Viruses & how thet send them.
  • Register
  • Help
Results 1 to 22 of 22
  1. #1
    Moderator Alan S's Avatar
    Join Date
    Mar 2001
    Location
    Queensland, Australia
    Posts
    8,923

    Default Viruses & how thet send them.

    Just got this on my Yahoo e-mail account this morning.
    Seems strange as I rarely ever use it & was a bit sus.
    The "Attchment" is supposedly a 'pif' file.

    Anybody else copped this?


    "Hello user of Com.au e-mail server,

    Some of our clients complained about the spam (negative e-mail
    content)
    outgoing from your e-mail account. Probably, you have been infected
    by
    a proxy-relay trojan server. In order to keep your computer safe,
    follow the instructions.

    Advanced details can be found in attached file.

    Advertisement


    Sincerely,
    The Com.au team "

    I haven't touched it as yet, just wanted some other opinions before I act.

    Alan S
    If it ain't broke, use a 12" shifter.....that usually does the trick!!

  2. #2
    Member Jon Wood's Avatar
    Join Date
    Feb 2002
    Location
    Swindon UK
    Posts
    75

    Default

    Simple rule is that anything with a .pif, .scr or .exe file attached is most likely a virus! Delete!
    BX 1.7TD TZD 1993
    Berlingo Multispace 2.0 HDi 2004

  3. #3
    Fellow Frogger! boodek's Avatar
    Join Date
    Jul 2001
    Location
    Wodonga, Victoria, Australia
    Posts
    343

    Default

    It sounds like a variation on the virus theme that's been doing the rounds for a month or so now. I've copped heaps of them both at work and home, and I think the best practice is if you don't recognise the sender, delete it. If it's really important (and genuine) they will get back to you. There's one message I've seen over the past week which looks like an official Westpac email, asking account holders to verify accounts by clicking on a link which subsequently infects your computer; opening attachments from dubious senders can do the same thing. I think your best course of action would be to download the latest updates for your anti-virus software and do a complete scan of your computer, this will certainly let you know if you're infected or not. Good luck.
    Ben.
    _ _________________ _
    A very fun 1997 manual 406 ST
    A lovely 2006 407 HDi Executive

  4. #4
    1000+ Posts George 1/8th's Avatar
    Join Date
    Dec 2003
    Location
    Melbourne, Victoria.
    Posts
    1,388

    Default

    Quote Originally Posted by Alan S
    Just got this on my Yahoo e-mail account this morning.
    Seems strange as I rarely ever use it & was a bit sus.
    The "Attchment" is supposedly a 'pif' file.

    Anybody else copped this?


    "Hello user of Com.au e-mail server,

    Some of our clients complained about the spam (negative e-mail
    content)
    outgoing from your e-mail account. Probably, you have been infected
    by
    a proxy-relay trojan server. In order to keep your computer safe,
    follow the instructions.

    Advanced details can be found in attached file.

    Sincerely,
    The Com.au team "

    I haven't touched it as yet, just wanted some other opinions before I act.

    Alan S
    Don't touch it Alan, pure and simple. No one sends out anti virus things like this...not even Microsoft. A few months ago there was one that looked official..like it was from Microsoft... it tricked a lot of people too. As all other replies have suggested, never open any attachment from any source you don't know. Don't even open them if they are from someone you know and trust..UNLESS they have forewarned you that they are sending you something to read etc.
    If it's important..they can re send it.
    If in doubt...kill it with the delete option.
    Cheers....George 1/8th. DSGSCX.

  5. #5
    XTC
    XTC is offline
    VIC: a fine driving state XTC's Avatar
    Join Date
    Mar 2003
    Location
    Location Location Location
    Posts
    8,566

    Default

    It's a virus ....

    Never run anything from anyone ... no company sends out patches or updates via emial anymore, even MS.

    What you have to watch is files pretending to be something else .. the most common ones (insert file name here).txt.pif The double extention catches a few people out.

    I got one the other day that was sent FROM myself TO myself ... someone had multiple address for me in there address book and it happend to pick those too. freaky

    - XTC206 -
    You're not fooling everyone, or did you forget? .......




    '02 Peugeot 206 GTi / '07 VW Golf GTI
    Now this is a .sig
    AF'd in PER, MEL, SYD, ADL, CBR

  6. #6
    Budding Architect ???? pugrambo's Avatar
    Join Date
    Jul 2000
    Location
    Parkes - N.S.W - Australia - Earth
    Posts
    12,256

    Default

    i got one from Ebay and reported it and it was a scam email

    in regards to the westpac one if i were you guys i'd delete it as i got one and i don't even hold any accounts with them so work that one out
    3 x '78 604 SL

    1 x '98 306 GTi6

    1 x secret project

    1 x '98 406 STDT troop carrier and i don't care if it stinks, i don't sniff it's arse Death by wank tank

    1 x '99 406SV 5spd wagon, time to burn more fuel

    1 x 1994 605 SV3.0


    WTD long range fuel tank for 605

  7. #7
    Fellow Frogger! petermc505's Avatar
    Join Date
    Jan 2004
    Location
    Melbourne, SE
    Posts
    172

    Default

    It's Important that you don't reply either.
    This will result in HEAPS more e-mails from these people.

    Damn nerds...


    84 505 GTi - Sold to a friend... written off 3 months later

  8. #8
    XTC
    XTC is offline
    VIC: a fine driving state XTC's Avatar
    Join Date
    Mar 2003
    Location
    Location Location Location
    Posts
    8,566

    Default

    Quote Originally Posted by petermc505
    It's Important that you don't reply either.
    This will result in HEAPS more e-mails from these people. Damn nerds...
    Exactly why I'm 100% against HTML e-mail - they can put hidden pointers in them that verify your address is valid .. only to get more SPAM !!!

    HTML E-Mail id Evil

    - XTC206 -
    You're not fooling everyone, or did you forget? .......




    '02 Peugeot 206 GTi / '07 VW Golf GTI
    Now this is a .sig
    AF'd in PER, MEL, SYD, ADL, CBR

  9. #9
    Fellow Frogger!
    Join Date
    Sep 2002
    Location
    South West Sydney, NSW
    Posts
    240

    Default

    Quote Originally Posted by XTC206
    Exactly why I'm 100% against HTML e-mail - they can put hidden pointers in them that verify your address is valid .. only to get more SPAM !!!

    HTML E-Mail id Evil

    - XTC206 -
    Also be aware that they can grab details from address books. I received an email from Shane L's hotmail which had a virus attached (fortunately virus scanner caught it). As stated, any attachment should be treated with suspicion!

    Regards
    Andrew

  10. #10
    Moderator Alan S's Avatar
    Join Date
    Mar 2001
    Location
    Queensland, Australia
    Posts
    8,923

    Default

    Here's an update on what they are up to; it seems that they are now starting a war between each other...bloody nutcases!!



    http://news.yahoo.com/news?tmpl=stor...worms_war_dc_2


    Alan S
    If it ain't broke, use a 12" shifter.....that usually does the trick!!

  11. #11
    1000+ Posts
    Join Date
    Oct 2002
    Location
    Melbourne Victoria
    Posts
    11,780

    Default

    Between spam and pests using spoofed email addresses to send viruses to all and sundry as if your computer was the originating problem, life is becoming harder for us trusting users of the internet.

    Don't know if it is yahoo, or this forum or what, but in recent weeks the amount of incoming garbage has taken a great leap. Of course it could also be that my son has been using my computer as his is down at the moment (He has certainly got a wider "surfing" taste than I have

    Over the last few days I have been getting emails claiming that an email I have sent has been found to have a worm/virus, then today I got another email purporting to be from my Internet Service Provider re attacks on my email account and to see the "attached file" for details and that for security reasons the attached file was "password protected and that the Password to use was 88163.

    You could just guess what would have happenned if I had dumbly opened it!! Fortunately the idiots used an identity that would not have been used by my genuine ISP so it was easy to delete. A phone call to my ISP confirms that there is a heap of these fake emails circulating and the usual crop of internet degenerates around that grab your genuine email address and propagate it with a virus and send it automatically to all and sundry. This then accounts for the number of polite reminders from administrators etc "to update your virus checkers etc".

    You wonder whether this is a marketing ploy of the anti-virus industry.!!
    But is may all soon come to a head as new protocols are adopted that will work against spoofed addresses etc. Quote is from Steve Gibsons News site

    Quote [The fact that Microsoft's scheme is
    patent-encumbered (though presumably only to be defensive and
    prevent abuse), is needlessly bloated by the use of a complex
    XML schema, and doesn't offer anything more than the already
    existing SPF (Sender Policy Framework see http://spf.pobox.com)
    caused me to look much more closely at SPF.

    What SPF does:

    Simply stated, SPF is a minimal and simple system to allow valid
    domains, like aol.com or grc.com, to publish the IP addresses of
    their servers from which eMail from their domains may originate.

    We already know that the source IP of TCP connections can not be
    spoofed, since IP packets must make round-trips between valid IP
    endpoints in order to "connect". This means that when remote
    eMail server 'A' connects to server 'B' in order to transfer
    some eMail to it, the receiving server 'B' knows the connection
    IP address of the sending server 'A'.

    With the addition of the simple SPF specification, the receiving
    server 'B' can make a standard DNS TXT query of the domain from
    which server 'A' claims to be sending eMail and receive a list
    of the domains "official" machines and IP addresses which are
    valid originators of eMail for that domain. Receiving server
    'B' can then check to see whether the TCP connection IP is
    within those which are valid for this domain and take whatever
    action it chooses.

    There are many variations and complications to a mature
    implementation of this system, you can see a diagram here:
    http://www.libspf.org/images/mailflows-l.png

    As of the posting of this note, at least 8,076 domains are
    participating in this system, grc.com among them, and the
    numbers are growing rapidly.

    Aol.com was an early adopter of SPF. So this means that as soon
    as MY server -- for example -- has been updated to query for a
    remote domain's SPF records, we would be able to detect and drop
    any SPAM being spoofed as originating from AOL, when in fact it
    is coming from non-AOL servers. And similarly, since we are now
    publishing SPF data for grc.com, any SPF-aware servers which
    receive eMail ostensibly from grc.com will be able to verify
    whether that eMail originated from our server.

    SPF is not a total cure-all for the SPAM problem, but it's
    inexpensive and trivial to implement. By providing a simple and
    lightweight means for authenticating the remote IPs of
    connecting eMail servers, it will probably quickly grow to
    become another tool in the fight against SPAM.

    It's not difficult to imagine a day in the near future, once SPF
    adoption is widespread, where eMail servers may refuse to accept
    any eMail from non-SPF publishing domains.
    Here's another page of interesting info ...
    http://spftools.infinitepenguins.net/register.php]
    End quote.

    It seems that you either operate through an isolation server when connected to the internet, have a good firewall that will alert when any program tries to access the interent or when others try to access your computer. and back this up with an up to date virus checker AND a trojan worm detector....So far fingers crossed my computer has been free of any trouble!!!

    Ken

  12. #12
    Fellow Frogger! Mitch Mi16's Avatar
    Join Date
    Oct 2003
    Location
    Sydney, Australia
    Posts
    568

    Default

    I got done with the microsoft one....

    Yeah if i don't know who it is from i don't open it.... even if i do know them.. i check what is first..
    THE MAD PUGGA

    1989 405 Mi16 (PGT-405)

  13. #13
    1000+ Posts tekkie's Avatar
    Join Date
    Jun 2002
    Location
    Sydney
    Posts
    1,516

    Default

    there has been an email going around in the last few days within my company. It is actually addressed to employees and from the [email protected] company.
    It looks pretty legit and I would have to take my hat off to the people who put it together as I am certain that form of the email address can mutate to infect any comany by substituting few lines depending which comany's server its using.


    Dear user of Lucent.com gateway e-mail server,

    Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.

    For details see the attached file.

    For security purposes the attached file is password protected. Password is "06280".

    Best wishes,
    The Lucent.com team http://www.lucent.com
    there is a ZIP attachement with code protected file in it. Improper spacing is a giveaway (and the fact Lucent IT never sends out attachements ).

    Beware.
    .
    1300cc's of jap buzzbox delivered the times below.

    EC 1:54.6 , Wakefield 1:13.15 , OP (short) 52.00 , OP GP 1:24.40


  14. #14
    Fellow Frogger! Atan's Avatar
    Join Date
    Mar 2004
    Location
    melbourne
    Posts
    261

    Default

    Just some defensive strategies agianst viruses

    Rule of thumb...never open any attachments without first scanning it with updated anti-virus scanner. Viruses activate whn you click on a an infected file, they attach themselves to files and execute when you open the file. If you are using Outlook Express 6 in the Options tab you can get it to stop attachments from being opened. You will however need toturn it off when you wish to open a legitimate attachment
    If it is from an unknown person...delete immediately...attachments with trojans in them now even have .zip or .zml extensions

    Make sure you have updated anti-viral software, if you do not have software or have not bought one with real money download a free on from AVG. Do a full file scan, may take a little while but you will sleep a bit better. Always check for new viral definition updates so that your software can function optimally.
    Also install a firewall, free from Zonealarm. Use google to search for either keywords and it will list the site for you

    Download SpyBot and Adaware programs as well, install and scan for trojans and worms.

    Find your Cookies folder...delete items in it or use the Options tab in your Browser and you can also delete cookies and temporary files from there at the click of a button.

    Also if you are using Windows 2000 or XP, install service packs and critical updates online from microsoft.com regularly...things like the Welchia and Blaster viruses are not good for your PC
    2007 VW Jetta 2.0 TDi 6sp manual

    2001 VW Bora 4-Motion - flooded away
    1998 Peugeot 406 SV manual - Gone to Hail Heaven
    1994 Silver S16 - Gone
    1983 505 Sti - Gone to good home

  15. #15
    Fellow Frogger! boodek's Avatar
    Join Date
    Jul 2001
    Location
    Wodonga, Victoria, Australia
    Posts
    343

    Default

    I've been using the free version of AVG for a year or so now, because I'm such a scab. It works extremely well and stops everything; I've never had a virus infect my system. As with all AV software though you need to update it regularly, and have it do a thorough scan once a day.
    Ben.
    _ _________________ _
    A very fun 1997 manual 406 ST
    A lovely 2006 407 HDi Executive

  16. #16
    1000+ Posts
    Join Date
    Jul 2001
    Location
    Perth, Western Australia
    Posts
    6,248

    Default

    Pretty timely message Boodek!

    I was a bit at Norton AV's price rises for subscription updates (and their suggestion that I upgrade my 2002 version to 2004) that I switched to AVG only today, after reading a positive magazine article...

    But...I didn't read the small print - it doesn't support e-mail scanning for OE6, which I'd dump but the wife prefers it, and I hate HD clutter so don't want to use a different email client to her...

    So, a general question guys - are the 'academic' versions of software exactly the same as the normal ones, only cheaper? Or is there more to it than that? I might go and pick up NAV Pro 2004, if so, and flash the wife's student card.

    Stuey

  17. #17
    Moderator Alan S's Avatar
    Join Date
    Mar 2001
    Location
    Queensland, Australia
    Posts
    8,923

    Default

    Quote Originally Posted by Stuey
    I might go and pick up NAV Pro 2004, if so, and flash the wife's student card.

    Stuey

    Child bride???



    Alan S
    If it ain't broke, use a 12" shifter.....that usually does the trick!!

  18. #18
    XTC
    XTC is offline
    VIC: a fine driving state XTC's Avatar
    Join Date
    Mar 2003
    Location
    Location Location Location
    Posts
    8,566

    Default

    Quote Originally Posted by Stuey
    So, a general question guys - are the 'academic' versions of software exactly the same as the normal ones, only cheaper? Or is there more to it than that? Stuey
    They are the same .... it's good to have a student or teacher in the family, no way I'd pay full whack for Illustator or Photoshop!

    - XTC206 -
    You're not fooling everyone, or did you forget? .......




    '02 Peugeot 206 GTi / '07 VW Golf GTI
    Now this is a .sig
    AF'd in PER, MEL, SYD, ADL, CBR

  19. #19
    Real cars have hydraulics DoubleChevron's Avatar
    Join Date
    May 2000
    Location
    Ballarat,Vic,Aust.
    Posts
    16,375

    Default

    Quote Originally Posted by Andrew D
    Also be aware that they can grab details from address books. I received an email from Shane L's hotmail which had a virus attached (fortunately virus scanner caught it). As stated, any attachment should be treated with suspicion!

    Regards
    Andrew
    I have a hotmail account Amazing, that's news to me

    seeya,
    Shane L.
    'Cit' homepage:
    Citroen Workshop
    Proper cars--
    '85 Series II CX2500 GTi Turbo I
    '63 ID19 http://www.aussiefrogs.com/forum/citro%EBn-forum/90325-best-project-car-you-have-ever-seen.html
    '72 DS21 ie 5spd pallas (last looked at ... about 15years ago)
    '78 GS1220 pallas
    '92 Range Rover Classic ... 5spd manual.

    Yay ... No Slugomatics


    Modern Junk:
    '07 Poogoe 407 HDi 6spd manual

  20. #20
    1000+ Posts
    Join Date
    Jul 2001
    Location
    Perth, Western Australia
    Posts
    6,248

    Default

    Quote Originally Posted by Alan S
    Child bride???
    I didn't say 'flash the wife'...

  21. #21
    Fellow Frogger! Ralph's Avatar
    Join Date
    Jul 2001
    Location
    Wodonga
    Posts
    928

    Icon7

    Stuey,

    How much for the subscription renewal for NAV?

    From what I've heard, NAV 2004 has an activation like setup similar to WinXP. Also you can't activate it more than four times without getting in touch with Symantec and pleading your case.

    There's an antivirus comparison in this month's PC Authority that might be worth reading. By this month I mean the one that came out in Feb, they put April's date on the cover for some reason! All AV programs did well and picked up near 100% of viruses. Not all of them picked out the trojans and backdoors.

    It's also a good idea to scan your hard drives and registry frequently for spyware and the like.

    A firewall is also essential, either hardware or software. Have a look at:

    https://www.grc.com/x/ne.dll?bh0bkyd2

    where you can test your firewall's effectiveness. This is Steve Gibson's site and has been around for years as Ken posted above.

    Matt.
    On the internet, no one knows that you are only wearing a fez.

  22. #22
    1000+ Posts
    Join Date
    Jul 2001
    Location
    Perth, Western Australia
    Posts
    6,248

    Default

    Matt,

    I already use Zone Alarm, Spybot S&D 1.2 and Ad Aware. I've recently visited GRC.com and the test revealed that all my computer's ports were stealthed, so I'm pretty OK there.

    I know about the activation of NAV'04, and funnily enough, I bought that mag you're talking about (mentioned above) which was what recommended AVG free. They stuffed up, though, and somehow tested AVG 7.0 which isn't the free version. Therefore they didn't mention it's restrictions.

    With NAV'04 Pro, you get two licenses for $79.99 (academic) which seems pretty good value, despite the activation requirement. It also has some extra features over and above NAV basic.

    Cheers

    Stuey

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •