On Sun, 5 Aug 2001, Roger Turk wrote:
> I don't know if this is a ruse to get someone to open a virus or not, but
> here is a message that I recently received:
> . > I just want to first and foremost say that we are extremely sorry for
> . > inconvenience the virus that infected our computer in the Morro Bay
> . > Office has caused.
><
> . > > For a complete description of this virus, please refer to the bulletin
> . > available at http://www.cert.org/advisories/CA-2001-22.html.
This URL is the most authoritative part of the e-mail.
> There *was* an attachment which required windoze to run, but I had not
> previously received the virus from the originator of this message. The
> contradictory nature of this message makes my suspicous mind think that this
> is a ruse to get the recipient to open the virus.
The scenario that seems most likely to me is that
they were infected, cleaned it up, and then were re-
infected before sending out the apologies, thereby
resending the worm with the apology. For some
reason, it seems to elude many "admins" that simply
removing the virus isn't enough. You have to plug
the exploit that allowed it access in the first place.
- Steve
