Re: A very nice game (an example)
On Wed, 24 Apr 2002 13:44:34 -0700, Doug McKean wrote: >For those interested in how to track down something like this, >take a look at the header information. You'l see a bunch of >"Received: xx" lines. Lots of tricks involved here, including possibility of forged headers. Those interested may want to look at Jeffrey Race --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
A very nice game
I read in !emc-pstc that Robert Wilson wrote (in <3FF57405336C9B4C976A1819F860A2560F697E@xng_tirsys.TIRSYS.COM>) about 'A very nice game', on Wed, 24 Apr 2002: >I have used it several times to >eliminate viruses my son managed to get, Is it safer than MRI, then? (;-) -- Regards, John Woodgate, OOO - Own Opinions Only. http://www.jmwa.demon.co.uk Interested in professional sound reinforcement and distribution? Then go to http://www.isce.org.uk PLEASE do NOT copy news posts to me by E-MAIL! --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
Re: A very nice game (an example)
From: "T.Sato" > > # BTW, a good anti-virus solution is to stop using Microsoft Windows > # (at least Microsoft's mailers)! :-) I suppress the preview pane for viewing the contents of my mail and use only two panes, one for mail folders and the other for the list of emails in the selected folder. To check emails, I right click on the subject line of the email, select Properties, select Details, then select Message Source. That opens up the entire email in its own separate window to include all header info and the entire message in the body. I can read the message and check addresses without ever opening up the mail. I generally don't open any attachments unless I know the person or have had the attachment checked. There's a very easy way which costs nothing to have some very complete and effective virus checking. Go to any one of the more high profile free email websites to open an account. I find they're very good at checking for virii. Also, that way if you are anywhere which has web access, you can keep up with any of your emails. And keep the personal email account back home strictly for private personal and discretionary communiqués. Regards, Doug McKean --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
Re: A very nice game (an example)
On Wed, 24 Apr 2002 13:44:34 -0700, "Doug McKean" wrote: > For those interested in how to track down something like this, > take a look at the header information. You'l see a bunch of > "Received: xx" lines. In this case there were 6 of them ... > Now, take a look at the "Message-Id:" line further down. > I get > Message-Id: <20020424215907.d25ca22...@coer.zju.edu.cn> > > This one is little more difficult for some hackers to hide. I suggest not to believe domain name (QFDN part) in Message-ID line. It is very easy to hide - see Message-ID of this message. Received: lines would be more reliable as far as the mail didn't posted through "remailers", but we (except the administrators of the mailing list, possibly) can't use them to find the origination of the mails distributed through emc-pstc mailing list. # BTW, a good anti-virus solution is to stop using Microsoft Windows # (at least Microsoft's mailers)! :-) Regards, Tom -- Tomonori Sato URL: http://member.nifty.ne.jp/tsato/ xvkbd-2.3 (virtual keyboard for X) available --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
One more thing I forgot to mention, that may be useful. Pegasus (the email program I use at home) has a very nice "Selective Download" feature, that allows you to review what is on your server BEFORE downloading it. Thus, you can screen and delete (at the source!!) all suspicious messages or advertisements, without ever downloading them. When I had a problem with some idiot who felt compelled to email me 300 to 500K file attachments some time ago, as well as a group of people whose Outlook was emailing me virus attachments on a daily basis, this feature was really quite handy. Pegasus is available free at www.pmail.com Bob Wilson TIR Systems Ltd. Vancouver. -Original Message- From: Robert Wilson Sent: April 24, 2002 11:37 AM To: emc-p...@ieee.org Subject: RE: A very nice game All of which makes one wonder why one would ever use IE as a mail reader! Rather like using a wrench as a hammer; sure, it can be made to work ...but why? Personally, I use Outlook at work (only because I have to). But at home, I use Pegasus which I feel is the best email program going, and it is free for the download. Bob Wilson TIR Systems Ltd. Vancouver. -Original Message- From: Douglas C. Smith [mailto:d...@emcesd.com] Sent: April 24, 2002 10:36 AM To: Robert Wilson Cc: emc-p...@ieee.org Subject: Re: A very nice game Robert, You do not have to open the attachment on this one at all if you have IE! Just preview or open the message. During virus outbreaks, like this one, I use a great webmail reader mail2web.com to preview my mail before downloading it. Doug Robert Wilson wrote: > > In spite of the attachment having been removed by the system, it was > pretty darned obvious what this must have been. It always amazes me that > people are foolish (stupid?) enough to open attachments to obviously > suspicious emails like this one, that are from people they don't know, > and subjects that make no sense. > > Bob Wilson > TIR Systems Ltd. > Vancouver. > > -Original Message- > From: Bill Ellingford [mailto:bill.ellingf...@motion-media.com] > Sent: April 24, 2002 4:37 AM > To: 'jmw'; emc-p...@ieee.org > Subject: RE: A very nice game > Importance: High > > URGENT > Please be aware that the above E-mail to the EMC group contained a > virus. > Fortunately our system removed it from the message. > Bill Ellingford > > -Original Message- > From: jmw [mailto:j...@jmwa.demon.co.uk] > Sent: 24 April 2002 22:59 > To: emc-p...@ieee.org > Subject: A very nice game > > -- Virus Warning Message (on gemini2) > > setup.exe is removed from here because it contains a virus. > > - > > * > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" -- --- ___ _ Doug Smith \ / ) P.O. Box 1457 = Los Gatos, CA 95031-1457 _ / \ / \ _ TEL/FAX: 408-356-4186/358-3799 / /\ \ ] / /\ \ Mobile: 408-858-4528 | q-( ) | o |Email: d...@dsmith.org \ _ /
Re: A very nice game (an example)
For those interested in how to track down something like this, take a look at the header information. You'l see a bunch of "Received: xx" lines. In this case there were 6 of them in the email I received. To start with the first received, go to the *bottom* one. That's where this post first entered the net but isn't necessarily the originating point of the email. To cross check this, also take a look at the "From:" line. I get "Received: (from daemon@localhost) by ruebert.ieee.org (Switch-2.1.0/Switch-2.1.0) id g3O9LbE23259 for emc-pstc-resent; Wed, 24 Apr 2002 05:21:37 -0400 (EDT) From: jmw " Now, take a look at the "Message-Id:" line further down. I get Message-Id: <20020424215907.d25ca22...@coer.zju.edu.cn> This one is little more difficult for some hackers to hide. We can see there's some discrepancies in the domain name. Notably "coer.zju.edu.cn" and "jmwa.demon.co.uk" To start tracking this down, I use several websites for searching. One is Amnesi at http://www.amnesi.com/ The other is DNS411 at http://www.dns411.com/ The Amnesi one is very powerful. Searching under "coer.zju.edu.cn", we find that it crosses to the IP address 210.32.156.246 The people hosting that domain name is is Zhejiang University at Hangzhou, Zhejiang 310027, China. They cover IP addresses 210.32.128.0 to 210.32.159.255 If we apply a "www" in front of the "coer.zju.edu.cn", we (surprise! surprise!) end up at a Chinese firm titled "Centre for Optical & Electromagnetic Research". or a place which uses the acronym 'COER '. We still don't know where the email came from. I would bet though that one or the other of these places would be able to track it down. It would be this point I would send off a gently worded email to webmasters, postmasters and abuse at both places. I would take the base domain name, and then at the front of it add Webmaster@domainname Postmaster@domainname abuse@domainname I assure you, one of these will be a valid address for your complaint. First, I would Reply to the email and delete the email addresses which come up in the reply. This keeps track of the email throughout all the platforms it traveled. I would not delete the subject line. Second, I would state the incidence in very brief terms at the top of my email. Webmasters have enough to do than wade through long quoted material to find the message. Keep it brief and extremely polite. Third, I would copy and paste under my message to the webmaster ALL of the header information to the email under my message. Then, finally, I would copy and paste under the header information all the information in the body of the email. I am asking all of you NOT to do this with this particular post we had. Our webmasters are perfectly capable of doing this and taking care of the business. I'm merely presenting a way each of you can in your private emails can take care of offending emails. I can testify to the fact that if you follow this procedure, it can be most effective. Regards, Doug McKean --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
For what it's worth, an absolutely excellent virus purge program is F-Prot, available from Frisk Software International at: http://www.f-prot.com/f-prot/download/ The DOS version is FREE and supported with very frequent (almost weekly) virus signature file updates. It runs just fine in a DOS window on WindowsNT, 2000, XP, 95 and 98. I have used it several times to eliminate viruses my son managed to get, and once to locate and purge a neighbor's computer of a virus that McAfee was unable to disinfect. Bob Wilson TIR Systems Ltd. Vancouver. -Original Message- From: Douglas C. Smith [mailto:d...@emcesd.com] Sent: April 24, 2002 10:33 AM To: Chris Chileshe Cc: 'Bill Ellingford'; emc-p...@ieee.org Subject: Re: A very nice game Hi Chris and the Gang, It was probably a particularly nasty one called W32/Klez.h@MM which I have received through other channels several times lately. It is bad enough that if you actually get infected (McAfee will prevent this if your DAT files are reasonably new) you have to go into DOS and follow steps outlined my McAfee to get rid of it as it disables virus scanners. It appears to exploit an incorrect MIME header which causes IE to do some nasty things to your computer automatically by just opening or previewing the message. MAC's and PC's with Netscape Mail do not seem to be infected. I opened the letter in Netscape Messenger and did not get either a warning message or an infection. A URL on McAfee about this is: http://vil.mcafee.com/dispVirus.asp?virus_k=99455 One way to help avoid this type of thing is not to open email larger than a few tens (a long text message) of kB without knowing before who sent it and why. Long messages can harbor viruses. Doug Chris Chileshe wrote: > > Bill, > > Do we know which virus it was? > > Regards > > -Original Message- > From: Bill Ellingford [SMTP:bill.ellingf...@motion-media.com] > Sent: Wednesday, April 24, 2002 12:37 PM > To: 'jmw'; emc-p...@ieee.org > Subject:RE: A very nice game > Importance: High > > URGENT > Please be aware that the above E-mail to the EMC group contained a virus. > Fortunately our system removed it from the message. > Bill Ellingford > > -Original Message- > From: jmw [mailto:j...@jmwa.demon.co.uk] > Sent: 24 April 2002 22:59 > To: emc-p...@ieee.org > Subject: A very nice game > > -- Virus Warning Message (on gemini2) > > setup.exe is removed from here because it contains a virus. > > - > > * > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" > > > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > > > > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe..
RE: A very nice game
All of which makes one wonder why one would ever use IE as a mail reader! Rather like using a wrench as a hammer; sure, it can be made to work ...but why? Personally, I use Outlook at work (only because I have to). But at home, I use Pegasus which I feel is the best email program going, and it is free for the download. Bob Wilson TIR Systems Ltd. Vancouver. -Original Message- From: Douglas C. Smith [mailto:d...@emcesd.com] Sent: April 24, 2002 10:36 AM To: Robert Wilson Cc: emc-p...@ieee.org Subject: Re: A very nice game Robert, You do not have to open the attachment on this one at all if you have IE! Just preview or open the message. During virus outbreaks, like this one, I use a great webmail reader mail2web.com to preview my mail before downloading it. Doug Robert Wilson wrote: > > In spite of the attachment having been removed by the system, it was > pretty darned obvious what this must have been. It always amazes me that > people are foolish (stupid?) enough to open attachments to obviously > suspicious emails like this one, that are from people they don't know, > and subjects that make no sense. > > Bob Wilson > TIR Systems Ltd. > Vancouver. > > -Original Message- > From: Bill Ellingford [mailto:bill.ellingf...@motion-media.com] > Sent: April 24, 2002 4:37 AM > To: 'jmw'; emc-p...@ieee.org > Subject: RE: A very nice game > Importance: High > > URGENT > Please be aware that the above E-mail to the EMC group contained a > virus. > Fortunately our system removed it from the message. > Bill Ellingford > > -Original Message- > From: jmw [mailto:j...@jmwa.demon.co.uk] > Sent: 24 April 2002 22:59 > To: emc-p...@ieee.org > Subject: A very nice game > > -- Virus Warning Message (on gemini2) > > setup.exe is removed from here because it contains a virus. > > - > > * > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" -- --- ___ _ Doug Smith \ / ) P.O. Box 1457 = Los Gatos, CA 95031-1457 _ / \ / \ _ TEL/FAX: 408-356-4186/358-3799 / /\ \ ] / /\ \ Mobile: 408-858-4528 | q-( ) | o |Email: d...@dsmith.org \ _ /]\ _ / Website: http://www.dsmith.org --- --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
Agreed -- I've received this virus about 50 times in the last few days, but each time the system (local server) quarantines it.. Mike Hopkins Thermo KeyTek -Original Message- From: Robert Wilson [mailto:robert_wil...@tirsys.com] Sent: Wednesday, April 24, 2002 11:47 AM To: emc-p...@ieee.org Subject: RE: A very nice game In spite of the attachment having been removed by the system, it was pretty darned obvious what this must have been. It always amazes me that people are foolish (stupid?) enough to open attachments to obviously suspicious emails like this one, that are from people they don't know, and subjects that make no sense. Bob Wilson TIR Systems Ltd. Vancouver. -Original Message- From: Bill Ellingford [mailto:bill.ellingf...@motion-media.com] Sent: April 24, 2002 4:37 AM To: 'jmw'; emc-p...@ieee.org Subject: RE: A very nice game Importance: High URGENT Please be aware that the above E-mail to the EMC group contained a virus. Fortunately our system removed it from the message. Bill Ellingford -Original Message- From: jmw [mailto:j...@jmwa.demon.co.uk] Sent: 24 April 2002 22:59 To: emc-p...@ieee.org Subject: A very nice game -- Virus Warning Message (on gemini2) setup.exe is removed from here because it contains a virus. - * --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
I deleted the file email immediately, but our IS group is asking what the file name was. Can anyone remember what it was, so I can pass it on to them. Thanks Doug Beckwith Naftali Shani @majordomo.ieee.org on 04/24/2002 12:06:22 PM Please respond to Naftali Shani Sent by: owner-emc-p...@majordomo.ieee.org To: "'Chris Chileshe'" , "'Bill Ellingford'" , "'emc-p...@ieee.org'" cc: Subject: RE: A very nice game If I'm not wrong, this is the KLEZ virus (Win32.Klez.I@mm). Regards, Naftali Shani, Catena Networks (www.catena.com) 307 Legget Drive, Kanata, Ontario, Canada K2K 3C8 613.599.6430/866.2CATENA (X.8277); C 295.7042; F 599.0445 E-mail: nsh...@catena.com -Original Message- From: Chris Chileshe [mailto:chris.chile...@ultronics.com] Sent: Wednesday, April 24, 2002 10:19 AM To: 'Bill Ellingford'; emc-p...@ieee.org Subject: RE: A very nice game Bill, Do we know which virus it was? Regards -Original Message- From: Bill Ellingford [SMTP:bill.ellingf...@motion-media.com] Sent: Wednesday, April 24, 2002 12:37 PM To: 'jmw'; emc-p...@ieee.org Subject: RE: A very nice game Importance:High URGENT Please be aware that the above E-mail to the EMC group contained a virus. Fortunately our system removed it from the message. Bill Ellingford -Original Message- From: jmw [mailto:j...@jmwa.demon.co.uk] Sent: 24 April 2002 22:59 To: emc-p...@ieee.org Subject: A very nice game -- Virus Warning Message (on gemini2) setup.exe is removed from here because it contains a virus. - * --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc dis
RE: A very nice game
Some thoughts. Assuming that this was a virus, the warning could be helpful
to some. While I agree with Robert comments in part, in fact a lot of the
viruses that exploit weaknesses in "Microsoft Outlook" use the sender's
address book. So you WILL get viruses from people you know or correspond
with (as in this case?).
I think at least one virus read the sender's Inbox, so you could even get a
"reply" to a message you had sent. ("This file is in reply to your
message"?).
PS: Even in this forum, which usually has useful subjects, we have had
subjects such as:
"Decisions/choices"
"Back to basics"
"An old chestnut"
etc.
best regards, glyn
---
This message is from the IEEE EMC Society Product Safety
Technical Committee emc-pstc discussion list.
Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/
To cancel your subscription, send mail to:
majord...@ieee.org
with the single line:
unsubscribe emc-pstc
For help, send mail to the list administrators:
Ron Pickard: emc-p...@hypercom.com
Dave Heald: davehe...@attbi.com
For policy questions, send mail to:
Richard Nute: ri...@ieee.org
Jim Bacher: j.bac...@ieee.org
All emc-pstc postings are archived and searchable on the web at:
http://ieeepstc.mindcruiser.com/
Click on "browse" and then "emc-pstc mailing list"
Re: A very nice game
Robert, You do not have to open the attachment on this one at all if you have IE! Just preview or open the message. During virus outbreaks, like this one, I use a great webmail reader mail2web.com to preview my mail before downloading it. Doug Robert Wilson wrote: > > In spite of the attachment having been removed by the system, it was > pretty darned obvious what this must have been. It always amazes me that > people are foolish (stupid?) enough to open attachments to obviously > suspicious emails like this one, that are from people they don't know, > and subjects that make no sense. > > Bob Wilson > TIR Systems Ltd. > Vancouver. > > -Original Message- > From: Bill Ellingford [mailto:bill.ellingf...@motion-media.com] > Sent: April 24, 2002 4:37 AM > To: 'jmw'; emc-p...@ieee.org > Subject: RE: A very nice game > Importance: High > > URGENT > Please be aware that the above E-mail to the EMC group contained a > virus. > Fortunately our system removed it from the message. > Bill Ellingford > > -Original Message- > From: jmw [mailto:j...@jmwa.demon.co.uk] > Sent: 24 April 2002 22:59 > To: emc-p...@ieee.org > Subject: A very nice game > > -- Virus Warning Message (on gemini2) > > setup.exe is removed from here because it contains a virus. > > - > > * > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" -- --- ___ _ Doug Smith \ / ) P.O. Box 1457 = Los Gatos, CA 95031-1457 _ / \ / \ _ TEL/FAX: 408-356-4186/358-3799 / /\ \ ] / /\ \ Mobile: 408-858-4528 | q-( ) | o |Email: d...@dsmith.org \ _ /]\ _ / Website: http://www.dsmith.org --- --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
Re: A very nice game
Hi Chris and the Gang, It was probably a particularly nasty one called W32/Klez.h@MM which I have received through other channels several times lately. It is bad enough that if you actually get infected (McAfee will prevent this if your DAT files are reasonably new) you have to go into DOS and follow steps outlined my McAfee to get rid of it as it disables virus scanners. It appears to exploit an incorrect MIME header which causes IE to do some nasty things to your computer automatically by just opening or previewing the message. MAC's and PC's with Netscape Mail do not seem to be infected. I opened the letter in Netscape Messenger and did not get either a warning message or an infection. A URL on McAfee about this is: http://vil.mcafee.com/dispVirus.asp?virus_k=99455 One way to help avoid this type of thing is not to open email larger than a few tens (a long text message) of kB without knowing before who sent it and why. Long messages can harbor viruses. Doug Chris Chileshe wrote: > > Bill, > > Do we know which virus it was? > > Regards > > -Original Message- > From: Bill Ellingford [SMTP:bill.ellingf...@motion-media.com] > Sent: Wednesday, April 24, 2002 12:37 PM > To: 'jmw'; emc-p...@ieee.org > Subject:RE: A very nice game > Importance: High > > URGENT > Please be aware that the above E-mail to the EMC group contained a virus. > Fortunately our system removed it from the message. > Bill Ellingford > > -Original Message- > From: jmw [mailto:j...@jmwa.demon.co.uk] > Sent: 24 April 2002 22:59 > To: emc-p...@ieee.org > Subject: A very nice game > > -- Virus Warning Message (on gemini2) > > setup.exe is removed from here because it contains a virus. > > - > > * > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" > > > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > > > > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > > > --- > This message is from the IEEE EMC Society Product Safety > Technical Committee emc-pstc discussion list. > > Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ > > To cancel your subscription, send mail to: > majord...@ieee.org > with the single line: > unsubscribe emc-pstc > > For help, send mail to the list administrators: > Ron Pickard: emc-p...@hypercom.com > Dave Heald: davehe...@attbi.com > > For policy questions, send mail to: > Richard Nute: ri...@ieee.org > Jim Bacher: j.bac...@ieee.org > > All emc-pstc postings are archived and searchable on the web at: > http://ieeepstc.mindcruiser.com/ > Click on "browse" and then "emc-pstc mailing list" -- --- ___ _ Doug Smith \ / ) P.O. Box 1457 = Los Gatos, CA 95031-1457 _ / \ / \ _ TEL/FAX: 408-356-4186/358-3799 / /\ \ ] / /\ \ Mobile: 408-858-4528 | q-( ) | o |Email: d...@dsmith.org \ _ /]\ _ / Website: http://www.dsmith.org --
Admin message: RE: A very nice game virus.
Hi Chris, Bill, and all other subscribers: A message with the subject: A very nice game was sent to the IEEE (emc-pstc) for posting by our listserver. The original message contained a virus known as KLEZ.G. The IEEE computer detected the virus. This virus was stripped from the message by the IEEE (computer gemini2). Then the remainder of the message was distributed by the listserver. The message you received from emc-pstc did not contain a virus. One of the characteristics of the virus is that it replaces the "From" line with a random address from the local address book. So, we don't know which subscriber's computer is infected with the virus. We only know that jmw was included in the subscriber's address book. More info on this virus can be obtained from the usual sources, one of which is: http://www.sophos.com/virusinfo/analyses/w32klezg.html Best regards, Rich co-administrator, IEEE emc-pstc listserver --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
If I'm not wrong, this is the KLEZ virus (Win32.Klez.I@mm). Regards, Naftali Shani, Catena Networks (www.catena.com) 307 Legget Drive, Kanata, Ontario, Canada K2K 3C8 613.599.6430/866.2CATENA (X.8277); C 295.7042; F 599.0445 E-mail: nsh...@catena.com -Original Message- From: Chris Chileshe [mailto:chris.chile...@ultronics.com] Sent: Wednesday, April 24, 2002 10:19 AM To: 'Bill Ellingford'; emc-p...@ieee.org Subject: RE: A very nice game Bill, Do we know which virus it was? Regards -Original Message- From: Bill Ellingford [SMTP:bill.ellingf...@motion-media.com] Sent: Wednesday, April 24, 2002 12:37 PM To: 'jmw'; emc-p...@ieee.org Subject:RE: A very nice game Importance: High URGENT Please be aware that the above E-mail to the EMC group contained a virus. Fortunately our system removed it from the message. Bill Ellingford -Original Message- From: jmw [mailto:j...@jmwa.demon.co.uk] Sent: 24 April 2002 22:59 To: emc-p...@ieee.org Subject: A very nice game -- Virus Warning Message (on gemini2) setup.exe is removed from here because it contains a virus. - * --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
In spite of the attachment having been removed by the system, it was pretty darned obvious what this must have been. It always amazes me that people are foolish (stupid?) enough to open attachments to obviously suspicious emails like this one, that are from people they don't know, and subjects that make no sense. Bob Wilson TIR Systems Ltd. Vancouver. -Original Message- From: Bill Ellingford [mailto:bill.ellingf...@motion-media.com] Sent: April 24, 2002 4:37 AM To: 'jmw'; emc-p...@ieee.org Subject: RE: A very nice game Importance: High URGENT Please be aware that the above E-mail to the EMC group contained a virus. Fortunately our system removed it from the message. Bill Ellingford -Original Message- From: jmw [mailto:j...@jmwa.demon.co.uk] Sent: 24 April 2002 22:59 To: emc-p...@ieee.org Subject: A very nice game -- Virus Warning Message (on gemini2) setup.exe is removed from here because it contains a virus. - * --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
Bill, Do we know which virus it was? Regards -Original Message- From: Bill Ellingford [SMTP:bill.ellingf...@motion-media.com] Sent: Wednesday, April 24, 2002 12:37 PM To: 'jmw'; emc-p...@ieee.org Subject: RE: A very nice game Importance: High URGENT Please be aware that the above E-mail to the EMC group contained a virus. Fortunately our system removed it from the message. Bill Ellingford -Original Message- From: jmw [mailto:j...@jmwa.demon.co.uk] Sent: 24 April 2002 22:59 To: emc-p...@ieee.org Subject: A very nice game -- Virus Warning Message (on gemini2) setup.exe is removed from here because it contains a virus. - * --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list" This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
RE: A very nice game
URGENT Please be aware that the above E-mail to the EMC group contained a virus. Fortunately our system removed it from the message. Bill Ellingford -Original Message- From: jmw [mailto:j...@jmwa.demon.co.uk] Sent: 24 April 2002 22:59 To: emc-p...@ieee.org Subject: A very nice game -- Virus Warning Message (on gemini2) setup.exe is removed from here because it contains a virus. - * --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on "browse" and then "emc-pstc mailing list"
A very nice game
README.TXT Description: Binary data
