> Date: Sun, 22 Apr 2001 12:44:37 -0400
> From: "Ken Lin" <[EMAIL PROTECTED]>
> Subject: Re: EOS Attention: Foul apple aboard!
>
> Did the virus require you to actually click an attached
> file in order for it to have any effect?
It was one trojan embedded in a *.scr-file, and a program
call in a *.doc.pif file. Outlook would have shown just
doc at the end, activated auto preview would have executed it,
clicking it would have released a program call with extra
parameters like "deltree windows /y", skipping security
dialog boxes. So, this has been a deliberate attack.
> i.e. had it pass the virus detection software,
PC-Cillin warned me of the trojan.
> would it automatically start damaging the data on the
> hard drive without any further (unfortunate) user input?
With Outlook - very possible. With my settings - no chance.
After the warning I received another message with an
attachment "Sorry_for_yesterday.doc.pif". Guess what....
This is no accidental infection spread by an unsuspecting
newbie, this was a planned (and luckily intercepted) sabotage
attempt.
> Date: Sun, 22 Apr 2001 10:07:56 -0700 (PDT)
> From: Robert Meier <[EMAIL PROTECTED]>
> Subject: Re: EOS Attention: Foul apple aboard!
> Are you sure that the trojan started from this person?
Yes. He edited the original mnessage, which trojans
don't do. They most likely paste a message of their own
and not use something dedicated in context.
> It could well be that his/her computer did get
> infected and the virus just spreads itself.
Not with two messages with different sabotage
attempts, and not with the third sabotage attempt
message following my warning to the list.
> If you are sure that the trojan was made by
> him/her then it would be good also to mention
> why you know so.
Maybe he didn't write the code, but he tried to
deliberately sabotage my data, which constitutes
a crime in Germany, a federal crime in the U.S.
and I can't believe the Netherlands looks different.
> If he/she started or not does not matter in my point of
> view. I think that he/she deliberately spreads the virus
> as I also got an email from him/her without any content
> except "Take a look to the attachment".
Yep, that's him.
> Michael, does it look like
> the one you got?
Yep.
> Date: Sun, 22 Apr 2001 11:32:00 -0700 (PDT)
> From: Robert Meier <[EMAIL PROTECTED]>
> Subject: Re: Re[2]: EOS Attention: Foul apple aboard!
>
> Well, I think it is good that we did get warned. But
> filing criminal prosecutions goes a bit far if one
> isn't sure if the person who has sent the email is the
> one who created the virus. As a matter of fact, the
> sender might not even know that his/her mail-tool has
> writen an email to other people.
Right, but then it would be one single instance of a
trojan spreading and not two different method attempts
to sabotage, nor the follow-up camouflaged as a
"Sorry"-letter.
I am convinced that he tried to sabotage my machine
well aware of what he did. If not, there will be no
problem for him to prove this to the DA.
Imagine him hitting somebody unsuspecting with lesser
computer savvy. Contracts lost, bank data lost, address
directories gone, and like most home users possibly
no backup in sight. Almost unbelievable, but people
buy Gigahertz CPUs and leave no money for a good
streamer and a rotating backup job.
--
Michael Quack <[EMAIL PROTECTED]> http://www.photoquack.de
*
****
*******
***********************************************************
* For list instructions, including unsubscribe, see:
* http://www.a1.nl/phomepag/markerink/eos_list.htm
***********************************************************
