alpines
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SV: Someone on the list has a virus!!!

from [robert taylor] [Permanent Link][Original]
To: Jarrid Gross <jarrid_gross@earthlink.net>
Subject: Re: SV: Someone on the list has a virus!!!
From: robert taylor <rtaylor456@comcast.net>
Date: Sat, 05 Jul 2003 18:11:28 -0400 
----- Original Message -----
From: Jarrid Gross <jarrid_gross@earthlink.net>
Date: Saturday, July 5, 2003 1:28 pm
Subject: Re: SV: Someone on the list has a virus!!!

> Kristian,
> 
> Unfortunately the attachment was NOT an acroreader file,
> but actually a .PIF file, which is a common virus propogation 
> mechanism.The file was called AcroReader51_NLD_full.exe.pif.
> Could just as easily been called mycar.jpg.pif, in which case
> you might have thought it was a picture/jpeg of "mycar" and you would
> now be the proud host of the offending virus.
> 
> Virus propogation has become an excersise in social engineering,
> where the trick is to find a catch phrase the compells the vary and 
> unwary to click on the attachment.
> 
> Windows and users are easily fooled to think that the extension 
> prior to 
> the .pif ending is the real extension, it is not.
> 
> Obviously windows is too dumb to know that the real filetype is a .PIF
> file,
> which has no business (.PIF) to be run on 99.9% of all home computers.
> 
> You might consider setting up windows to show you the "full" filename.
> and not to "hide" the extension of known filetypes.
> This will prevent many people from letting windows' short-comings
> from confusing the user into becoming being the method of infection.
> 
> 
> 
> Jarrid Gross
> 
> 
> 
> 
> kkj wrote:
> > 
> > I also got something similar.
> > I had won an Ebay auction and it had this suspicious AcroReader 
> attachment.> I deleted it as I never open attachments and it was on 
> something I had newer bid on. It was "red alert" clearly on this mail.
> > I have run the virusremover to be safe.
> > Virus senders obviously try to go into chatlists and similar and 
> call the attachment car related names. Yesterday it was "Big tits" 
> and that kind of interesting things.
> > Look up for attachment called "list of free Rootes parts" or 
> other things that is hard to resist!
> > 
> > Kristian J
> > 
> > ----- Original Message -----
> > From: Jarrid Gross <jarrid_gross@earthlink.net>
> > To: Alpine List <alpines@autox.team.net>
> > Sent: Saturday, July 05, 2003 2:49 PM
> > Subject: Someone on the list has a virus!!!
> > 
> > > Some sunbeam content, see below...
> > >
> > > Just received this "quaranteined of course".
> > > It had an attachment that was infected with W32.Bugbear.B@mm.
> > >
> > >
> > > If you are the sender or orginator of the original message, 
> (not this
> > > one)
> > > you should look very carefully at your system.
> > >
> > > This is a case where either the sender or the receiver (most 
> likely the
> > > receiver) is infected.
> > >
> > > Good luck,
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Status:
> > >                 U
> > >      Return-Path:
> > >                 <bidconfirm@dingoblue.net.au>
> > >        Received:
> > >                 from smtp02.wxs.nl ([195.121.6.54]) by killdeer
> > > (EarthLink SMTP Server) with ESMTP id 19yIjQ4uX3NZFlr0 for
> > > <jarrid_gross(AT)earthlink.net>; Sat, 5 Jul 2003 01:22:54
> > >                 -0700 (PDT)
> > >        Received:
> > >                 from evert (ip503cd777.speed.planet.nl 
> [80.60.215.119])> > by smtp02.wxs.nl (iPlanet Messaging Server 5.2 
> HotFix 1.14 (built Mar 18
> > > 2003)) with SMTP id
> > >                 <0HHJ00LWPM2QOW@smtp02.wxs.nl> for
> > > jarrid_gross(AT)earthlink.net; Sat, 05 Jul 2003 10:25:55 +0200 
> (MEST)> >            Date:
> > >                 Sat, 05 Jul 2003 10:25:42 +0200 (MEST)
> > >     Date-warning:
> > >                 Date header was inserted by smtp02.wxs.nl
> > >            From:
> > >                 bidconfirm@dingoblue.net.au
> > >          Subject:
> > >                 eBay Bid Notice - Item 1636080688: SUNBEAM " 
> Tiger "
> > > Baujahr 1925 s. Bild
> > >      Message-ID:
> > >                 <0HHJ00LWQM2QOW@smtp02.wxs.nl>
> > >   MIME-version:
> > >                 1.0
> > >     Content-type:
> > >                 multipart/mixed;
> > > boundary="Boundary_(ID_3ru05nlkRQHm5Ey0cZafyA)"
> > >  X-Mozilla-Status:
> > >                 8001
> > >
> > >
> > >
> > >
> > > Thank you for bidding in the Auto and 
> Motorrad:Automobilia:Bilder and
> > > Pos=
> > > ter category, rootesholland!
> > >
> > > We appreciate the trading you do on eBay and want to confirm 
> the details
> > > =
> > > of your bid.
> > >
> > > Item name:              SUNBEAM " Tiger " Baujahr 1925 s. Bild
> > > Item number:            1636080688
> > > Your current bid:       DM 2.00
> > > Your maximum bid:       DM 15.00
> > > End date:               Sep-14-01 09:04:50 PDT
> > > Current price:          DM 2.00
> > >
> > > To v
> > >
> > >
> > >
> > >
> > > This file: "AcroReader51_NLD_full.exe.pif" was infected with:
> > > "W32.Bugbear.B@mm" virus.
> > >
> > > The file was deleted by Norton AntiVirus. Saturday, July 05, 
> 2003  05:39
> 

Or, better yet - buy a Mac!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SV: Someone on the list has a virus!!!, Jarrid Gross
Next by Date:  RE: Solvent for Parts Cleaner?, Chuck Nicodemus
Previous by Thread:  Re: SV: Someone on the list has a virus!!!, Jarrid Gross
Next by Thread:  Front Calipers, robert taylor
Indexes:  [Date] [Thread] [Top] [All Lists]