Thursday, September 04, 2003
Do not open strange e-mails, warns Dr. Paranoia
LOOKING AHEAD by Wally Dobelis
A message from Dr. Paranoia: With hackers sending viruses and worms, attempting to infest our computers, this constant user of the Internet has real concerns about being infected, particularly since he receives some 90 spams a day. He deletes the spams singly, never ever opening any strange ones. It is a five-minute task, but he feels that using bulk procedures might lose some valuable e-mail messages.
The recently discovered Blaster.E and SoBig.F worms are still with us, per CIAC, the DoE’s Computer Incident Advisory Capacity, and need be guarded against. To quote:
As of 8/18, W32.Blaster.E, a variant of the original Blaster worm, has been seen on the internet. This worm attempts to download the mslaugh.exe file to the WinDir system32 directory and then execute it. While the W32.Blaster.E. apparently does not have a mass-mailing functionality, users should keep updating their security solutions.
As of 8/25, experts say that Sobig.F is scheduled to launch attacks on Fridays and Sundays until it expires on September 10, 2003. CIAC continues to recommend not opening e-mail attachments associated with the Sobig.F types of e-mail. Continue to check with your anti-virus vendors for updated virus definition files for this worm.
In addition to the real threats, Dr. P. receives hoaxes, warnings of spurious disasters sent by well-meaning friends who have been fooled. Of the dozen or so received, three are quoted below, “WTC Survivor,” “It takes guts…” and “90#.” All were received in 2003. Their stories are persuasive.
The WTC Survivor hoax. “I received this from a reliable family friend this morning. BIG TROUBLE !!!! Do not open "WTC Survivor. It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not not all. If you receive an email called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one.”
The It Takes Guts hoax gets slightly hysterical. “Pass this on to everyone you have an e-mail address for!!!.If you receive an email titled: "It Takes Guts to Say Jesus." DO NOT OPEN IT. It will erase everything on your hard drive.This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than "Melissa," and that there is NO Remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities, causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers.
“This is a new, very malicious virus and not many people know about it. Pass
this warning along to EVERYONE in your address book and please share it with all your online friends ASAP so that this threat maybe stopped. Please practice cautionary measures and tell anyone that may have access to your computer. Forward this warning to everyone that you know that might access the Internet.”
The next, known as the 90# hoax, has some basis in fact, with certain old PBX systems that require dialing 9 for outgoing calls. The Hoaxer has embroidered it a lot. “I received a telephone call last evening from an individual identifying himself as an AT&T Service technician who was conducting a test on telephone lines. He stated that to complete the test I should touch nine(9), zero(0), the pound sign (#), and then hang up. Luckily, I was suspicious and refused. Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.
“I was further informed that this scam has been originating from many local
prisons. I have also verified this information with UCB Telecom, Pacific Bell, MCI, Bell Atlantic and GTE. Please beware. DO NOT press 90# for ANYONE. The GTE Security Department requested that I share this information with everyone I know. Please pass this on to everyone YOU know.”
In addition to hoaxes, Dr. P also has received real viruses, such as varieties of the W32.Klez worm. Thie latest version masquerades as an e-mail message, from a regular correspondent or a stranger, with an innocent subject line that perks your curiosity, such as “A funny game,” “Your system requirements,” “Eager to see you,” “End of invisible stuff,” and three attachments, mostly c.htm, index.htm and .txt. Do not open the attachments; if you do, the worm will use your address book to send itself to your correspondents, using your name and computer. It also fills up your storage space. Delete and purge the critter, that is Dr. P’s helpful hint for the last week of the summer.
A message from Dr. Paranoia: With hackers sending viruses and worms, attempting to infest our computers, this constant user of the Internet has real concerns about being infected, particularly since he receives some 90 spams a day. He deletes the spams singly, never ever opening any strange ones. It is a five-minute task, but he feels that using bulk procedures might lose some valuable e-mail messages.
The recently discovered Blaster.E and SoBig.F worms are still with us, per CIAC, the DoE’s Computer Incident Advisory Capacity, and need be guarded against. To quote:
As of 8/18, W32.Blaster.E, a variant of the original Blaster worm, has been seen on the internet. This worm attempts to download the mslaugh.exe file to the WinDir system32 directory and then execute it. While the W32.Blaster.E. apparently does not have a mass-mailing functionality, users should keep updating their security solutions.
As of 8/25, experts say that Sobig.F is scheduled to launch attacks on Fridays and Sundays until it expires on September 10, 2003. CIAC continues to recommend not opening e-mail attachments associated with the Sobig.F types of e-mail. Continue to check with your anti-virus vendors for updated virus definition files for this worm.
In addition to the real threats, Dr. P. receives hoaxes, warnings of spurious disasters sent by well-meaning friends who have been fooled. Of the dozen or so received, three are quoted below, “WTC Survivor,” “It takes guts…” and “90#.” All were received in 2003. Their stories are persuasive.
The WTC Survivor hoax. “I received this from a reliable family friend this morning. BIG TROUBLE !!!! Do not open "WTC Survivor. It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not not all. If you receive an email called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one.”
The It Takes Guts hoax gets slightly hysterical. “Pass this on to everyone you have an e-mail address for!!!.If you receive an email titled: "It Takes Guts to Say Jesus." DO NOT OPEN IT. It will erase everything on your hard drive.This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than "Melissa," and that there is NO Remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities, causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers.
“This is a new, very malicious virus and not many people know about it. Pass
this warning along to EVERYONE in your address book and please share it with all your online friends ASAP so that this threat maybe stopped. Please practice cautionary measures and tell anyone that may have access to your computer. Forward this warning to everyone that you know that might access the Internet.”
The next, known as the 90# hoax, has some basis in fact, with certain old PBX systems that require dialing 9 for outgoing calls. The Hoaxer has embroidered it a lot. “I received a telephone call last evening from an individual identifying himself as an AT&T Service technician who was conducting a test on telephone lines. He stated that to complete the test I should touch nine(9), zero(0), the pound sign (#), and then hang up. Luckily, I was suspicious and refused. Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.
“I was further informed that this scam has been originating from many local
prisons. I have also verified this information with UCB Telecom, Pacific Bell, MCI, Bell Atlantic and GTE. Please beware. DO NOT press 90# for ANYONE. The GTE Security Department requested that I share this information with everyone I know. Please pass this on to everyone YOU know.”
In addition to hoaxes, Dr. P also has received real viruses, such as varieties of the W32.Klez worm. Thie latest version masquerades as an e-mail message, from a regular correspondent or a stranger, with an innocent subject line that perks your curiosity, such as “A funny game,” “Your system requirements,” “Eager to see you,” “End of invisible stuff,” and three attachments, mostly c.htm, index.htm and .txt. Do not open the attachments; if you do, the worm will use your address book to send itself to your correspondents, using your name and computer. It also fills up your storage space. Delete and purge the critter, that is Dr. P’s helpful hint for the last week of the summer.
# posted by Wally Dobelis @ 3:24 PM 
