http://antivirus.about.com/library/weekly/aa082801b.htm
to  see the full details. I think the only way we can try and contain these
threats are to keep the AV scanner bang up to date, and educate our users
(the hardest part!).

Richard

-Original Message-
From: Mark Palmer, CCNA [mailto:[EMAIL PROTECTED]]
Sent: 28 January 2002 13:16
To: 'Chris Coakley'; [EMAIL PROTECTED]
Subject: RE: BCC email virus


I have not heard of that particular exploit (yet).  However I have heard of
a way that may prevent the spread of viruses via email.  

What do you think about the following method to "prevent" a virus from doing
its work

"As you may know, when/if a Worm Virus gets into your computer it heads
straight for your E-mail Address Book and sends itself to everyone in there,
thus infecting all your friends and associates. This trick won't keep the
virus from getting into your computer, but it will stop it from using your
address book to spread further, and it will alert you to the fact that the
worm has gotten into your system.

Here's what you do: First, Open your Address Book and click on "New Contact"
just as you would do if you were adding a new friend to your list of E-mail
addresses.  In the window where you would type your friend's first name,
type in !000 (That's an exclamation mark followed by 3 zeros).  In the
window below where it prompts you to enter the new E-mail address, type in
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

Then complete everything by clicking: Add, Enter, OK, etc.

Now, here's what you've done and why it works: The name "!000" will be
placed at the top of your address book as entry #1. 

This will be where the worm will start in an effort to send itself to all
your friends.  But when it tries to send itself to !000, it will be
undeliverable because of the phony E-mail address you entered
([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ).  If the first attempt fails
(which it will because of the phony address), the worm goes no further and
your friends will not be infected.

Here's the second great advantage of this method: If an E-mail cannot be
delivered, you will be notified of this in your Inbox almost immediately.

Hence, if you ever get an E-mail telling you that an E-mail addressed to
WormAlert could not be delivered, you know right away that you have the Worm
Virus in your system.  You can then take necessary steps to get rid of it!"

-Original Message-
From: Chris Coakley [mailto:[EMAIL PROTECTED]] 
Sent: Friday, January 25, 2002 1:36 PM
To: [EMAIL PROTECTED]
Subject: BCC email virus


Sorry to bother you, but I can't find this on Symantic or related sites...

A fellow employee was checking his email today and became infected with a
virus that appears to have the following characteristic: When he emails
someone, it BCC's the message to the previous person he sent a legit email
to.

Also, he said outlook froze on him while he was doing his ritual forwarding
of humor emails this morning.

Norton AV doesn't detect anything. We are in the process of comparing his
profile to what was there at the last backup, but I was curious if anyone
had heard of this.

Thanks,
Chris Coakley

_
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/



The information in this message is confidential and may
be legally privileged. It is intended solely for the
addressee. Access to this message by anyone else is
unauthorised. If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or
omitted to be taken in reliance on it, is prohibited and
may be unlawful.

The registered office of Wellington Underwriting plc is
88 Leadenhall Street, London, UK   EC3A 3BA.
 

_
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/

Re: BCC email virus

[Catfish]

This doesn't work all that great (if at all), see
http://www.snopes2.com/computer/virus/quickfix.htm

> I have not heard of that particular exploit (yet).  However I have heard
of
> a way that may prevent the spread of viruses via email.
>
> What do you think about the following method to "prevent" a virus from
doing
> its work

> Here's what you do: First, Open your Address Book and click on "New
Contact"
> just as you would do if you were adding a new friend to your list of
E-mail
> addresses.  In the window where you would type your friend's first name,
> type in !000 (That's an exclamation mark followed by 3 zeros).  In the
> window below where it prompts you to enter the new E-mail address, type in
>  [EMAIL PROTECTED]

RE: BCC email virus

[Lemanski, Lahoma J.]

I use AVG antivirus, it is free, and will pick up viruses that both Norton
and McAffee will miss. I have never had a virus get loose on my machine
while using this program. Has active email scanning, and Heuristic analysis
capabilities. Works great, got 5 stars from zdnet, and best of all it is
free. Updates are free as well. Go to www.grisoft.com to get it.
Lahoma Lemanski  
 
 Use  
 _o)Linux (o_ 
 //\  (o_   (o_   //\  
 U_/_ (/)_  (\)_  V_/_ 
The Ultimate in Antivirus Protection


>snip
I suggest that you try downloading, and installing another anti virus
scanner.  You never can have enough protection.

RE: BCC email virus

[Su Wadlow]

--On Monday, January 28, 2002 7:16 AM -0600 "Mark Palmer, CCNA" 
<[EMAIL PROTECTED]> wrote:

> What do you think about the following method to "prevent" a virus
> from doing its work
>
> Here's what you do: First, Open your Address Book and click on "New
> Contact" just as you would do if you were adding a new friend to your
> list of E-mail addresses.  In the window where you would type your
> friend's first name, type in !000 (That's an exclamation mark
> followed by 3 zeros).  In the window below where it prompts you to
> enter the new E-mail address, type in 
> [EMAIL PROTECTED]

This method will not necessarily work; it's a myth.  See:

http://vmyths.com/hoax.cfm?id=263&page=3&cat=Poor%20advice%20from%20non
-experts
http://hoaxbusters.ciac.org/HBMalCode.shtml#bang

for more information.

-- 
Su Wadlow
[EMAIL PROTECTED]
Faculty/Staff Support

RE: RE: BCC email virus

[mccassociatesjm]

Think about this:

1) Remove unneeded, insecure and treacherous software.  Removing Window Scripting Host 
from your Microsoft workstations will commpletely prevent any VB Script or worm (which 
people mistakenly call a virus) from executing.  Even if you get one of these nasty 
thingys, they are rendered impotent.

2) Find a less vulnerable email client.  Outlook Express is a popular, easy target for 
the script kiddie.   If you MUST have an email client, use ANYTHING but OE.  Web-based 
mail (my choice) gives added protection, as the offsite vendor usually checks incoming 
mail before delivery, and/or download.  It's especially nice to virus-check an 
attachment before d/l.

3) If the script doesnt run, it cant have fun.  A sandbox scheme (in which 
applications are monitored as if by an adult watching a child play in the sandbox), 
such as used by Aladin's eSafe Desktop, will prevent unauthorized changes to critical 
files by ANY application, script, or process. The NSA and Mosaad use eSafe, it should 
be good enough for you. http://www.esafe.com

4) The virus or worm or trojan that gets ya is not yesterdays thingy, but today's.  
Keep your patches and virus databases up to date! eSafe happens to have a way you can 
add a new virus definition, so, as soon as a new thingy is discovered, you may update 
your virus table yourself, if need be.

5) Remember, in warfare, the attacker has the advantage of initiative.  Keep in touch 
with others who are the "good guys" and share knowledge, skills and information.  Only 
by doing this can the good guys win.

Regards,

Mack





1) "James McGee" <[EMAIL PROTECTED]> wrote:

>Loads of virii would do this.
>
>I suggest that you try downloading, and installing another anti virus
>scanner.  You never can have enough protection.
>
>
>On my Win98, machine, I run three, and I still managed to get a NIMDA file
>on my machine, although it did nothing, as I was not permitted to touch it,
>mby two of the AV software apps.  The otherone did not even notice it.
>
>Also, ensure the AV app is up to date.  That may help
>
>Cheers
>
>JM
>
> -Original Message-
>From:   Chris Coakley [mailto:[EMAIL PROTECTED]]
>Sent:   25 January 2002 19:36
>To: [EMAIL PROTECTED]
>Subject:BCC email virus
>
>Sorry to bother you, but I can't find this on Symantic or related sites...
>
>A fellow employee was checking his email today and became infected with a
>virus that appears to have the following characteristic:
>When he emails someone, it BCC's the message to the previous person he sent
>a legit email to.
>
>Also, he said outlook froze on him while he was doing his ritual forwarding
>of humor emails this morning.
>
>Norton AV doesn't detect anything. We are in the process of comparing his
>profile to what was there at the last backup, but I was curious if anyone
>had heard of this.
>
>Thanks,
>Chris Coakley
>
>
-- 




__
Your favorite stores, helpful shopping tools and great gift ideas. Experience the 
convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

Re: BCC email virus

[Vincent Lee]

Over the years, I have read mixed reasonings as to whether or not the fix
proposed below works. In theory, it makes sense. Can someone convince me,
without a doubt, which way? Thanks in advance.

Vincent

- Original Message -

Here's what you do: First, Open your Address Book and click on "New Contact"
just as you would do if you were adding a new friend to your list of E-mail
addresses.  In the window where you would type your friend's first name,
type in !000 (That's an exclamation mark followed by 3 zeros).  In the
window below where it prompts you to enter the new E-mail address, type in
 [EMAIL PROTECTED]

- End Original Message -

Re: BCC email virus

[Meritt James]

Why just don't run emailed executables?

"Mark Palmer, CCNA" wrote:
> 
> I have not heard of that particular exploit (yet).  However I have heard of
> a way that may prevent the spread of viruses via email.
> 
> What do you think about the following method to "prevent" a virus from doing
> its work
> 
> "As you may know, when/if a Worm Virus gets into your computer it heads
> straight for your E-mail Address Book and sends itself to everyone in there,
> thus infecting all your friends and associates. This trick won't keep the
> virus from getting into your computer, but it will stop it from using your
> address book to spread further, and it will alert you to the fact that the
> worm has gotten into your system.
> 
> Here's what you do: First, Open your Address Book and click on "New Contact"
> just as you would do if you were adding a new friend to your list of E-mail
> addresses.  In the window where you would type your friend's first name,
> type in !000 (That's an exclamation mark followed by 3 zeros).  In the
> window below where it prompts you to enter the new E-mail address, type in
>  [EMAIL PROTECTED]
> 
> Then complete everything by clicking: Add, Enter, OK, etc.
> 
> Now, here's what you've done and why it works: The name "!000" will be
> placed at the top of your address book as entry #1.
> 
> This will be where the worm will start in an effort to send itself to all
> your friends.  But when it tries to send itself to !000, it will be
> undeliverable because of the phony E-mail address you entered
> ([EMAIL PROTECTED]  ).  If the first attempt fails
> (which it will because of the phony address), the worm goes no further and
> your friends will not be infected.
> 
> Here's the second great advantage of this method: If an E-mail cannot be
> delivered, you will be notified of this in your Inbox almost immediately.
> 
> Hence, if you ever get an E-mail telling you that an E-mail addressed to
> WormAlert could not be delivered, you know right away that you have the Worm
> Virus in your system.  You can then take necessary steps to get rid of it!"
> 
> -Original Message-
> From: Chris Coakley [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 25, 2002 1:36 PM
> To: [EMAIL PROTECTED]
> Subject: BCC email virus
> 
> Sorry to bother you, but I can't find this on Symantic or related sites...
> 
> A fellow employee was checking his email today and became infected with a
> virus that appears to have the following characteristic: When he emails
> someone, it BCC's the message to the previous person he sent a legit email
> to.
> 
> Also, he said outlook froze on him while he was doing his ritual forwarding
> of humor emails this morning.
> 
> Norton AV doesn't detect anything. We are in the process of comparing his
> profile to what was there at the last backup, but I was curious if anyone
> had heard of this.
> 
> Thanks,
> Chris Coakley

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

RE: BCC email virus

[James McGee]

Loads of virii would do this.

I suggest that you try downloading, and installing another anti virus
scanner.  You never can have enough protection.


On my Win98, machine, I run three, and I still managed to get a NIMDA file
on my machine, although it did nothing, as I was not permitted to touch it,
mby two of the AV software apps.  The otherone did not even notice it.

Also, ensure the AV app is up to date.  That may help

Cheers

JM

 -Original Message-
From:   Chris Coakley [mailto:[EMAIL PROTECTED]]
Sent:   25 January 2002 19:36
To: [EMAIL PROTECTED]
Subject:BCC email virus

Sorry to bother you, but I can't find this on Symantic or related sites...

A fellow employee was checking his email today and became infected with a
virus that appears to have the following characteristic:
When he emails someone, it BCC's the message to the previous person he sent
a legit email to.

Also, he said outlook froze on him while he was doing his ritual forwarding
of humor emails this morning.

Norton AV doesn't detect anything. We are in the process of comparing his
profile to what was there at the last backup, but I was curious if anyone
had heard of this.

Thanks,
Chris Coakley

RE: BCC email virus

[Mark Palmer, CCNA]

I have not heard of that particular exploit (yet).  However I have heard of
a way that may prevent the spread of viruses via email.  

What do you think about the following method to "prevent" a virus from doing
its work

"As you may know, when/if a Worm Virus gets into your computer it heads
straight for your E-mail Address Book and sends itself to everyone in there,
thus infecting all your friends and associates. This trick won't keep the
virus from getting into your computer, but it will stop it from using your
address book to spread further, and it will alert you to the fact that the
worm has gotten into your system.

Here's what you do: First, Open your Address Book and click on "New Contact"
just as you would do if you were adding a new friend to your list of E-mail
addresses.  In the window where you would type your friend's first name,
type in !000 (That's an exclamation mark followed by 3 zeros).  In the
window below where it prompts you to enter the new E-mail address, type in
 [EMAIL PROTECTED]

Then complete everything by clicking: Add, Enter, OK, etc.

Now, here's what you've done and why it works: The name "!000" will be
placed at the top of your address book as entry #1. 

This will be where the worm will start in an effort to send itself to all
your friends.  But when it tries to send itself to !000, it will be
undeliverable because of the phony E-mail address you entered
([EMAIL PROTECTED]  ).  If the first attempt fails
(which it will because of the phony address), the worm goes no further and
your friends will not be infected.

Here's the second great advantage of this method: If an E-mail cannot be
delivered, you will be notified of this in your Inbox almost immediately.

Hence, if you ever get an E-mail telling you that an E-mail addressed to
WormAlert could not be delivered, you know right away that you have the Worm
Virus in your system.  You can then take necessary steps to get rid of it!"

-Original Message-
From: Chris Coakley [mailto:[EMAIL PROTECTED]] 
Sent: Friday, January 25, 2002 1:36 PM
To: [EMAIL PROTECTED]
Subject: BCC email virus


Sorry to bother you, but I can't find this on Symantic or related sites...

A fellow employee was checking his email today and became infected with a
virus that appears to have the following characteristic: When he emails
someone, it BCC's the message to the previous person he sent a legit email
to.

Also, he said outlook froze on him while he was doing his ritual forwarding
of humor emails this morning.

Norton AV doesn't detect anything. We are in the process of comparing his
profile to what was there at the last backup, but I was curious if anyone
had heard of this.

Thanks,
Chris Coakley