Get to know the Zune HD>>
Community Newsletter: Q&A: 7/29/04 Help! I didn’t send them that virus
- 7/29/04 5:34 PM
Re: Submission by Aaron P.
by tomcam - 7/30/04 2:50 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Why do you presume that this person's computer is infected? Another infected computer is likely sending these messages with this person's name as the return address. Almost ALL return addresses in infected emails are FALSE.
Re: Submission by Aaron P.
by rickkaz - 7/30/04 3:24 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Most of the viruses that have come out lately grab an address from the infected computers email program and put it in the FROM: field of the outgoing message. Then it sends it to another address that it also grabs. There isn't anything that you can do to stop the sending out of these messages that appear to come from you.
If only a small number of people have your email address, you can do a little detective work to try and find out whose computer is infected. The person with the infected computer will have the email addresses of you and the person that said you sent them an infected email.
Make sure your anti-virus software is up to date with it's signatures and you can guarantee them it didn't come from you.
Re: Submission by Aaron P.
by quijote - 7/30/04 3:27 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Aaron,
Your technique has been shown not to work, since many of these worms do not necessarily go through the address book alphabetically. You have been virus-free because you are careful, and because you run and update a virus-protection package -- just like your first suggestion.
Re: Submission by Aaron P.
by sleepy370 - 7/30/04 3:55 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Hello, Everyone is right in here scan your computer with some Virus Scan ! Sounds like you have a mailing worm that's using your e-mail address to send out to people ! Also Deleate your address book in your e-mail! Why ? Well this worm can e-mail itself to all your friends and family ! In other words it keeps e-mailing itself from your e-mail and mailing itself out to all the people you have in your address book ! Also tell all your friends that's in your address book to scan their computer to check for a virus on their computer! Again THIS MIGHT NOT BE YOUR COMPUTER THAT HAS THE MASS MAILING WORM ! I highly recommend MCAFEE OR NORTON VIRUS SCANS ! Don't have one get one and keep it updated! Also your friends should deleate their address book as well until the problem is solved ! Good Luck and listen to all the people in CNET you will find help ! I hope I have helped you some .
Re: Submission by Aaron P.
by sandage_2000 - 7/30/04 5:43 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
I noted a few things in the answer that I would like to add to.
1-WHEN you get messages from persons about you sending out viruses, do not be upset -- instead, take advantage of this and update your virus definitions plus do complete virus scan of your computer -- often when I have had persons sending out things saying it was coming from me, they ALSO were sending out to members of various lists and conference areas the SAME virus posing as one of the other persons on this list. So you may have one in your mail or have gotten this same virus without knowing it.
2- Be SURE you do not download or open attachments automatically. Most email programs give you this option -- really bad when you view part of the message because it has already opened the message, and if you have it set to open attachments automatically, then you just set yourself up for getting a virus
3- Even if you know the person's name, if it doesn't have a subject or just the subject RE: (this is the most common one that seems to come with virus-laden attachments and includds the FWD RE: subject line) -- don't open it until you have virus scanned the attachment.
4-If you use more than one account for various emails (like I use hotmail, msn, yahoo, etc.) add yourself to the other addressbooks and give yourself a different name so you know WHICH one is sending out the virus -- for instance I might have Judy M. as one name it is coming from for my yahoo account, Judy S. M. for the msn account, Judith M. for the hotmail account, etc. and always have it go to one specific address for yourself (I use my yahoo one as my "spotter"). This way I always start checking mail with that particular email account, looking for "me" sending to myself and note down which account is sending the viruses out, etc. and then be SURE you constantly check that one for viruses too.
5 - go into your options, preferences or wherever it is in your virus scanning program and tell it to ALWAYS scan every file or attachment coming in as well as your email. This way if you DO start downloading a virus attachment it will catch it before any harm is done
6 - go into above and also look and check for the virus scanning program to alert you if anything or anyone is sending out messages saying it is you. It will show each time you send out a message, but will keep popping up showing messages being sent out from you and you KNOW to immediately shut your machine down and run virus scan immediately on your machine. This way you will know the minute it starts and then very few friends will get them.
7- I used the aaaaaaaaaaaaaaa@yahoo.com for years until I found out that some of the newer viruses will STILL continue sending out messages and the program just considers the first as a bounced out-of-office or bad address and then go on to the next. This putting of that as first entry in your book is great -- but it won't stop them all.
Just some added notes that may help others.
Judith Sandage Murphy
Re: Submission by Aaron P.
by hansa - 7/30/04 7:23 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Including a fake e-mail address in your address book to prevent your PC from spreading computer virus or worms does not work. For the full explanation please go to:
http://www.snopes.com/computer/virus/quickfix.htm
Re: Submission by Aaron P.
by andrewsgrandpa - 7/30/04 7:34 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
If you use a program such as ePrompter, you may delete the trash before you download it to your computer. Mozilla Thunderbird 0.7.2 has an excellent learning feature that will filter trash once educated.
Re: Submission by Aaron P.
by Robinwl - 7/31/04 3:17 AM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
That is good news, I have done what you suggested, that should do the trick. Many thanks, R.Newby on the Wirral,
UK
SPF is the real solution
by drakecn - 7/31/04 5:27 AM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Hi All,
Nobody actually answered the question. The correct answer is to activate SPF (See spf.pobox.com)
This is a protocol which forbids people (or viruses) sending emails using your email address.
What everyone also seems to have overlooked, is that mass-mailling viruses usually pick any random pair of email addresses they find anywhere on your PC (not just your address book) and send themselves to one address faking themselves as coming from the other address.
Nothing you can do (besides SPF) can help, because the virus and the victim are not on your PC.
Re: SPF is the real solution
by snoopy369 - 7/31/04 11:03 AM In reply to: SPF is the real solution by drakecnThere's not really much you can do to activate this though, unless you're a server admin ... SPF is server-side (ISP-side, really) and isn't something your average user can activate. Heck, it's not something *anyone* can activate unless you're running a mailserver ... which most of us who aren't running Linux aren't doing.
Re: SPF is the real solution
by mileend - 7/31/04 5:34 PM In reply to: Re: SPF is the real solution by snoopy369I think the poster was refering to Sygate Personal Firewall here (SPF) and a good third party firewall like SPF that blocks unauthorized outgoing traffic from your computer can give you confidence that the emails, themselves, are not coming from your computer.
Many email worms and virii contain their own self-contained SMTP engines (the code that sends email) and do not rely on the code within Outlook Express or any other installed email client on your computer to send email in your name (assuming you are the one infected). The worm has all the program code it needs to connect and send an email to a faked or harvested email address from your system.
What SPF (and ZoneAlarm) does is validate that the program code trying to send an outgoing message has been authorized by you to do so. Obviously, if you have just been infected by a worm and the worm starts sending email out through your connection, a good firewall will detect the attempt, put it on hold and pop up a dialog box asking you if this new program code (the SMTP engine in the worm) has permission to connect. The answer, of course, is 'NO' and time to run a virus scan to get rid of the worm.
The worm, of course, could just use your existing (and approved) email client to connect and this is where I believe the the open-source Thuderbird email client really shines. I simply set Thunderbird to prompt me for my 'outgoing' SMTP password when I send email. Just about all email client can be set up this way. That way, if a dialog pops up asking me for my SMTP password . . . and I have not just sent and email . . . then I know something else (worm, virus, trojan, spyware . . . add your own flavor of malware here) is trying to do so. Thunderbird also has a great Bayesian SPAM-filtering feature that learns to detect those emails you deem SPAM.
The AAAAAAAA trick DOES NOT WORK and you are deluding yourself if you think so. EMAIL is STATELESS as previously mentioned. Each and every addressee is treated as a seperate email and one bouncing back will not in any way affect how the others are sent. You may (or may not) get a message in your inbox alerting you that AAAAAAAA could not be delievered which could clue you in that something was harvesting your address book, but all recent email worms have selected their email targets randomly and with some discretion to avoid 'alert' traps like AAAAAAAAA. It doesn't work!
On the flip side, much of these mailer-daemon administrative message about returned email and virus warnings are either fluff, bait, or needless use of bandwidth. I do not waste my time with responding, appoligizing or complaining about them . . . them simply go to the Trash Bin. I have sufficient faith in my anti-virus and firewall to know they are not coming from me. If my dearest and best friend calls me up and says I'm infected then I set him straight on the facts.
Solution: Ignore them (the email warnings), install antivirus and keep it up to date, use a third-party firewall that monitors and blocks, if necessary, outgoing connects.
AVAST Free AntiVirus: http://www.avast.com/i_idt_153.html
GrisSoft Free AntiVirus: http://www.grisoft.com/us/us_dwnl_free.php
ZoneAlarm free Personal Firewall: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
Sysgate Personal Firewall (free): http://smb.sygate.com/products/spf_standard.htm
Thunderbird Email Client (free): http://www.mozilla.org/products/thunderbird/
Rick
Re: Submission by Aaron P.
by GEM1400 - 8/1/04 3:54 AM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
'Because the first recipient cannot receive the message, the rest will never receive it either."
Aaron:
I am not sure I understand how this works. Versions of stuff like "mydoom" just send out to your complete mail address list - so what if the first address is fake? Mydoom doesn't wait for an NDR before trying the next address...
Wondering;
GEM1400
Re: Submission by Aaron P.
by mstickler - 8/2/04 9:20 AM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
The bad first address trick may have worked on some viruses in the past but it is by no means foolproof. It does offer one advantage though, if a virus is sending itself out from your machine using your e-mail address then you should recieve an "invalid address response" when the message is sent to the bad address. This is a definite warning sign you need to scan your machine.
Re: Submission by Aaron P.
by BZ265 - 8/3/04 12:50 PM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
There is no better way of avoiding computer viruses and worms than having a good anti virus software and religiously downloading the updates.
The AAA---- address book entry will do nothing, it is a hoax.
See:
http://antivirus.about.com/cs/hoaxes/p/aaaa.htm
Re: Poor Aaron P.
by Patrick Scott - 8/6/04 10:36 AM In reply to: Submission by Aaron P. by Lee Koo (ADMIN)
Poor guy - must feel like a dufus. Just remember Aaron, you learn best through your mistakes. I made a similar mistake early in my career; I learned to ALWAYS research the subject matter before sending out information intended to help your end users. Don't feel bad, I'd be willing to bet that I'm not the only on this thread who had to learn hard lessons through mistakes.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
