[SECC] Virus notices received are false!!!

[Bill Coleman]

On 7/30/02 1:24 AM, David L. Thompson at thompson@mindspring.com wrote:

>Ed K4SB told me last week he was getting fake virus notices.  Yesterday I
>starting these also.
>Some are from ISP's that say delivery failed.  I got 20 of these just today.
>The sysop needs to look at the whole address not just the prime address and
>he or she will see these come from someone else.  I also get fake notices
>from at least two addresses to e-,mail addresses I have never addressed
>unless they are on a reflector such as sedxc@contesting.com.   Two messages
>even contained the klez virus which Norton caught as always.

This family of virii is very clever. Anything to get you to open the 
attachment and infect yourself.

I see this also, but since I'm using a Mac and not using a Microsoft mail 
client, I'm completely immune -- and it's completely transparent to me.

Many of these do all kinds of dirty tricks to make you open them. First, 
they are almost never from the person indicated in the From: tag. 
Instead, the e-mail identity is spoofed to look from someone else. The 
most ingenius is the one that looks like a bounced-mail message from a 
system. It is spoofed to look like something you sent (but, of course, 
you didn't). And, in trying to figure out what it was, you'll open the 
attachment and be infected.

Most of the attachments are marked with an audio file MIME type. I think 
this prevents it from being visible in Outlook, and in many cases will 
cause the file to be executed indirectly. 

The one with the most chutzpah is the virus notice that looks like it was 
sent from Microsoft. It invites you to install the antidote to the virus. 
Of course, the attachment is the virus itself.....




Bill Coleman, AA4LR, PP-ASEL        Mail: aa4lr@arrl.net
Quote: "Not within a thousand years will man ever fly!"
            -- Wilbur Wright, 1901