Virus Question
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Virus Question

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Virus Question

    Good Day, I recall see something posted on Antionline regarding the following:

    "Dear e-Friends:
    With all of the malicious viruses going around on the net these days, I thought you might find this helpful hint useful.

    I tested it with a sample e-mail and in theory it works (although I didn't have a virus infected e-mail handy to give it a true test).

    As you may know, when/if a worm virus gets into your computer it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm has gotten into your system.

    Here's what you do: first, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses. In the window where you would type your friend's first name, type in !000 (that's an exclamation mark followed by 3 zeros). In the window below where it prompts you to enter the new email address, type in WormAlert. Then complete everything by clicking add, enter, ok, etc.

    Now, here's what you've done and why it works: the "name" !000 will be placed at the top of your address book as entry #1. This will be where the worm/virus will start in an effort to send itself to all your friends. But when it tries to send itself to !000, it will be undeliverable because of the phony email address you entered (WormAlert). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected. Here's the second great advantage. If the e-mail cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it!


    Here's hoping you don't have the chance to test it in real life!"

    One of my clients received this and was asking if it was legitimate, I can't remember what was said about this.
    Any help ??
    Thanks
    Share on Google+

  2. #2
    Junior Member
    Join Date
    Oct 2001
    Posts
    14
    Couple questions on this...
    Does it work in ALL email clients?
    What's to stop a "smarter" worm that will try the next address in your book if the first returns a failure?

    Not being a total devil's advocate, just curious.

    Security is an illusion

    __________________

    Share on Google+

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    These are some of the questions I have too. Thats kinda why I'm looking for input from this group. I know there are worms out there that just pick a random e-mail address and send to that address. I don't know that this is worth the effort to set up for my clients, I don't want to give them a false sense of security. I believe their best defense is a good scanner that is updated almost daily.
    Share on Google+

  4. #4
    Junior Member
    Join Date
    Oct 2001
    Posts
    14
    I'd have to agree.

    But, it may not be a bad trick to catch a 'simple' worm that goes through your address book in sequential order.

    One note though, it won't always be '!000". Some clients put the '!'s at the end of the list. Most of those that do, however, will put "000" at the top of the list though.

    Share on Google+

  5. #5
    Member
    Join Date
    Sep 2001
    Posts
    63
    !0000

    It's a hoax. See Virus Myths for details.

    http://vmyths.com/hoax.cfm?id=263&page=3
    Share on Google+

  6. #6
    Junior Member
    Join Date
    Oct 2001
    Posts
    14


    Thank you!

    End of this thread, eh?

    Verdure
    Share on Google+

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Thumbs up

    Thanks Paul Zest, that's the information I was looking for.
    Share on Google+

  8. #8
    Member
    Join Date
    Sep 2001
    Posts
    63
    no problem ;-]

    You might also find another great resource for virus related information stored away in the Google newsgroups archive. The Google archiver is updated daily and is the definative resource for Virus / Anti-Virus debate. Has over 149,000 threads and dates back to the mid 90's ... experts include most of the major AV companies, security companies, virus writers and many ordinary people with just an interest.

    URL ... http://groups.google.com/groups?oi=d...alt.comp.virus

    PZ
    Share on Google+

  9. #9
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Hmm. It sounds deceptively possible, but when you think about it...

    Wouldn't any worm attempting to send itself via outlook send itself to every possible address? And it takes a while for a 'returned-mail message undeliverable' message to get back to the sending machine, so by the time anyone would know the address was fake, copies would have been sent to each of the first 50 people....

    What they should do is just remove Outlook/VB scripting... Or get your firewall to ask you for each outgoing mail attempt. (Having it ask before downloading wouldn't be too effective, would it?)
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

  10. #10
    Member
    Join Date
    Sep 2001
    Posts
    63
    PZ wrote: You might also find another great resource for virus related information stored away in the Google newsgroups archive
    I shouldn't forget that AntiOnline also has a vast archive of the alt.comp.virus newsgroup.




    * The archive is somewhat smaller. (ok it hasn't been going as long)

    * How stable will the archive be (i.e. will AntiOnline be around in 2yrs time, or will the format of this site change again ...etc etc?).

    * I've noticed that posts via AntiOnline do not appear on the Google archive news or Usenet feed.. ???

    * Search facilities are lacking on the Newsgroup pages



    PZ
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •