Re: BCC email virus

From: Meritt James (meritt_james@bah.com)
Date: 01/28/02 

Date: Mon, 28 Jan 2002 13:20:21 -0500
From: "Meritt James" <meritt_james@bah.com>
To: "Mark Palmer CCNA" <palmerm@concordia.edu>

Why just don't run emailed executables?

"Mark Palmer, CCNA" wrote:
>
> I have not heard of that particular exploit (yet). However I have heard of
> a way that may prevent the spread of viruses via email.
>
> What do you think about the following method to "prevent" a virus from doing
> its work....
>
> "As you may know, when/if a Worm Virus gets into your computer it heads
> straight for your E-mail Address Book and sends itself to everyone in there,
> thus infecting all your friends and associates. This trick won't keep the
> virus from getting into your computer, but it will stop it from using your
> address book to spread further, and it will alert you to the fact that the
> worm has gotten into your system.
>
> Here's what you do: First, Open your Address Book and click on "New Contact"
> just as you would do if you were adding a new friend to your list of E-mail
> addresses. In the window where you would type your friend's first name,
> type in !000 (That's an exclamation mark followed by 3 zeros). In the
> window below where it prompts you to enter the new E-mail address, type in
> <mailto:WormAlert@000.org> WormAlert@000.org
>
> Then complete everything by clicking: Add, Enter, OK, etc.
>
> Now, here's what you've done and why it works: The name "!000" will be
> placed at the top of your address book as entry #1.
>
> This will be where the worm will start in an effort to send itself to all
> your friends. But when it tries to send itself to !000, it will be
> undeliverable because of the phony E-mail address you entered
> (WormAlert@000.org <mailto:WormAlert@000.org> ). If the first attempt fails
> (which it will because of the phony address), the worm goes no further and
> your friends will not be infected.
>
> Here's the second great advantage of this method: If an E-mail cannot be
> delivered, you will be notified of this in your Inbox almost immediately.
>
> Hence, if you ever get an E-mail telling you that an E-mail addressed to
> WormAlert could not be delivered, you know right away that you have the Worm
> Virus in your system. You can then take necessary steps to get rid of it!"
>
> -----Original Message-----
> From: Chris Coakley [mailto:chris.coakley@isera.com]
> Sent: Friday, January 25, 2002 1:36 PM
> To: security-basics@securityfocus.com
> Subject: BCC email virus
>
> Sorry to bother you, but I can't find this on Symantic or related sites...
>
> A fellow employee was checking his email today and became infected with a
> virus that appears to have the following characteristic: When he emails
> someone, it BCC's the message to the previous person he sent a legit email
> to.
>
> Also, he said outlook froze on him while he was doing his ritual forwarding
> of humor emails this morning.
>
> Norton AV doesn't detect anything. We are in the process of comparing his
> profile to what was there at the last backup, but I was curious if anyone
> had heard of this.
>
> Thanks,
> Chris Coakley 

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

Relevant Pages

  • Re: P C Wolrds reccomendation?
    ... This is a computer virus SOLUTION, ... when/if a worm virus gets into your computer it heads ... > thus infecting all your friends and associates. ... > where it prompts you to enter the new email address, type in Worm Alert. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: 1 week of searching FAQ for the answer to these two questions
    ... cause the execution of an infected "subject line" or ... >Many viruses, like the Swen Internet worm, use a MIME ... >to be executed thus infecting the platform.. ... >|>| question in their section on Outlook and virus risk. ...
    (microsoft.public.scripting.virus.discussion)
  • Re: 1 week of searching FAQ for the answer to these two questions
    ... |>Many viruses, like the Swen Internet worm, use a MIME ... |>to be executed thus infecting the platform.. ... |>Then read the Microsoft write-up "Incorrect MIME Header ... |>|>| question in their section on Outlook and virus risk. ...
    (microsoft.public.scripting.virus.discussion)
  • Re: P C Wolrds reccomendation?
    ... This is a computer virus SOLUTION, ... when/if a worm virus gets into your computer it heads ... > where it prompts you to enter the new email address, type in Worm Alert. ... > worm will start in an effort to send itself to all your friends. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: BCC email virus
    ... What do you think about the following method to "prevent" a virus from doing ... when/if a Worm Virus gets into your computer it heads ... thus infecting all your friends and associates. ...
    (Security-Basics)