On Wednesday 22 Oct 2003 12:06 am, Charlie M. wrote: > October 21, 2003 03:25 pm, rikona wrote: > [..] > > > AW> That's what puzzles me. She would never open an executable. > > She AW> would never agree to running one. Java and javascript > > are AW> disabled for mail. She is set to read and write plain > > text. AW> Still they have managed to do damage. > > She wouldn't have to Anne. Read about Gibe at your favourite > security information source. > > Like this one: > > http://sophos.com/virusinfo/analyses/w32gibef.html > Well, it made interesting reading. It was Swen. In fact of the 4 instances her av picked up, two were said to be in her Trash, and two in a backup. None of the mails were visible in those files. We have come to the conclusion that emptying the Trash does not get rid of mails completely, and it is necessary to compact folders to do that. Compacting is now part of her routine.
As for how it works, I thought that only Outlook address books were vulnerable to this. She keeps her av up to date, and did not send any mails after the report, apart from the one to me when I asked her to send the av report file, so hopefully she hasn't infected anyone else. She isn't on a lan, and she doesn't use file-sharing programs, so that part's OK. She would not have filled in an email details request form without asking me - she plays safe every time - nor would she have allowed the fake windows update. I had sent her reminders to avoid the fake M$ emails and she would have made the connection. I'll do extra checks for the files it mentions, but hopefully we have got rid of it this time. As soon as she is back home and working I'll get her av registration details so that I can talk to Kaspersky about how we can ensure that such things are caught 'at the door'. Although I can see how OE would be a priority for them, I think it's unlikely that other mail apps can't have that protection. Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet?
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com