-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 October 22, 2003 03:23 am, Anne Wilson wrote: [..]
> > She wouldn't have to Anne. Read about Gibe at your favourite > > security information source. > > > > Like this one: > > > > http://sophos.com/virusinfo/analyses/w32gibef.html > > Well, it made interesting reading. It was Swen. In fact of the 4 > instances her av picked up, two were said to be in her Trash, and two > in a backup. None of the mails were visible in those files. We have > come to the conclusion that emptying the Trash does not get rid of > mails completely, and it is necessary to compact folders to do that. > Compacting is now part of her routine. It's a TSR (terminate, stay resident) and an agile little bastard so I doubt using the flush handle on the trash would accomplish anything Anne. It also does nasty things to the boot sector, so the removal procedure can be a nightmare. As soon as it or one of it's brethren becomes a migratory mutant there's going to develop a large market for disposable hard drives. Or new systems may have to be built with no HDD and run Knoppix style from a write protected CD-R/DVD-R. Let's look at possibilities for the paranoid; maybe the whole thing was started by a secret MS lab in order to promote the Trusted Computing Alliance and Paladium? Have I just become responsible for a new urban legend/conspiracy theory? )-: > As for how it works, I thought that only Outlook address books were > vulnerable to this. She keeps her av up to date, and did not send > any mails after the report, apart from the one to me when I asked her > to send the av report file, so hopefully she hasn't infected anyone > else. Since the worm uses it's own smtp engine or co-opts the Windows one it may not matter whether she sent anything, and it would have been possible for the worm to send copies of itself to any system that it could find with it's own scanning facility. With her address I do believe. Without any record in sent mail. > She isn't on a lan, and she doesn't use file-sharing programs, so that > part's OK. Is she connected by dial-up or a broadband connection? If the latter the "network" she uses to access the web can be treated as a lan by the worm. It will scan for any vulnerable system on any type of network it's connected to. > She would not have filled in an email details request form without > asking me - she plays safe every time - nor would she have allowed > the fake windows update. I had sent her reminders to avoid the fake > M$ emails and she would have made the connection. I'll do extra > checks for the files it mentions, but hopefully we have got rid of it > this time. I certainly hope so Anne. I do know what !fun you're going through. From personal experience. I also know what the next two weeks (at the very least) are going to be like for me. The only good part of it is that I usually end up with a few more members of the Mandrake Family every time something such as this happens. So I suppose it's worth the work and aggravation. > As soon as she is back home and working I'll get her av registration > details so that I can talk to Kaspersky about how we can ensure that > such things are caught 'at the door'. Although I can see how OE > would be a priority for them, I think it's unlikely that other mail > apps can't have that protection. > > Anne I hope the manufacturer of her av application is more enlightened than some of the MS "Partners." Best of luck with keeping the system clean Anne. I think we'll all need all of the luck we can get. <feel good> Time to disconnect this system and deliver it. My son should be pleased with 9.2 I think. If he doesn't he can work on his own damned system. (-; </feel good> Charlie - -- Edmonton,AB,Canada User 244963 at http://counter.li.org Mandrake 9.2 (Five Stars) 2.4.22-12.tmb.1mdk 09:42:20 up 17:20, 1 user, load average: 0.00, 0.03, 0.16 Friends, n.: People who borrow your books and set wet glasses on them. People who know you well, but like you anyway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/lqtYG11CaRuZZSIRAjySAKCZun9SkecuUO+cBAg7FlGSKE/eOQCfYX// wdJ657/MEKC46O7vyg13rXM= =wuZC -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
