Email viruses
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Email viruses

  1. #1
    Banned
    Join Date
    Oct 2003
    Posts
    170

    Question Email viruses

    Can any one give me any pointers as to when not to open an email?..is there any indication as to weither there is a vrs inside of it?..i know there are some porno namd viruses going around..but ive never gotten one..
    do any of you know of any other subjects the eail might be titled as?

    Any help is much wanted/appreateated

    Regards
    David

  2. #2
    Right.... Practice email security. Scan every message. Do not download attachments unless you have spoken to the sender via another mode of communication (ex, real life, or AIM, that idea. Something that is not email) and confirmed they sent the email. Set it so that when you open email you see the HTML, not a web page/script that activates. There is probably a bunch more stuff, but I can not think of more right now.

    -Cheers-

  3. #3
    Banned
    Join Date
    Oct 2003
    Posts
    170
    would it say it is from one of your friends?

    can anyone else gve ay more pointers?...and thnx for the info

  4. #4
    would it say it is from one of your friends?
    Yes it could.

    Many viruses create email lists from address books and html pages it finds on infected machines and then pairs off the names it finds.

    I.E. if your friend A has an address book with you, friend B, friend C, and friend D all in it, then you likely will get an email saying its from friend B, and friend C will get an email saying its from friend D.

    Another common thing will be for it to insert a random name infront of 'your' domain name.

    I.E. if you use AOL (god forbid, and my appologies) then you could get email viruses saying their from people like admin@aol.com, james@aol.com, fred@aol.com, mike@aol.com, etc...

    Another thing to keep in mind, if you use either Outlook or Outlook Express I'd highly recommend that you both turn off auto-preview and the preview-pane and that you make sure to update to the current patch level of I.E. 6 (even if you don't use IE to browse). Otherwise there are multiple viruses written into email headers that can infect your machine as soon as you receive it...

    Just as a few extra thoughts for you,

    RRP

  5. #5
    Banned
    Join Date
    Oct 2003
    Posts
    170
    oh....well....thnx..ill have to start being more careful!

  6. #6
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    I use my common sense as my first line of defense against viruses.
    A: Dont open Em@il on a Root account!
    B: If it looks suspicious it probably is suspicious!
    C: It doesn't matter if the Em@il comes to you from someone you know, most viruses do!
    D: Anti-virus software is no guarantee of safety!


    The following file extensions can contain executable code. This means they can potentially carry a virus to infect your computer!

    .ade: Microsoft Access project extension
    .adp: Microsoft Access project
    .bas: Microsoft Visual Basic class module
    .bat: Batch file
    .chm: Compiled HTML Help file
    .cmd: Microsoft Windows NT Command script
    .com: Microsoft MS-DOS program
    .cpl: Control Panel extension
    .crt: Security certificate
    .exe: Program
    .hlp: Help file
    .hta: HTML program
    .inf: Setup Information
    .ins: Internet Naming Service
    .isp: Internet Communication settings
    .js: JScript file
    .jse: Jscript Encoded Script file
    .lnk: Shortcut
    .mdb: Microsoft Access program
    .mde: Microsoft Access MDE database
    .msc: Microsoft Common Console document
    .msi: Microsoft Windows Installer package
    .msp: Microsoft Windows Installer patch
    .mst: Microsoft Visual Test source files
    .pcd: Photo CD image, Microsoft Visual compiled script
    .pif: Shortcut to MS-DOS program
    .reg: Registration entries
    .scr: Screen saver
    .sct: Windows Script Component
    .shs: Shell Scrap object
    .shb: Shell Scrap object
    .url: Internet shortcut
    .vb: VBScript file
    .vbe: VBScript Encoded script file
    .vbs: VBScript file
    .wsc: Windows Script Component
    .wsf: Windows Script file
    .wsh: Windows Script Host Settings file

    Add any extension for a document that contains macros, including Microsoft Word, .DOC, Microsoft Excel, .XLS, and Microsoft Powerpoint, .PPT. Beware of .HTM and .HTML files; they may not be safe because they can access the Internet to download unsafe files.

    http://www.mailwasher.net/

  7. #7
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Just to add one quick thing to the executables files thing, make sure that in explorer you change it so that you always see the extension. One trick virus writers use is to merge the virus with a picture or something. ex: picture.jpg.exe. That way, you think you're opening a picture, when it's really an executable. Also, it's a good idea to save any attachments to disk without opening them so that you can get a better look at them. If they look suspicious, just delete them.
    Real security doesn't come with an installer.

  8. #8
    Banned
    Join Date
    Oct 2003
    Posts
    170
    wow....thnx for the heads up!

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Location
    Calgary, AB Canada
    Posts
    140
    Yeah, something I would like to add as well. Not only do you have too look out for attachments, you also have too watch out for social engineering and such. I'm sure most of us heard about the email telling you to delete that icon looking like a teddy bear from your windows directory? Well, this is what I do, (in hotmail anyways):

    1) Is it from someone I know? If not, then I really don't trust it, (mind you I don't trust anything in my inbox...)
    2) Is the subject line right? Usually its stated like a title, with proper capital letters, etc. I find that virus emails tend to have it messed up slightly, like there are a few typos probably to try and bypass some filtering systems out there.
    3) What is the size of the email? A message with a subject line saying, "Read this!" that is 123kb large doens't seem to match up. THere is likely something in there, though it could be a really long doc or one decorated with some pics...
    4) Does the header look messed up? Some viruses try to mask the return address and mess up the headers, take a look at one sent from a friend or something, it should look proper. (won't include examples now, but if you want some, let me know.)
    5) Reading the email, does it make sense? This is where social engineering usually strikes. For example:
    http://securityresponse.symantec.com...file.hoax.html
    I won't quote the whole thing here, cuz its a little long. But something to watch for is when they quote antivirus companies. They said:
    I followed the direction below and eradicated the virus easily. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee anti-virus
    systems.
    If this was more legit, wouldnt that at least call the companies by their proper names? Legit ones usually say 'Symantec' who makes Norton AV, and give a link for more information. Also, watch out for things saying,
    "You may be infected!!! Microsoft says to apply this patch IMMEDIALTELY!!! DON"T WAIT, NORTON DOESN"T WON"T FIND IT! IT WILL ERASE EVERYTHING!!!"
    Um, its kinda obvious this isn't originating from a professional representitive of a large security organization. Spelling errrors are a comon thing two look out four. (like that sentence, though I made it a little more obvious. )
    6) Scan the attachment (and check the extentions already quoted by !mitationRust above).
    7) Before you open it, (once its on your harddrive) scan it again.
    8) If its zipped, unzip it and scan it again. (Yeah, I'm paranoid)

    As already mentioned, if you are using Outlook or something similar, make sure you turn of the auto preview feature. I don't know much about it the risks involved other than you no longer need to actually open the attachment, as emails these days can be made in HTML and we all know about them crazy web-exploits using web pages right?

    I hope my info was accurate, any corrections, please tell me. I'm a little sleepy

    Note: The quotes I took were from http://www.symantec.ca/ and I looked up some virus hoaxes and such. The one about Microsoft security patch I made up, but it was inspired by one I got a few months ago. Just gotta give credit ya know!

    Peace

    Dave
    Alcohol & calculus don't mix. Never drink & derive.

  10. #10
    Banned
    Join Date
    Oct 2003
    Posts
    170
    wow...its going to take me 3 hours to open an email if i have to check for all of that shiznit that you all posted above!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides