Mark, What you have described is a chain letter that seems to have been doing the rounds for some time, but is actually of very limited use, and could end up doing more harm than good. Have a look at this http://antivirus.about.com/library/weekly/aa082801b.htm to see the full details. I think the only way we can try and contain these threats are to keep the AV scanner bang up to date, and educate our users (the hardest part!).
Richard -----Original Message----- From: Mark Palmer, CCNA [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 13:16 To: 'Chris Coakley'; [EMAIL PROTECTED] Subject: RE: BCC email virus I have not heard of that particular exploit (yet). However I have heard of a way that may prevent the spread of viruses via email. What do you think about the following method to "prevent" a virus from doing its work.... "As you may know, when/if a Worm Virus gets into your computer it heads straight for your E-mail Address Book and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm has gotten into your system. Here's what you do: First, Open your Address Book and click on "New Contact" just as you would do if you were adding a new friend to your list of E-mail addresses. In the window where you would type your friend's first name, type in !000 (That's an exclamation mark followed by 3 zeros). In the window below where it prompts you to enter the new E-mail address, type in <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] Then complete everything by clicking: Add, Enter, OK, etc. Now, here's what you've done and why it works: The name "!000" will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends. But when it tries to send itself to !000, it will be undeliverable because of the phony E-mail address you entered ([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected. Here's the second great advantage of this method: If an E-mail cannot be delivered, you will be notified of this in your Inbox almost immediately. Hence, if you ever get an E-mail telling you that an E-mail addressed to WormAlert could not be delivered, you know right away that you have the Worm Virus in your system. You can then take necessary steps to get rid of it!" -----Original Message----- From: Chris Coakley [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 1:36 PM To: [EMAIL PROTECTED] Subject: BCC email virus Sorry to bother you, but I can't find this on Symantic or related sites... A fellow employee was checking his email today and became infected with a virus that appears to have the following characteristic: When he emails someone, it BCC's the message to the previous person he sent a legit email to. Also, he said outlook froze on him while he was doing his ritual forwarding of humor emails this morning. Norton AV doesn't detect anything. We are in the process of comparing his profile to what was there at the last backup, but I was curious if anyone had heard of this. Thanks, Chris Coakley _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/ ________________________________________________________ The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The registered office of Wellington Underwriting plc is 88 Leadenhall Street, London, UK EC3A 3BA. ________________________________________________________ _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/
