E-MAIL VIRUS ALERT...

[Seven]

This may be old news, but it's my first experience with this...

 

I just got an e-mail from "[email protected]" with the subject line: "GWD: Protected message," and the body text: "Ok. Your document is attached."

 

The document (Info.scr) scanned for the Beagle virus. I Googled the subject line, and it's been done before.

 

Be on the lookout.

 

Seven

 

:o

[+ deej]

Beware of ANY attachment that you weren't expecting, even when it's "from" someone you know. It may not be from them at all.

 

Beagle is about 3 years old. It scans the hard disk of an infected computer looking for email addresses (any email addresses) and uses them as the "from" address to send itself out. That's how it propagates.

 

What this means is someone who has corresponded with Daddy (in the last three years) or visited this site at all (in the last 3 years) is infected with Beagle and their computer is propagating the virus without their knowledge. All they have to do is view a page from this site that has Daddy's email address on it (like a review) and the file then exists in their local internet cache for Beagle to find.

 

How can I be sure this is the case? Beagle (indeed any virus that travels via .SCR files) is a Windows virus. Daddy uses a Mac. ;-)

 

Other file attachments to avoid opening are .PIF and .INF. There is RARELY any reason to send a PIF, SCR, or INF file to anyone. Just delete them on arrival.

[Guest zipperzone]

>Other file attachments to avoid opening are .PIF and .INF.

>There is RARELY any reason to send a PIF, SCR, or INF file to

>anyone. Just delete them on arrival.

 

Does an up-to-date Norton virus protection, eleviate any problems with this virus?

[Seven]

Make that 2 messages from Daddy... just got another one in the inbox.

 

 

Seven

[+ deej]

>Does an up-to-date Norton virus protection, eleviate any

>problems with this virus?

 

It helps, if you've configured it to scan your inbox. But only if you're downloading mail to an email program rather than reading web-based mail (which CANNOT be scanned before you open it).

 

But it's mighty easy to configure your anti-virus program to skip certain things and not know you've done it. In fact, some viruses do exactly that as a first step in infection.

 

The best option is to NEVER open PIF, SCR or INF files. (Don't worry, they're not pictures. They're programs. You're not missing anything.)

 

Some viruses do some pretty quirky social engineering to get you to open them. They'll attach a filename like this:

 

[pre]HotGuy.jpg .scr[/pre]

In other words, they'll shove a bunch of spaces into the filename before the SCR, PIF or INF extensions. This often shoves those extensions off the visible screen so you don't realize you're really opening one of those file types. Sneaky, eh?

 

Your up-to-date anti-virus program SHOULD catch these when you open them, but see above.

 

Also remember that viruses mutate. Beagle (and Beagle-A, Beagle-B, etc.) are 3 years old. Last I saw, they were up to Beagle-Q. There's no guarantee that your A-V program even knows about the latest variant, which may have launched just moments before you received it.

 

Safest is just not to open attachments unless it's an expected attachment from a known source. And if you receive an UNexpected attachment from a known source, write to them and ask if they sent it. As I said in my first post, it may not actually be from them.

[+ deej]

Yep, that's Beagle.

 

And since you've received two now, expect more. It likely means that someone you've corresponded with also visits this site (imagine that! ;-)) and they're infected.

 

If you examine the headers, you MIGHT get a clue where the message actually came from, but Beagle is pretty good at masking itself.