Re: computer virus alert

From: George McKinlay (mckinlay@unr.edu)
Date: Sat Oct 05 2002 - 08:19:12 PDT


Viruses... worms, trojans and other computer diseases are somewhat
misnamed in that they are not for the most part a computer problem so
much as an operating system/application problem. Mike's solution of
using a unix mail client works quite well but not because it is old or
less technological because if you use just about any mail client that
is not Microsoft the problem is suddenly a non problem... These attacks
for the most part rely on Microsoft's visual basic and other Windows
specific api's for data exchange between programs. To be even more
accurate perhaps these critters should be called Microsoft virses/worms
etc as the vector is this companies wares.

Avoiding the reading of email from others because you don't know them
is a little like not walking in the street because you believe the
local "I Witness News" gossip that crime is just outside your door. The
alienated and alienating horror of this mentality does nothing to
address the issue and only exacerbates it. The use of anti-virus
software is not a cure, in fact said software can lead to a false sense
of security in that undetected viruses and lethargic updates to the
software can lull users into thinking they have protection so they
behave rather promiscuously with attachments. Perhaps abstinence does
have its place... only when it comes to the sharing of .doc and .xls
files as well as the use of Microsoft email clients.

I have the problem here of other faculty who insist on using MS Word as
an email client; I get these 5 lines of agenda items or minutes as an
Word file attachment—the offending faculty give me grief because I
refuse any such attachments point blank, then they accuse me of bad
netiquette when I try to explain that Word files are not email... The
funny thing is viruses don't affect me directly—I don't use products
from a company that tells me where I want to go today!

On Saturday, October 5, 2002, at 05:37 AM, Bill Barowy wrote:

> Hi Ana,
>
> Even tho the short answer is simple -- the message is an old xmca
> posting --
> I've suggested a couple of methods to verify this assertion, as mass
> mailer
> worms seem to be using old messages to disguise their payload, with
> increasing frequency:
>
> You can always ask Alfred directly if he sent a message to you -- but
> use the
> email address from your address book rather than replying to the
> message. If
> the message from Alfred is the carrier of the virus, then its return
> address
> will most likely be incorrect. The problem with this method is that
> some mm
> viruses (older ones) do not disguise the return address and it is
> identical
> to that of the victim's. In this case trying to contact the person
> over email
> usually fails because their inbox is filled with replies, some of
> which may
> have been made by mass mailers that have installed themselves on others
> computers.
>
> It seems likely, however, that the email is an old message sent to
> xmca,
> since the subject line is identical to the one i received. Another
> way to
> check, if you are nervous about opening the message, is to compare the
> subject heading to that of old xmca messages. That can be done either
> thru
> sorting old mail by subject headings, or by putting the contents of the
> subject line into google. Google finds everything (I wish i had a
> google for
> my socks) and it 's what i used to find out that the message i
> received was
> an old xmca mail.
>
> Mike's rule relies upon redundancy in the social network, which to a
> great
> degree is enacted through the computer medium. Yet the medium is what
> is
> threatened by mm viruses, as they exploit the social network
> fossilized/materialized in email address books. One might think that
> there
> is an inherent vulnerability in using the thing threatened to insure
> safety
> -- but if the definition of "odd attachments" applies to those
> attachments
> you are not expecting because of a history of interaction, then the
> rule is a
> pretty good one. I've been burned by an exception to the rule: I
> opened an
> attachment that i was expecting from a student because her project was
> due.
> The virus definitions on my computer were not up to date, and i ended
> up
> having to completely reinstall the system software.
>
> Hopefully the trend for third party utilities to become built into
> system
> software (like "window shade" on the mac, or "defrag" on the PC) will
> be true
> for antivirus software and spam filters. But I don't think that
> technology
> alone will solve social problems.
>
> bb
>
>
>
> On Friday 04 October 2002 11:19 pm, Ana Marjanovic-Shane wrote:
>> I also received an e-mail from Alfred Lang but I have not opened it
>> yet.
>> In the meantime, I did get this virus, but my virus scan program
>> caught it
>> and erased it right away.
>> Should I open Lang's mail at all or just delete it??
>> It's subject is: Re: The human condition: CHAT and my interests
>>
>> What do you say, Bill?
>>
>> Ana
>>
>>
>>
>>
>> ----------------------------------------
>> Ana Marjanovic-Shane
>> home: 1-215 - 843 - 2909
>> mobile:+267 -334-2905
>>
>> -----Original Message-----
>> From: Bill Barowy [mailto:wbarowy@attbi.com]
>> Sent: Friday, October 04, 2002 6:58 PM
>> To: xmca@weber.ucsd.edu
>> Subject: computer virus alert
>>
>> Looks like an xmca'er in Brazil has a mass mailer computer worm.
>> Please
>> make
>> sure to be careful about opening attachments that seem to come
>> directly to
>> you
>> from ANY xmca'er. Scan the attachment first. Make sure your virus
>> definitions
>> are up to date
>>
>> The worm is pulling out old messages from the victim's mailbox and
>> sending
>> them
>> to people who are in the addressbook. It fakes the return address to
>> look
>> like
>> the message came from someone else. The message i received is below.
>>
>> (I thought it strange that Alfred's email address would be from Brazil
>> (note the ".br" at the end)
>>
>> And if you are in brazil and you are able to read this message,
>> better do a
>> virus scan -- allegro
>>
>> bb
>>
>> ---------- Forwarded Message ----------
>>
>> Return-Path: <alfred.lang@uol.com.br>
>> Received: from ginsberg.uol.com.br ([200.221.4.48]) by
>> sccrgwc04.attbi.com
>> (InterMail vM.4.01.03.37 201-229-121-137-20020806) with
>> ESMTP
>> id
>> <20021004215745.HOXW28731.sccrgwc04.attbi.com@ginsberg.uol.com.br>
>> for <wbarowy@attbi.com>; Fri, 4 Oct 2002 21:57:45 +0000
>> Received: from nome-1wy7k2k6gy ([200.158.176.222])
>> by ginsberg.uol.com.br (8.9.1/8.9.1) with SMTP id SAA06585;
>> Fri, 4 Oct 2002 18:38:12 -0300 (BRT)
>> Date: Fri, 4 Oct 2002 18:38:12 -0300 (BRT)
>> Message-Id: <200210042138.SAA06585@ginsberg.uol.com.br>
>> From: Alfred Lang <alfred.lang@uol.com.br>
>> Subject: Re: The human condition: CHAT and my interests
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary="----------1I6BX5J1PD0G9OI"
>> Status: R
>> X-Status: N
>> <HTML><HEAD></HEAD><BODY>
>> <iframe src=cid:V6Xc8z2Nq4f5Y height=0 width=0>
>> </iframe>
>> <FONT></FONT>
>> Eric, Nate, Ricardo, and others,<br>
>> <br>
>> Eric, I'm indeed familiar with Jaan Valsiner, he has been teaching
>> <br>
>> here for several weeks. Our approaches to culture inclusive <br>
>> psychology are sort of co-evolving for a couple of years alread
>> </BODY></HTML>
>>
>> -------------------------------------------------------
>>
----------------------------------------------------
George Mckinlay
Research & Educational Planning Center
University of Nevada, Reno
http://ical.mac.com/mckinlay/REPC
----------------------------------------------------



This archive was generated by hypermail 2b29 : Fri Nov 01 2002 - 01:00:06 PST