Friday, January 19, 2007

When Worms Attack

As if hundred-mile-per-hour winds aren’t bad enough, a malicious worm is making the rounds in Europe and elsewhere, using e-mailed storm warnings as a way to propagate itself.

In the latest sign that virus writers are getting craftier in their nefarious work, the nasty Storm Worm masquerades as legitimate e-mails with subject lines bearing storm alerts, such as “230 dead as storm batters Europe.”

The e-mails are being sent with worm-infected attachments — “video.exe,” “fullstor.exe,” or “readmore.exe,” among other names — designed to wreak all sorts of havoc on PCs.

Comments:
Oh my goodness RW. Do you have worms?

Ya' know, my dog has never had worms.

Did your worms eat our e-mails?

You didn't really want me to shoot "roaming dogs" with a 12-gauge did you?

Would a 12-gauge be an appropriate attack on worms though?

(Wink Wink & Smile)
 
@@,

I think the worms did eat your email on it's way here, unless it's slower than snail mail.

A 12 gauge would get the job done. It might be a little much if all they were doing is roaming I guess.
 
Aaaaawwwhhh! Why so subdued RW? @@'s up for fun! Ecstatically happy.

Returning to work week after next. Afternoons only. But hey, when you love 'em like I do, and enjoy the challenge, two and a half hours is equivalent to...I don't know...it's hard to explain.

It's a party! (Huge the corners of my smile are stuck in my ears smile)

See 'ya!
 
RW,

I've been getting these exact emails. Bellsouth is intercepting them before they reach my mailbox.

In addition to the "storm warning", I had 4 emails from Bellsouth this morning alerting me to more virus-infected messages, whose subject lines spoke of Chinese and Russian missiles being shot down.

I've been getting a ton of other junk email lately. I send it on its way without opening it, and block the sender, but its an exercise in futility.

I never got any spam until I used Bellsouth webmail when I was out of town. I wonder if that is how they snuck in through the back door.
 
@@,

Did you have to say huge?


Buy Danish,

Do you have Bell South's mailguard turned on? It's good about blocking spam so that you never see it, although it's bad about blocking newsletters that you want too. Maybe you accidentally turned it off when you used the webmail.

I don't really think using the webmail should have done anything, but the other computer you used may have some spyware on it that's harvesting email addresses. Although I would think your address probably would already have been on that computer somewhere.
 
RW,

Good point. It's just strange that it happened right after I used that computer.

I'm going to check my settings now. As it's set now it alerts me when it thinks it has found junkmail, so I "see" it in that (other than the viruses they intercepted) it separates out the junk but I have to block the sender and delete the message.
 
Buy Danish,

Are you sure it's Bell South that alerts you? That junk mail notice sounds like what I get from Outlook.
 
RW,

It's from "postmaster@bellsouth.net". I do use Outlook...
 
Buy Danish,

Maybe the postmaster is spamming you! The only time I've ever seen that is if I send something to someone that rejects it either because they block it or the address is wrong. Hey, maybe your computer is a zombie spam server and it's YOU!

AVG checks all of my incoming mail and I don't block anything with a filter. I think there is an email filter program available that will stop most of it. I'm not sure what it is or what programs it works with, but essentially what happens is that someone sends you an email, you send back a message to them with a code they have to enter and resend it to you. When all of that gets done the original sender is now able to send mail straight through to you.
 
RW,

This is the body of one of the messages the Bellsouth postmaster sent me -

The message or an attachment did not reach the intended recipient(s).

Subject: Chinese missile shot down USA aircraft
From: ubxzia@cawleynea-tbwa.ie
To: (my email address)
Date: Sat, 20 Jan 2007 08:53:14 -0500

Reason: virus detected (/mxl/spool/9c/9ce12b54.1285053360.31034.mxm42aec/BASEFILE.virus.out.att.03->(UPX) is a security risk named W32/Downloader.AYEN)
Action: deny


I have never received one of these messages either (other than when I had an incorrect email address) until yesterday when it took the same action against the "storm warning" email.

I may look into that registry system. I sent someone an email recently and had to do that. It was easy - now I just need to find out what program he used.
 
Buy Danish,

Have you asked them about that? It seems odd that they would tell you that an email didn't reach you when they aren't going to let it reach you anyway. Maybe I don't get those because I told them not to block anything coming to me.

Another thing may be the transition from Bell South to AT&T. They might just have a different way of doing things. If they are changing out in phases they may have just phased you into the new way.
 
RW,

At the Bellsouth website which describes Mail Guard facts it says this about email viruses:

What happens to a worm or virus when BellSouth MailGuard detects it?

When a virus is detected, MailGuard attempts to clean the message first. The recipient is notified that the message contained a virus. If it is not possible to clean the virus, the message is deleted and the recipient is notified the message was deleted.

When a worm is detected, the message is automatically deleted and no notification to sender or recipient is made. A worm is usually sent unknowingly by the sender.

 
BD,

Are you trying to tell me I should go read that stuff before I make up an answer?

Maybe since I have mailguard turned off it just deletes a message with a virus and doesn't tell me otherwise it seems like I would have seen one come in and get zapped by AVG.
 
RW,

It was thanks to you that I read any of that mailguard stuff in the first place!

Maybe you've just been spared this virus infected spam, so bellsouth has not had to interfere.
 
It's hard to believe that I would manage to avoid it, but that is a happy thought.

Should I respond to a place that is asking me if I want to join their stable of geniuses? It sounds a little pretentious to me.
 
RW,

I don't believe that geniuses live in stables. I would mistrust any source that made such a claim.
 
Buy Danish,

OK, I won't respond to that email. Mr. Ed was pretty damn close to being a genius though.
 
RW,

Very true, but there will never be anyone like Mr. Ed ever again.
 
Of course, of course...
 


Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?