RE: BCC email virus

From: McDonald Patrick (mcdonald_patrick@bah.com)
Date: 01/29/02


From: "McDonald Patrick" <mcdonald_patrick@bah.com>
To: "Meritt James" <meritt_james@extser-1.bah.com>, "Mark Palmer CCNA" <palmerm@concordia.edu>
Date: Tue, 29 Jan 2002 13:48:47 -0500

In response to Mark Palmer's message, setting up a false address will not
prevent a virus from spreading. Rather it will merely inform the user a
virus attempted to mail itself to a false address. Email sends a seperate
copy of itself to everyone on its list, it matters not whether the first,
second, or nth address is wrong. Copies get sent to all valid addresses.

-----Original Message-----
From: Meritt James [mailto:meritt_james@extser-1.bah.com]
Sent: Monday, January 28, 2002 1:20 PM
To: Mark Palmer CCNA
Cc: 'Chris Coakley'; security-basics@securityfocus.com
Subject: Re: BCC email virus

Why just don't run emailed executables?

"Mark Palmer, CCNA" wrote:
>
> I have not heard of that particular exploit (yet). However I have heard
of
> a way that may prevent the spread of viruses via email.
>
> What do you think about the following method to "prevent" a virus from
doing
> its work....
>
> "As you may know, when/if a Worm Virus gets into your computer it heads
> straight for your E-mail Address Book and sends itself to everyone in
there,
> thus infecting all your friends and associates. This trick won't keep the
> virus from getting into your computer, but it will stop it from using your
> address book to spread further, and it will alert you to the fact that the
> worm has gotten into your system.
>
> Here's what you do: First, Open your Address Book and click on "New
Contact"
> just as you would do if you were adding a new friend to your list of
E-mail
> addresses. In the window where you would type your friend's first name,
> type in !000 (That's an exclamation mark followed by 3 zeros). In the
> window below where it prompts you to enter the new E-mail address, type in
> <mailto:WormAlert@000.org> WormAlert@000.org
>
> Then complete everything by clicking: Add, Enter, OK, etc.
>
> Now, here's what you've done and why it works: The name "!000" will be
> placed at the top of your address book as entry #1.
>
> This will be where the worm will start in an effort to send itself to all
> your friends. But when it tries to send itself to !000, it will be
> undeliverable because of the phony E-mail address you entered
> (WormAlert@000.org <mailto:WormAlert@000.org> ). If the first attempt
fails
> (which it will because of the phony address), the worm goes no further and
> your friends will not be infected.
>
> Here's the second great advantage of this method: If an E-mail cannot be
> delivered, you will be notified of this in your Inbox almost immediately.
>
> Hence, if you ever get an E-mail telling you that an E-mail addressed to
> WormAlert could not be delivered, you know right away that you have the
Worm
> Virus in your system. You can then take necessary steps to get rid of
it!"
>
> -----Original Message-----
> From: Chris Coakley [mailto:chris.coakley@isera.com]
> Sent: Friday, January 25, 2002 1:36 PM
> To: security-basics@securityfocus.com
> Subject: BCC email virus
>
> Sorry to bother you, but I can't find this on Symantic or related sites...
>
> A fellow employee was checking his email today and became infected with a
> virus that appears to have the following characteristic: When he emails
> someone, it BCC's the message to the previous person he sent a legit email
> to.
>
> Also, he said outlook froze on him while he was doing his ritual
forwarding
> of humor emails this morning.
>
> Norton AV doesn't detect anything. We are in the process of comparing his
> profile to what was there at the last backup, but I was curious if anyone
> had heard of this.
>
> Thanks,
> Chris Coakley

--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566



Relevant Pages

  • Re: P C Wolrds reccomendation?
    ... This is a computer virus SOLUTION, ... when/if a worm virus gets into your computer it heads ... > thus infecting all your friends and associates. ... > where it prompts you to enter the new email address, type in Worm Alert. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: P C Wolrds reccomendation?
    ... This is a computer virus SOLUTION, ... when/if a worm virus gets into your computer it heads ... > where it prompts you to enter the new email address, type in Worm Alert. ... > worm will start in an effort to send itself to all your friends. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: P C Wolrds reccomendation?
    ... >> Please read this it works and will prevent the spread of the worm virus ... >> where it prompts you to enter the new email address, type in Worm Alert. ... >> worm will start in an effort to send itself to all your friends. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: BCC email virus
    ... a way that may prevent the spread of viruses via email. ... What do you think about the following method to "prevent" a virus from doing ... when/if a Worm Virus gets into your computer it heads ... thus infecting all your friends and associates. ...
    (Security-Basics)
  • Re: BCC email virus
    ... > What do you think about the following method to "prevent" a virus from doing ... > thus infecting all your friends and associates. ... > worm has gotten into your system. ...
    (Security-Basics)