October 18th, 2001, 06:19 PM
Good Day, I recall see something posted on Antionline regarding the following:
With all of the malicious viruses going around on the net these days, I thought you might find this helpful hint useful.
I tested it with a sample e-mail and in theory it works (although I didn't have a virus infected e-mail handy to give it a true test).
As you may know, when/if a worm virus gets into your computer it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm has gotten into your system.
Here's what you do: first, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses. In the window where you would type your friend's first name, type in !000 (that's an exclamation mark followed by 3 zeros). In the window below where it prompts you to enter the new email address, type in WormAlert. Then complete everything by clicking add, enter, ok, etc.
Now, here's what you've done and why it works: the "name" !000 will be placed at the top of your address book as entry #1. This will be where the worm/virus will start in an effort to send itself to all your friends. But when it tries to send itself to !000, it will be undeliverable because of the phony email address you entered (WormAlert). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected. Here's the second great advantage. If the e-mail cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it!
Here's hoping you don't have the chance to test it in real life!"
One of my clients received this and was asking if it was legitimate, I can't remember what was said about this.
Any help ??
October 18th, 2001, 06:57 PM
Couple questions on this...
Does it work in ALL email clients?
What's to stop a "smarter" worm that will try the next address in your book if the first returns a failure?
Not being a total devil's advocate, just curious.
Security is an illusion
October 18th, 2001, 07:21 PM
These are some of the questions I have too. Thats kinda why I'm looking for input from this group. I know there are worms out there that just pick a random e-mail address and send to that address. I don't know that this is worth the effort to set up for my clients, I don't want to give them a false sense of security. I believe their best defense is a good scanner that is updated almost daily.
October 18th, 2001, 07:32 PM
I'd have to agree.
But, it may not be a bad trick to catch a 'simple' worm that goes through your address book in sequential order.
One note though, it won't always be '!000". Some clients put the '!'s at the end of the list. Most of those that do, however, will put "000" at the top of the list though.
October 18th, 2001, 09:27 PM
It's a hoax. See Virus Myths for details.
October 18th, 2001, 09:36 PM
End of this thread, eh?
October 18th, 2001, 10:26 PM
Thanks Paul Zest, that's the information I was looking for.
October 19th, 2001, 12:59 AM
no problem ;-]
You might also find another great resource for virus related information stored away in the Google newsgroups archive. The Google archiver is updated daily and is the definative resource for Virus / Anti-Virus debate. Has over 149,000 threads and dates back to the mid 90's ... experts include most of the major AV companies, security companies, virus writers and many ordinary people with just an interest.
URL ... http://groups.google.com/groups?oi=d...alt.comp.virus
October 19th, 2001, 02:37 AM
Hmm. It sounds deceptively possible, but when you think about it...
Wouldn't any worm attempting to send itself via outlook send itself to every possible address? And it takes a while for a 'returned-mail message undeliverable' message to get back to the sending machine, so by the time anyone would know the address was fake, copies would have been sent to each of the first 50 people....
What they should do is just remove Outlook/VB scripting... Or get your firewall to ask you for each outgoing mail attempt. (Having it ask before downloading wouldn't be too effective, would it?)
[HvC]Terr: L33T Technical Proficiency
October 20th, 2001, 04:08 AM
I shouldn't forget that AntiOnline also has a vast archive of the alt.comp.virus newsgroup.
PZ wrote: You might also find another great resource for virus related information stored away in the Google newsgroups archive
* The archive is somewhat smaller. (ok it hasn't been going as long)
* How stable will the archive be (i.e. will AntiOnline be around in 2yrs time, or will the format of this site change again ...etc etc?).
* I've noticed that posts via AntiOnline do not appear on the Google archive news or Usenet feed.. ???
* Search facilities are lacking on the Newsgroup pages