Re: clever virus attack (Att. Dalal)
the attachments in this case were JPG and GIF files. since MS normally configured these to open with IE, they were deemed unsafe and would not open and could not be detached either, so you could never access them, but they were still there. Herb - Original Message - From: David Miers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 05, 2004 1:19 AM Subject: RE: clever virus attack (Att. Dalal) I don't think you can configure the level one file extensions. What they have eliminated though I don't consider a bad thing. Anytime you need to send someone something though whether it be on a network or email a compressed zip or rar file is always a better choice. A lot less chance of a file being corrupted this way and if a virus was in a compressed file it would be isolated until opened. At least it cannot start a problem just because I opened an email with it attached.
RE: clever virus attack (Att. Dalal)
There is no problem in viewing either jpeg or gif files on my system at this point in Outlook. Possibly in Microsoft's ongoing wisdom(meant to be sarcastic!)(to Microsoft, not you Herb) they changed this around at some point. -Original Message- From: Herb Chong [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 6:38 AM To: [EMAIL PROTECTED] Subject: Re: clever virus attack (Att. Dalal) the attachments in this case were JPG and GIF files. since MS normally configured these to open with IE, they were deemed unsafe and would not open and could not be detached either, so you could never access them, but they were still there. Herb - Original Message - From: David Miers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 05, 2004 1:19 AM Subject: RE: clever virus attack (Att. Dalal) I don't think you can configure the level one file extensions. What they have eliminated though I don't consider a bad thing. Anytime you need to send someone something though whether it be on a network or email a compressed zip or rar file is always a better choice. A lot less chance of a file being corrupted this way and if a virus was in a compressed file it would be isolated until opened. At least it cannot start a problem just because I opened an email with it attached.
Re: clever virus attack (Att. Dalal)
after they introduced the security patch that prevented opening JPG and GIF, it took several months for them to remove that particular part of the patch. i saw a lot of support calls go by on the online help forums. Herb... - Original Message - From: David Miers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 05, 2004 12:21 PM Subject: RE: clever virus attack (Att. Dalal) There is no problem in viewing either jpeg or gif files on my system at this point in Outlook. Possibly in Microsoft's ongoing wisdom(meant to be sarcastic!)(to Microsoft, not you Herb) they changed this around at some point.
Re: clever virus attack (Att. Dalal)
Herb, I seriously doubt that you have ever installed Outlook 2000. :-) It does not depend on an exchange server. Outlook can be configured to use perfectly ordinary SMTP servers, IMAP servers, POP3 servers, and the secure variants. During installation you get all the necessary questions to configure it properly, it's all about installing the right services to use. You can modify your installation later as well if you like. Windows Update is a good idea to have active, but just like Antivirus software, there's always a lag before patches are published. There's no substitute for a good measure of caution. Jostein - Original Message - From: Herb Chong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 2:58 AM Subject: Re: clever virus attack (Att. Dalal) i seriously doubt you are running Outlook 2000. the program depends on an Exchange server running on a separate machine for handling mail and is designed for medium to large businesses. ISP's don't use Exchange servers for email because they are too easy to hack, cost too much money, and require much bigger machines than running POP3 servers. run Windows Update from your Start Menu and it takes care of everything automatically. Herb - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 6:21 PM Subject: RE: clever virus attack (Att. Dalal) Hey guys, I just went to the microsoft site to download the patch and discovered that it varies depending on the Outlook Express version you are running. This is fine, BUT, I am running Microsoft Outlook 2000 and it isn't indicated anywhere. Any idea what I should do?
Re: clever virus attack (Att. Dalal)
Tan, As has been mentioned, the virus in question is a Beagle (Bagle) variant. If you don't have any antivirus (AV) software, download a trial and scan your system. Or use one of the online scan engines. If you have AV software that just wasn't updated, try downloading a disinfection tool. Preferably from your AV vendor, but if they don't have any, try this one: http://www.f-secure.com/tools/f-bagle.zip What scares the willies out of me is that there seems to be an ongoing war between two teams of virus developers, the Beagle bunch and the Netsky team... I think we will see more creative variants in the future, unfortunately. Jostein - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 12:21 AM Subject: RE: clever virus attack (Att. Dalal) Hey guys, I just went to the microsoft site to download the patch and discovered that it varies depending on the Outlook Express version you are running. This is fine, BUT, I am running Microsoft Outlook 2000 and it isn't indicated anywhere. Any idea what I should do? tan. -Original Message- From: Mark Roberts [mailto:[EMAIL PROTECTED] Sent: Thursday, 4 March 2004 9:05 AM To: [EMAIL PROTECTED] Subject: Re: clever virus attack (Att. Dalal) Lasse Karlsson [EMAIL PROTECTED] wrote: Got one too a few hours ago. Mark Dalal's email address noted as sender in the mailinfo (while the sender in my reader gave a noreply + my isp as sender). Whether it means Mark is infected, or just got his address stolen I don't know. (The same password that others reported). With these viruses, you can be certain that the person whose computer sent it to you is anyone *but* the person listed in the From line. That's about the only thing you can be certain of, though... -- Mark Roberts Photography and writing www.robertstech.com
Re: clever virus attack (Att. Dalal)
i refuse to install Outlook 2000 on my machines because it still remains vulnerable to scripting viruses in emails. they run whenever you have preview enabled. Herb... - Original Message - From: Jostein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 3:44 AM Subject: Re: clever virus attack (Att. Dalal) It does not depend on an exchange server. Outlook can be configured to use perfectly ordinary SMTP servers, IMAP servers, POP3 servers, and the secure variants. During installation you get all the necessary questions to configure it properly, it's all about installing the right services to use. You can modify your installation later as well if you like.
Re: clever virus attack (Att. Dalal)
alright, i have installed when it came out with Office 2000 and removed it pretty much right away. it took MS almost a year to fix several scripting security bugs in Outlook when they issued a fix for Outlook Express within a couple of weeks. i have to use Outlook at work and there it does't contain any settings for configuring any other type of server. Herb... - Original Message - From: Jostein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 3:44 AM Subject: Re: clever virus attack (Att. Dalal) It does not depend on an exchange server. Outlook can be configured to use perfectly ordinary SMTP servers, IMAP servers, POP3 servers, and the secure variants. During installation you get all the necessary questions to configure it properly, it's all about installing the right services to use. You can modify your installation later as well if you like.
RE: clever virus attack (Att. Dalal)
Go into 'Tools', 'Email Accounts' 'Add a new account' and hey presto it should show you the options. -Original Message- From: Herb Chong [mailto:[EMAIL PROTECTED] Sent: 04 March 2004 11:28 To: [EMAIL PROTECTED] Subject: Re: clever virus attack (Att. Dalal) alright, i have installed when it came out with Office 2000 and removed it pretty much right away. it took MS almost a year to fix several scripting security bugs in Outlook when they issued a fix for Outlook Express within a couple of weeks. i have to use Outlook at work and there it does't contain any settings for configuring any other type of server. Herb... - Original Message - From: Jostein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 3:44 AM Subject: Re: clever virus attack (Att. Dalal) It does not depend on an exchange server. Outlook can be configured to use perfectly ordinary SMTP servers, IMAP servers, POP3 servers, and the secure variants. During installation you get all the necessary questions to configure it properly, it's all about installing the right services to use. You can modify your installation later as well if you like.
Re: clever virus attack (Att. Dalal)
i think that the mail administrators have removed all options on my work Outlook except Exchange servers. Herb - Original Message - From: Rob Brigham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 6:32 AM Subject: RE: clever virus attack (Att. Dalal) Go into 'Tools', 'Email Accounts' 'Add a new account' and hey presto it should show you the options.
Re: clever virus attack (Att. Dalal)
your updates are available under Office Updates and there aren't many of them. they are rolled up into Service Packs for Office. you have a choice of installing the service packs or digging through all of the Microsoft Security Bulletins and seeing which updates are available for Outlook. they issue them very infrequently and except when they are issued as part of a service pack, are all separate. it's up to you to figure out if they apply to you or not. it's a lot of work. i really think you want to use a different email client and use Outlook only for Calendaring. Herb - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 9:20 PM Subject: RE: clever virus attack (Att. Dalal) I don't know which Outlook 2000 you are referring to, but I assure you that when I go to the Help menu and click on About Microsoft Outlook it says that I am using Microsoft Outlook 2000 - (9.0.0.2711) Internet Mail Only. It is the email software that comes with Microsoft Office 2000, and I really like using it as it keeps track of my in and outgoing emails to my individual clients, and also my appointments etc. I have no idea which Outlook 2000 you are thinking of?
Re: clever virus attack (Att. Dalal)
- Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] My virus definitions in Norton's are dated 2nd March. The latest incarnations of Bagle emerged on the 2nd. It is possible that your update missed it, but it sounds unlikely... Icky stuff, these virii. Jostein
Re: clever virus attack (Att. Dalal)
I think the password protection of the ZIP file makes virus detection not possible. My McAfee didn't found it before it was unzipped. On Thu, 2004-03-04 at 17:30, Jostein wrote: - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] My virus definitions in Norton's are dated 2nd March. The latest incarnations of Bagle emerged on the 2nd. It is possible that your update missed it, but it sounds unlikely... Icky stuff, these virii. Jostein -- Frits Wüthrich [EMAIL PROTECTED]
RE: clever virus attack (Att. Dalal)
Whether or not it protects you or not I can't say for sure, but the documentation plainly states, with a Outlook 2000 updated to current security patches, that until you open the mail all the way scripts cannot run. It also tells you when a email contains scripts ahead of time. From what I can see Outlook is actually way more secure then Outlook express 6. It does not allow any files attached that match the definitions in what is termed level 1. The mail will come in with the attachment deleted. This does not 100% stop virus attachments from coming in, but it does kill most of them. If you run in restricted mode scripts are not supposed to run period if I understand correctly. I simply turn off preview when downloading emails so I can see who they are from etc and if attachments are present. This way I can delete the file without it having any opportunity to run. Then I turn on preview and read my mail as usual. I believe the updates and patches for Office 2000 make a big difference for security in the Outlook your referring to. I believe the only way your going to be completely secure is to run a email client that supports text only email and/ or Linux, which to be quite frank is quite bring!!! There is a lot of nice attributes to html and scripts that I truly enjoy. I have friends that send me very creative stationary that would be missed otherwise. I have to turn off the restricted zone security settings to view them after I verify who they are from. The main thing is just be careful. If you can't enjoy your computer what's the sense of it all in my opinion. A computer is a tool, but it also can deliver a lot of pleasure. Learn how to work the security features of the programs your running to their full advantage IMHO. Just my 2cents worth -Original Message- From: Herb Chong [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 6:21 AM To: [EMAIL PROTECTED] Subject: Re: clever virus attack (Att. Dalal) i refuse to install Outlook 2000 on my machines because it still remains vulnerable to scripting viruses in emails. they run whenever you have preview enabled. Herb... - Original Message - From: Jostein [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 3:44 AM Subject: Re: clever virus attack (Att. Dalal) It does not depend on an exchange server. Outlook can be configured to use perfectly ordinary SMTP servers, IMAP servers, POP3 servers, and the secure variants. During installation you get all the necessary questions to configure it properly, it's all about installing the right services to use. You can modify your installation later as well if you like.
Re: clever virus attack (Att. Dalal)
i don't remember MS allowing the end user to configure what constituted Level 1. a lot of angry users called up to ask what happened to their attachments for several months. Herb - Original Message - From: David Miers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 1:59 PM Subject: RE: clever virus attack (Att. Dalal) It does not allow any files attached that match the definitions in what is termed level 1. The mail will come in with the attachment deleted. This does not 100% stop virus attachments from coming in, but it does kill most of them. If you run in restricted mode scripts are not supposed to run period if I understand correctly.
RE: clever virus attack (Att. Dalal)
I don't think you can configure the level one file extensions. What they have eliminated though I don't consider a bad thing. Anytime you need to send someone something though whether it be on a network or email a compressed zip or rar file is always a better choice. A lot less chance of a file being corrupted this way and if a virus was in a compressed file it would be isolated until opened. At least it cannot start a problem just because I opened an email with it attached. -Original Message- From: Herb Chong [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 8:30 PM To: [EMAIL PROTECTED] Subject: Re: clever virus attack (Att. Dalal) i don't remember MS allowing the end user to configure what constituted Level 1. a lot of angry users called up to ask what happened to their attachments for several months. Herb - Original Message - From: David Miers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 04, 2004 1:59 PM Subject: RE: clever virus attack (Att. Dalal) It does not allow any files attached that match the definitions in what is termed level 1. The mail will come in with the attachment deleted. This does not 100% stop virus attachments from coming in, but it does kill most of them. If you run in restricted mode scripts are not supposed to run period if I understand correctly.
Re: clever virus attack (Att. Dalal)
Got one too a few hours ago. Mark Dalal's email address noted as sender in the mailinfo (while the sender in my reader gave a noreply + my isp as sender). Whether it means Mark is infected, or just got his address stolen I don't know. (The same password that others reported). Just deleted it. My McAfee virus scan didn't find anything wrong with the attached Message.zip-file. Lasse At http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] where there is more info on it, says: [EMAIL PROTECTED] is a worm that spreads by email and steals information from a user's machine. The email has the following characteristics: Subject: your account [random string] Attachment: message.zip The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses. This threat takes advantage of known vulnerabilities: MS02-15 and MS03-14. A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp. We encourage system administrators to apply the Microsoft patch to prevent infection by this worm. The worm is packed with UPX. Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat. Symantec Security Response has created a tool to remove [EMAIL PROTECTED]
Re: clever virus attack (Att. Dalal)
Gee, I was thinking the same thing. If you want a client with a similar interface, try The Bat (www.ritlabs.com). I have had way fewer problems in general since getting away from MS Outlook Express. -- Best regards, Bruce Wednesday, March 3, 2004, 3:36:11 PM, you wrote: MR Tanya Mayer Photography [EMAIL PROTECTED] wrote: Hey guys, I just went to the microsoft site to download the patch and discovered that it varies depending on the Outlook Express version you are running. This is fine, BUT, I am running Microsoft Outlook 2000 and it isn't indicated anywhere. Any idea what I should do? MR Get rid of Outhouse Express. MR http://www.pmail.com (It's free)
Re: clever virus attack (Att. Dalal)
It just means Mark Dalal's address is in the infected computer's address book. regards, Anthony Farr - Original Message - From: Lasse Karlsson [EMAIL PROTECTED] Got one too a few hours ago. Mark Dalal's email address noted as sender in the mailinfo .. (snip)
Re: clever virus attack (Att. Dalal)
i seriously doubt you are running Outlook 2000. the program depends on an Exchange server running on a separate machine for handling mail and is designed for medium to large businesses. ISP's don't use Exchange servers for email because they are too easy to hack, cost too much money, and require much bigger machines than running POP3 servers. run Windows Update from your Start Menu and it takes care of everything automatically. Herb - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 6:21 PM Subject: RE: clever virus attack (Att. Dalal) Hey guys, I just went to the microsoft site to download the patch and discovered that it varies depending on the Outlook Express version you are running. This is fine, BUT, I am running Microsoft Outlook 2000 and it isn't indicated anywhere. Any idea what I should do?
RE: clever virus attack (Att. Dalal)
Herb, I don't know which Outlook 2000 you are referring to, but I assure you that when I go to the Help menu and click on About Microsoft Outlook it says that I am using Microsoft Outlook 2000 - (9.0.0.2711) Internet Mail Only. It is the email software that comes with Microsoft Office 2000, and I really like using it as it keeps track of my in and outgoing emails to my individual clients, and also my appointments etc. I have no idea which Outlook 2000 you are thinking of? tan. -Original Message- From: Herb Chong [mailto:[EMAIL PROTECTED] Sent: Thursday, 4 March 2004 11:59 AM To: [EMAIL PROTECTED] Subject: Re: clever virus attack (Att. Dalal) i seriously doubt you are running Outlook 2000. the program depends on an Exchange server running on a separate machine for handling mail and is designed for medium to large businesses. ISP's don't use Exchange servers for email because they are too easy to hack, cost too much money, and require much bigger machines than running POP3 servers. run Windows Update from your Start Menu and it takes care of everything automatically. Herb - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 6:21 PM Subject: RE: clever virus attack (Att. Dalal) Hey guys, I just went to the microsoft site to download the patch and discovered that it varies depending on the Outlook Express version you are running. This is fine, BUT, I am running Microsoft Outlook 2000 and it isn't indicated anywhere. Any idea what I should do?
Re: clever virus attack (Att. Dalal)
From: Anthony Farr [EMAIL PROTECTED] It just means Mark Dalal's address is in the infected computer's address book. Are you sure? I can't seem to find a virus on my computer but I want to be sure before I go emailing people. Thanks, Mark
Re: clever virus attack (Att. Dalal)
you need to find a different email program. MS Outlook is porous to virus writers without a server in front of it that is filtering them for you. MS updates Outlook far less often than Outlook Express and it remains vulnerable for much longer, even with addon antivirus programs. MS relies on Exchange server to do all of the heavy work and that is where they put their security fixes. you're running a much larger risk of a virus sneaking through and damaging things than users of Outlook Express, and they already are considered porous. there are many email clients that can keep track of your incoming and outgoing emails at least as well if not a lot better, although none of the lightweight ones come with calendaring. virtually all of them are more secure against virus attacks than any of the MS products. Herb... - Original Message - From: Tanya Mayer Photography [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 9:20 PM Subject: RE: clever virus attack (Att. Dalal) I don't know which Outlook 2000 you are referring to, but I assure you that when I go to the Help menu and click on About Microsoft Outlook it says that I am using Microsoft Outlook 2000 - (9.0.0.2711) Internet Mail Only. It is the email software that comes with Microsoft Office 2000, and I really like using it as it keeps track of my in and outgoing emails to my individual clients, and also my appointments etc. I have no idea which Outlook 2000 you are thinking of?
