Virus check...
The Natural Philosopher
(sc...@virsutotal.com : Subject SCAN. This is what they sent back)
The interesting thing is not that there was a virus there: I was almost
sure the was..but how many sites *didn't* find it..
Complete scanning result of "WW_671282.zip", processed in VirusTotal
at 08/12/2008 14:39:39 (CET).
[ file data ]
* name..: WW_671282.zip
* size..: 49434
* md5...: aefa2457dce9214b1349403bba664d12
* sha1..: c4aa3c90299e783113bb5c97d830f15a618bb226
* peid..: -
[ scan result ]
AhnLab-V3 2008.8.12.0/20080812 found nothing
AntiVir 7.8.1.19/20080812 found [TR/Spy.ZBot.DPI]
Authentium 5.1.0.4/20080812 found [W32/Downldr2.DIFW]
Avast 4.8.1195.0/20080811 found nothing
AVG 8.0.0.156/20080812 found [Pakes_c.SH]
BitDefender 7.2/20080812 found [Trojan.Spy.Wsnpoem.GH]
CAT-QuickHeal 9.50/20080811 found nothing
ClamAV 0.93.1/20080812 found [Trojan.Zbot-1936]
DrWeb 4.44.0.09170/20080812 found nothing
eSafe 7.0.17.0/20080811 found nothing
eTrust-Vet 31.6.6027/20080812 found [Win32/Kollah.NG]
Ewido 4.0/20080812 found nothing
F-Prot 4.4.4.56/20080812 found [W32/Downldr2.DIFW]
F-Secure 7.60.13501.0/20080812 found [Trojan-Spy.Win32.Zbot.dvy]
Fortinet 3.14.0.0/20080812 found nothing
GData 2.0.7306.1023/20080812 found [Trojan-Spy.Win32.Zbot.dvy]
Ikarus T3.1.1.34.0/20080812 found [Win32.Outbreak]
K7AntiVirus 7.10.412/20080812 found nothing
Kaspersky 7.0.0.125/20080812 found [Trojan-Spy.Win32.Zbot.dvy]
McAfee 5358/20080811 found nothing
Microsoft 1.3807/20080812 found [PWS:Win32/Zbot.gen!G]
NOD32v2 3348/20080812 found [Win32/Spy.Agent.PZ]
Norman 5.80.02/20080812 found nothing
Panda 9.0.0.4/20080812 found nothing
PCTools 4.4.2.0/20080812 found nothing
Prevx1 V2/20080812 found nothing
Rising 20.57.12.00/20080812 found nothing
Sophos 4.32.0/20080812 found [Troj/Dloadr-BPX]
Sunbelt 3.1.1542.1/20080812 found [Trojan-Spy.Win32.Zbot.gen (v)]
Symantec 10/20080812 found [Trojan.Wsnpoem]
TheHacker 6.2.96.396/20080812 found nothing
TrendMicro 8.700.0.1004/20080812 found [TROJ_DLOADR.IM]
VBA32 3.12.8.3/20080811 found nothing
ViRobot 2008.8.12.1333/20080812 found nothing
VirusBuster 4.5.11.0/20080811 found nothing
Webwasher-Gateway 6.6.2/20080812 found [Win32.NewMalware.PU!59392]
Martin Jay
wrote:
>I received a suspect mail and sent it off to the virus scan site.
>(sc...@virsutotal.com : Subject SCAN. This is what they sent back)
>
>The interesting thing is not that there was a virus there: I was almost
>sure the was..but how many sites *didn't* find it..
Interesting, but not surprising. Did you read this article
<http://resources.zdnet.co.uk/articles/features/0,1000002000,39440184,00.htm>:
----- Begin Quote -----
Eva Chen, chief executive of Trend Micro, has strong views about how
effective the antivirus industry has been over the past 20 years.
Show related
articles
According to Chen, the security industry has over-hyped how effective
its products are — and so has been misleading customers — for years.
Chen believes that no single company can offer adequate protection
against the sheer volume of new viruses that are being churned out by
cybercriminals. According to the security industry, five and a half
million new samples were detected in 2007.
----- End Quote -----
--
Martin Jay
Tim Downie
> I received a suspect mail and sent it off to the virus scan site.
> (sc...@virsutotal.com : Subject SCAN. This is what they sent back)
>
> The interesting thing is not that there was a virus there: I was
> almost sure the was..but how many sites *didn't* find it..
Not that surprising really. If it's a new one, I imagine it'll take a few
days before all the companies become aware of it and update their virus
definition files. Probably if you resubmitted it tomorrow, there would be a
far higher detection rate.
At the end of the day, common sense is your first line of defence against
viruses. You'd have to be a real dweeb to imagine that a file with a name
like "WW_671282.zip" attched to an email *wasn't" a virus.
Tim
Kevin
programmers and professionals for a Major credit card company and last
week alone we have had 6 different viruses caused by them opening dodgy
emails or surfing weird sites during lunch breaks
--
Kevin R
Reply address works
Tim Ward
news:eYgok.152193$dz3.1...@newsfe20.ams2...
>
> trouble is the Dweebs live amongst us ,I am working with 300+
> programmers and professionals for a Major credit card company and last
> week alone we have had 6 different viruses caused by them opening dodgy
> emails
I just don't see them. I don't know what virus filtering services my ISP
(34sp) uses but pretty well nothing at all ever gets through.
Look, hardly any email uses actually *want* to receive these viruses, surely
to goodness, so why doesn't *every* ISP just silently dump them by default?
--
Tim Ward
Brett Ward Limited - www.brettward.co.uk
NOSP...@gmail.com
wrote:
>I received a suspect mail and sent it off to the virus scan site.
>(sc...@virsutotal.com : Subject SCAN. This is what they sent back)
I'm surprised it reached there at all...LOL
The Natural Philosopher
Oh, I totally agree.
But this is not a particularly new one I think.
> Tim
>
>
Java Jive
I suspect the OP may have received the same or a similar email to the
one I got this morning, which claimed to be from UPS concerning a
package I had posted a month ago. What I presume was a payload
pretended to be some sort of form 'UPS' wanted me to complete, in a
zip. Fortunately, I haven't posted anything via UPS recently, so I
knew straight away it was spam, and killfiled it.
Recently, I have also received spam pretending to be from Microsoft in
conjunction with one of the phone companies, or perhaps it was the
other way round, saying that I had won a draw for Microsoft website
users. As I do have a Microsoft website ID, and Microsoft do have
some form of relationship with that company, this was potentially
quite convincing, especially as I need the money! Nevertheless I
forwarded the letter to the phone company's CS department to ask if it
was genuine. As I had no reply, I eventually presumed it was fake and
killfiled it.
There have been a number of other such recently, but I can't remember
details now. I think one concerned the National Lottery, or Premium
Bonds, or perhaps there was one of each.
AFAICR the one thing they all had in common was that the email address
of the sender didn't appear to be connected with the company being
impersonated. Accordingly I would advise anyone that receives an
unexpected email to check
1) That the sender's email address is from a domain controlled by the
company/ies purporting to be contacting you - in the Microsoft
example, does it actually come from microsoft.com, or the actual phone
company's domain, rather than just a superficially similar domain
name.
2) Try and learn to check out and understand email headers, so you
can get some sort of idea of the route the mail took to reach you.
Anything you are not convinced of, try and obtain local expert advice.
Anything that definitely doesn't add up, leave well alone.
Also emails are sent unencrypted, and can be trawled as they cross the
net. Never give out anything like bank or other such details to
anyone in an email.
I've even had my mobile number trawled like that - when I emailed it
to someone a few months ago, I started to receive porno texts within
24 hours. I contacted both my phone company's CS and some overview
umbrella organisation explaining the illegal way the number must have
been obtained, and the texts stopped without my ever having to reply
to them, or my being charged for them.
On Tue, 12 Aug 2008 15:26:23 +0100, "Tim Ward" <t...@ipaccess.com>
wrote:
Eleanor Blair
>
>But this is not a particularly new one I think.
Oh the payload attached to the UPS emails has been changing pretty
rapidly, far faster than some AV vendors update their virus
definitions. Once a day doesn't really cut it any more.
The advice not to follow links or open attachments unless you've
confirmed in some way that they are genuine is much more useful.
Especially as the scam ones like this are getting more convincing.
Kevin
unknown virus and your friend emailing you a holiday video Zipped up is
where the problem lies, do you want your ISP to filter out a wanted
emails because it might be a virus?
zulu
"Java Jive" <ja...@evij.com> wrote in message
news:oga3a4leekcl31fr0...@4ax.com...
> Trouble is, they are designed to look like something else.
>
> I suspect the OP may have received the same or a similar email to the
> one I got this morning, which claimed to be from UPS concerning a
> package I had posted a month ago. What I presume was a payload
> pretended to be some sort of form 'UPS' wanted me to complete, in a
> zip. Fortunately, I haven't posted anything via UPS recently, so I
> knew straight away it was spam, and killfiled it.
>
>>>>>>>>>>
OH S!!T
I recd. that a few days ago and I opened it as I WAS expecting a
dellivery...
I realised what it was too late ...... :-((((
I then updated AVG and did a full scan which found nowt.
Everythins _seeeeems_ OK, but....
Now what?
Is my Dell going toturn into a pumpkin next Friday the thirtenth?
(Currently rescanning all with updated AVG again....<X's fingers>
Grrrrrrrrrrrrrr
--
ŚzuluŚ
Eeyore
The Natural Philosopher wrote:
> I received a suspect mail and sent it off to the virus scan site.
> (sc...@virsutotal.com : Subject SCAN. This is what they sent back)
>
> The interesting thing is not that there was a virus there: I was almost
> sure the was..but how many sites *didn't* find it..
That happened to me once. It was a 'rare' virus. Had to do a manual removal
based on a method from one its cousins !
Graham
Java Jive
On Tue, 12 Aug 2008 18:07:02 +0100, "zulu"
<zulu.romeo...@ntlworld.com> wrote:
>
> I recd. that a few days ago and I opened it as I WAS expecting a
> dellivery...
[snip]
zulu
> As long as you didn't open the zip, I *think* you should be ok ...
Darned if I can remember now... :o)
AVG is still scanning.
<gulp>
--
ŚzuluŚ
Tim Ward
>
> thats ok if your ISP knows its a virus, how it differentiates between an
> unknown virus and your friend emailing you a holiday video
Dunno, but they seem to be good at it.
> Zipped up is where the problem lies,
Ah, well, they've got this clever trick, see, have had for years, which is
to look *inside* an archive. (Any worthwhile virus scanner does that.)
--
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor
Tim Ward
news:20080812185...@peterson.fenrir.org.uk...
>
> What happens when a weird attachment arrives that you need just happens
> to resemble a virus and is silently binned?
Yup, a real risk.
Which so far as I know (and therefore so far as matters to me) has never
happened.
So that's fine then.
--
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Klunk
writing:
> "Kevin" <donte...@ntlworld.com> wrote in message
> news:rNiok.181324$Lw1....@newsfe29.ams2...
>>
>> thats ok if your ISP knows its a virus, how it differentiates between
>> an unknown virus and your friend emailing you a holiday video
>
> Dunno, but they seem to be good at it.
>
>> Zipped up is where the problem lies,
>
> Ah, well, they've got this clever trick, see, have had for years, which
> is to look *inside* an archive. (Any worthwhile virus scanner does
> that.)
A great many gateway scanners use clamav - no doubt because it is free,
and it's been looking in archives for a long time. AFAIR it is also able
to deal with password protected archives and even tell the difference
between a spoofed file extension because of the mime type (that is a .exe
that has been rename to .jpg). It does depend on how the gateway scanner
is set up mind you.
Only problem is Trend have been trying to make a few people shit the bed
as far as clamav is concerned, but that is a different story.
The thing is malware (or Window$ self-distributing freeware as I call it)
should not be the responsibility of your ISP. Even the best scanners can
be spoofed by telneting directly into an ISP's server and dumping a virus
on in for a local user by injecting it in base64. You need to be guarding
at your own gateway for this.
--
powered by Linux - bastardized by Window$ -
givem...@wibblywobblyteapot.co.uk
Tim Ward
news:48a1e43d$0$2516$da0f...@news.zen.co.uk...
>
> The thing is malware (or Window$ self-distributing freeware as I call it)
> should not be the responsibility of your ISP.
That, surely to goodness, is a matter for grown-ups to arrange between
themselves. My ISP chooses to offer this service, and I choose to buy it.
Neither of us needs anybody else telling us that it's "not [his]
responsibility".
Kevin
> "Kevin" <donte...@ntlworld.com> wrote in message
> news:rNiok.181324$Lw1....@newsfe29.ams2...
>> thats ok if your ISP knows its a virus, how it differentiates between an
>> unknown virus and your friend emailing you a holiday video
>
> Dunno, but they seem to be good at it.
>
>> Zipped up is where the problem lies,
>
> Ah, well, they've got this clever trick, see, have had for years, which is
> to look *inside* an archive. (Any worthwhile virus scanner does that.)
>
use firewalls or virus scanners, they think that the windows must be
safe as Microsoft would not sell a insecure system would they???, and
these people do exist as I have been asked to fix their pc's
Stephen
<ele...@the-blairs.co.uk> wrote:
>The Natural Philosopher wrote:
>>
>>But this is not a particularly new one I think.
>
>Oh the payload attached to the UPS emails has been changing pretty
>rapidly, far faster than some AV vendors update their virus
>definitions. Once a day doesn't really cut it any more.
>
>The advice not to follow links or open attachments unless you've
>confirmed in some way that they are genuine is much more useful.
>Especially as the scam ones like this are getting more convincing.
But security is all about defense in depth.
Most useful one i know is to run the PC by default as a "normal user"
rather than the default sysadmin that M$oft sets up by default, a lot
of these payloads dont get past the OP Sys security restrictions.
mind you - so many tools dont work properly that i dont do it on my
home machine.......
--
Regards
stephe...@xyzworld.com - replace xyz with ntl
Colin Wilson
> sure the was..but how many sites *didn't* find it..
For everyone else, there are a couple of similar sites that do
comparative testing, such as...
http://www.av-comparatives.org is also useful for checking out the
relative strength of an updated and un-updated machine.
Colin Wilson
> programmers and professionals for a Major credit card company and last
> week alone we have had 6 different viruses caused by them opening dodgy
> emails or surfing weird sites during lunch breaks
I'd have to query the accessibility of the machines if it's that
prevalent - let me guess, your site uses IE, allows activex, and uses
an old version of java ?
Perhaps it's time to treat them like babies - given the offenders a
linux box, and add site filtering software to everything else (like K9
web protection)
Colin Wilson
> <gulp>
If you're stuck, check out some of the links on my site -
http://www.coreutilities.co.uk
Start with Sysclean (kill AVG temporarily first), and scan with Spybot
S&D as well once you're done.
If you're not sure if the system is clean, try to stay offline for 2-3
days to let the virus signatures catch up, then download the latest
sigs / spyware definitions from another machine and install them with
your main system remaining offline.
I've just had to do this for a colleagues' fathers laptop - an initial
scan showed 18 viruses, mainly of the bank account stealing sort, and
another 20 traces of the same appeared in Spybot S&D.
A scan a couple of days later came up with a couple more things, but
these seemed to have been rendered useless by the earlier scans.
Tim Ward
in message news:MPG.230c169fc...@news.motzarella.org...
>
> let me guess, your site uses ... an old version of java ?
Given that there are different bugs in different versions of Java, and even
when there aren't "bugs" that can be proven as such there are
incompatibilities, you sometimes need different versions of Java in order to
be able to run different applications.
If you're *very* unlucky this means each machine needs several versions of
Java, and each user needs to be adept at spotting when an application is
trying to run with the wrong version and fixing it. More common is the
situation that you find a version of Java that works for most of your users
most of the time ... but it's quite likely not the latest one, given the
application development and upgrade cycle times, hence people using "an old
version of Java" for extremely good reasons is not going to be uncommon.
Colin Wilson
> able to run different applications.
Although I don't use java heavily, I don't recall a single application
written using the official (non-microsoft-bastardised-pseudo-java)
version not working with the latest release :-}
Sadly, our place is keen to use activex and bastardised-non-java-java
for almost everything from intranet to bespoke applications :-/
...and yes, now we find ourselves in the same situation where we need
to have java switchers in place to run what I warned them about years
ago.
Java Jive
--- On Wed, 13/8/08, irish...@optonline.net
<irish...@optonline.net> wrote:
> -----Inline Attachment Follows-----
> From: irish...@optonline.net <irish...@optonline.net>
> Subject: Congratulation, You Have Won £800,000.00!!!
> To:
> Date: Wednesday, 13 August, 2008, 12:31 AM
>
> Dear Winner,
>
> This is to officially notify you that youremail
> address officially emerged and wonthe sum of £800,000GBP
> (Eight HundredThousand British Pounds Sterling) in theOnline
> Irish Gaming Board Programme.
>
>For more information on how
> toredeem your prize, You are to replyto your claims agent
> with theinformation below as soon as you receive this
> notification.
> NAME: Mr. Terry
> ColeE-mail: ir.ter...@hotmail.co.uk
> INFORMATION FOR CLAIMS
> 1. Full Names:
> 2. Address:
> 3. Phone numbers:
> 4. Country:
>
>Your's Truly
> (Promotions Co-ordinator)Copyright © 2008 Irish
> NationalLottery Inc.
Note:
eMail purports to be from Irish Gaming Board, but comes from
optonline.net domain, which is just another ISP, and I should reply to
hotmail domain, which one of the most easily abused online email
systems, in that they make only minimal, if any, provenance checks.
Split infinitive, wouldn't mean anything the other side of the pond,
but bad English this side, capital Y in middle of sentence, Your's
instead of yours.
Mail contains attachment the purpose of which is not mentioned in
text.
So virus spam, I think. Pity, I could have done with £800,000.
On Tue, 12 Aug 2008 16:58:21 +0100, Java Jive <ja...@evij.com> wrote:
> Trouble is, they are designed to look like something else.
[snip]
Cork Soaker
> I received a suspect mail and sent it off to the virus scan site
Had the same, it's due to your computer being infected by a virus BEFORE
the email.
Assuming your replies, this is a troll, but,
Boot a live CD and scan.
Ask for more help on this, or better yet, Google and learn a shit-load.
The Natural Philosopher
Oh dear.
This idiot isn't killfiled here.
Didn't you bother to see I was posting on a Mac, and it couldn't e
infected with a windws virus?
dennis@home
"Colin Wilson" <REMOVEEVERYTHI...@phoenixbbsZEROSPAM.co.uk> wrote
in message news:MPG.230c2129f...@news.motzarella.org...
>> you sometimes need different versions of Java in order to be
>> able to run different applications.
>
> Although I don't use java heavily, I don't recall a single application
> written using the official (non-microsoft-bastardised-pseudo-java)
> version not working with the latest release :-}
>
> Sadly, our place is keen to use activex and bastardised-non-java-java
> for almost everything from intranet to bespoke applications :-/
How are they doing that? M$ dumped their java like language years ago.
You can't download the engine or any fixes from M$.
You can't get a license to run their engine so its probably illegal if you
are.
All the existing licenses were revoked IIRC.
Eleanor Blair
>
>I recd. that a few days ago and I opened it as I WAS expecting a
>dellivery...
>
>I realised what it was too late ...... :-((((
>
>I then updated AVG and did a full scan which found nowt.
>Everythins _seeeeems_ OK, but....
With the virus that was in the first batch of emails you'd have known if
you ran the program in the zip file as the machine would have
immediately rebooted. It's not clear if the later ones work in exactly
the same way, but I suspect it's similar.
Spybot S&D is quite good at detecting and removing things, and you
probably need something like it to remove actual infections rather than
just relying on your usual AV software, which is better for detection
and prevention.
Flyińg Ńuń 2°°8 +
I know it isn't free, but how well to you rate Troan Hunter?
http://www.misec.net/trojanhunter/
--
Heard melodies are sweet, but those Unheard are sweeter
flyi...@tiscali.co.uk FN 2같8 +, Mungo Brandybuck of Buckland
Eleanor Blair
>
>I know it isn't free, but how well to you rate Troan Hunter?
>http://www.misec.net/trojanhunter/
I don't know it personally, and it's not one of the ones explicitly
suggested by the University's Technical User Support team, but that may
just be because it's not free. Sorry I can't help.
Jules
>> you sometimes need different versions of Java in order to be
>> able to run different applications.
>
> Although I don't use java heavily, I don't recall a single application
> written using the official (non-microsoft-bastardised-pseudo-java)
> version not working with the latest release :-}
I've seen it happen a few times...
I can't help thinking something like VMWare would help with situations
like this, though - with disk space and memory being as cheap as it is,
it's easy to keep a few virtual images around with different
configurations and trivial to roll things back to a 'known-good' snapshot.
Run any untrusted apps under the virtual image, but save user data
somewhere under the host OS.
cheers
Jules
Jules
> "Brian Morrison" <b...@fenrir.org.uk> wrote in message
> news:20080812185...@peterson.fenrir.org.uk...
>>
>> What happens when a weird attachment arrives that you need just happens
>> to resemble a virus and is silently binned?
>
> Yup, a real risk.
It seems acceptable to me though, providing such things aren't silently
binned but can be retrieved from the ISP on a case-by-case basis (in a
similar way I tend to scan my junk mail folder a couple of times a week
before clearing it out - every once in a while there's something
legitimate in there)
cheers
Jules
Tony Finch
>"Tim Ward" <t...@ipaccess.com> wrote:
>>
>> Look, hardly any email uses actually *want* to receive these viruses, surely
>> to goodness, so why doesn't *every* ISP just silently dump them by default?
>
>What happens when a weird attachment arrives that you need just happens
>to resemble a virus and is silently binned?
It's possible to set things up so that legitimate messages sent from
standards-compliant sites never disappear silently even when they trigger
the anti-virus filter, and without causing any collateral spam or backscatter.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
BISCAY FITZROY SOLE: WESTERLY 6 TO GALE 8, OCCASIONALLY SEVERE GALE 9 IN SOLE.
ROUGH OR VERY ROUGH, OCCASIONALLY HIGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Colin Wilson
> > for almost everything from intranet to bespoke applications :-/
> How are they doing that? M$ dumped their java like language years ago.
> You can't download the engine or any fixes from M$.
> You can't get a license to run their engine so its probably illegal if you
> are.
> All the existing licenses were revoked IIRC.
Who knows - sadly, I could care less right now, we've just been
informed they're rolling out another image to all machines, which if
it's anything like the last one they did, it'll kill all USB
functionality (not a lot of use when you have users who need to get
pictures off digital cameras regularly).
AFAIK I was the only one thinking straight and got a card reader a few
years ago - they were still trying to force us to use smartmedia via
one of the Sandisk Flashpath floppy device adaptors...
Hell, if it's anything like my existing install, it'll take 25-30
minutes to boot minimum (it's not a particularly slow machine either)
Colin Wilson
> like this
Been there, suggested that.
Klunk
writing:
> "Klunk" <givem...@wibblywobblyteapot.co.uk> wrote in message
> news:48a1e43d$0$2516$da0f...@news.zen.co.uk...
>>
>> The thing is malware (or Window$ self-distributing freeware as I call
>> it) should not be the responsibility of your ISP.
>
> That, surely to goodness, is a matter for grown-ups to arrange between
> themselves. My ISP chooses to offer this service, and I choose to buy
> it. Neither of us needs anybody else telling us that it's "not [his]
> responsibility".
It's your system and you are free as a 'grown up' to take you own
approach. It is one thing to let a virus pass on to a customer, it is
another for that customer to take responsibility for his or her actions
on opening it.
Jules
> Well, you are of course free to do as you both please, and have
> obviously considered whether the risk is acceptable to you.
Well, I would assume that any ISP-run scheme has a complete opt-out. It's
just that the OS vendors don't seem to be doing anything much to make
their products more secure, the end users seem to be, on the whole,
utterly clueless, and there are just so many new virus variations per day
that it's hard for them to keep up anyway.
I just think that putting the technology in at the ISPs might be the only
route left - and that it might take quite a bit of effort initially,
but if every ISP were doing it the problem would eventually go away
anyway as there's be no incentive to write viruses (or spam) in the
first place.
> I decided I was happy to run virus scanners on the mail server and on
> the Windows PCs to give more defence in depth, so that's fine with me.
Not running Windows helps me a lot with the defence side of course, but
what really annoys me is that someone out there feels the need to send
me this crap in the first place - hence screening it further upstream
would seem like a nice idea...
> Everyone aware of their own risks, and happy.
Except that by and large, they aren't aware... :(
cheers
J.
Adrian C
> trouble is the Dweebs live amongst us ,I am working with 300+
> programmers and professionals for a Major credit card company and last
> week alone we have had 6 different viruses caused by them opening dodgy
> emails or surfing weird sites during lunch breaks
>
Which is probably why my Bank when ape-sh*t yesterday and called me to
cancel my VISA card *even* due to the fact there had been no funny
transactions recorded on it. Not convienient for me as I'm travelling
soon :-(
--
Adrian C
Klunk
> Kevin wrote:
>
>> trouble is the Dweebs live amongst us ,I am working with 300+
>> programmers and professionals for a Major credit card company and last
>> week alone we have had 6 different viruses caused by them opening dodgy
>> emails or surfing weird sites during lunch breaks
>>
Nice one. I have a very good friend who works for a very well known anti-
virus company. The support staff have a document to follow if a virus is
sent in that has not been identified. Would you believe it reads;
"First of all confirm the file is a virus."
How do you think they have been doing this? Why, by opening them and
running them on their windows desktops and looking to see if the AV
(which never caught it in the first place, hence why the customer has
submitted it) detects it.
You could not make this up if you tried.
Cork Soaker
So what are you doing here?
Man at B&Q
A lot more than you.
The Natural Philosopher
Here being one of cam.misc. uk.d-i-y and uk.telecoms.broadband, nothing
in the posting implies either a PC, or a Linux setup.
And 'live CD' implies Linux, and I have yet to actually see a Mac
infected by a virus. I am sure its possible, but they are as rare as
hen's teeth. Viruses are largely a windows PC phenomenon.
And your advice was patntly wrong.
So?
Paul Leyland
>
> And 'live CD' implies Linux, and I have yet to actually see a Mac
> infected by a virus. I am sure its possible, but they are as rare as
> hen's teeth. Viruses are largely a windows PC phenomenon.
I've seen them, but over 10 years ago and back in days of floppy-borne
beasties. One of the joys of working for a university computer
service.
Paul
--
Paul Leyland <pc...@gen.cam.ac.uk> | Hanging on in quiet desperation is
Dept. of Genetics, Cambridge University | the English way.
Downing Street, Cambridge, CB2 3EH, UK | The time is gone, the song is over.
Tel: +44-1223-333963 Fax: +44-1223-333992 | Thought I'd something more to say.
Roland Perry
8 Oct 2008, Paul Leyland <pc...@pugwash.gen.cam.ac.uk> remarked:
>> And 'live CD' implies Linux, and I have yet to actually see a Mac
>> infected by a virus. I am sure its possible, but they are as rare as
>> hen's teeth. Viruses are largely a windows PC phenomenon.
>
>I've seen them, but over 10 years ago and back in days of floppy-borne
>beasties. One of the joys of working for a university computer
>service.
Viruses today are mainly "drive by" attacks on browsers, having
attracted the user to an infected website. The major anti-virus vendors
no doubt have statistics for which platforms are most vulnerable.
--
Roland Perry
The Natural Philosopher
Are you sure about that?
I thought they were mainly in email attachments..
Anyway I don't use IE at all, so that's mainly that.
Tim Ward
news:12234936...@proxy01.news.clara.net...
>
> I thought they were mainly in email attachments..
Haven't seen one of those for years. Are there really still people who use
ISPs who don't throw them away on the server?
Tim Ward
news:87k5ci6...@news2.kororaa.com...
> "Tim Ward" <t...@brettward.co.uk> writes:
>
>> "The Natural Philosopher" <a@b.c> wrote in message
>> news:12234936...@proxy01.news.clara.net...
>>>
>>> I thought they were mainly in email attachments..
>>
>> Haven't seen one of those for years. Are there really still people who
>> use ISPs who don't throw them away on the server?
>
Eh?? Don't get you. Do you mean "are there people who don't contribute more
than their fair share to the carbon footprint by running their own server at
home 24/7 just to pick up the occasional email"? In which case, as you know
perfectly well, the answer is "yes, there are lots of such people".
Roland Perry
Wed, 8 Oct 2008, The Natural Philosopher <a@b.c> remarked:
>> Viruses today are mainly "drive by" attacks on browsers, having
>>attracted the user to an infected website. The major anti-virus
>>vendors no doubt have statistics for which platforms are most vulnerable.
>
>Are you sure about that?
Yes, it's been like that for a year or more.
>I thought they were mainly in email attachments..
Not any more; the networks got too good at filtering them out, so the
effort has gone into other avenues.
--
Roland Perry
Tim Ward
>>>
>>> Are there really still people who use their ISP for email?
>>
>> Eh?? Don't get you. Do you mean "are there people who don't contribute
>> more
>> than their fair share to the carbon footprint by running their own server
>> at
>> home 24/7 just to pick up the occasional email"? In which case, as you
>> know
>> perfectly well, the answer is "yes, there are lots of such people".
>
Oh, I think you and I disagree about what "ISP" means. I think it means
"internet service provider". I use several different internet services, and
I use several ISPs for different purposes, quite often at the same time -
just right now I'm using one for connectivity, one for usenet access, and
one for both hosting my website and managing my email (which, like hotmail,
gmail and the like, does have a webmail interface, but I don't use it very
often). If I also used hotmail I would regard hotmail as a "provider" of one
of my "internet services", ie one of my ISPs, and I would expect them to
filter out email viruses for me.
If you think "ISP" means *just* the service of providing connectivity, and
not all the other things that many of us unbundle these days, that would
explain the confusion.
Tim S
> "August West" <aug...@kororaa.com> wrote in message
> news:87k5ci6...@news2.kororaa.com...
>> "Tim Ward" <t...@brettward.co.uk> writes:
>>
>>> "The Natural Philosopher" <a@b.c> wrote in message
>>> news:12234936...@proxy01.news.clara.net...
>>>>
>>>> I thought they were mainly in email attachments..
>>>
>>> Haven't seen one of those for years. Are there really still people who
>>> use ISPs who don't throw them away on the server?
>>
>> Are there really still people who use their ISP for email?
>
> Eh?? Don't get you. Do you mean "are there people who don't contribute
> more than their fair share to the carbon footprint by running their own
> server at home 24/7 just to pick up the occasional email"? In which case,
> as you know perfectly well, the answer is "yes, there are lots of such
> people".
>
We run our entire lives of our two servers: one RAID5 filestore (and soon to
be migrated Postgresql server) with secure remote access, the other (soon
to be upgraded on recycled equipment) general purpose server (web, calendar
(Horde), email (Exim + Dovecot), misc).
Without it, neither me nor the missus would have a clue what we're doing.
:)
Cheers
Tim
Roland Perry
Oct 2008, Tim Ward <t...@brettward.co.uk> remarked:
>If you think "ISP" means *just* the service of providing connectivity, and
>not all the other things that many of us unbundle these days, that would
>explain the confusion.
Agreed. I'm currently using seven ISPs, only two of them for
connectivity. And that's not counting niche services like Googlemail,
Skype, MS-Messenger and another half dozen other providers of similar
stuff. My Freeserve account finally expired recently, after many years
of not using them for dial-up.
--
Roland Perry
Bob Eager
> Eh?? Don't get you. Do you mean "are there people who don't contribute more
> than their fair share to the carbon footprint by running their own server at
> home 24/7 just to pick up the occasional email"? In which case, as you know
> perfectly well, the answer is "yes, there are lots of such people".
I'll confess to being one of those irresponsible people who increases
their mythical 'carbon footprint'. I receive a LOT of email, and several
thousand spams each day, which I doubt an ISP would be as efficient at
filtering.
My email server performs several other tasks, and consumes between 30
and 35 watts.
--
Bob Eager
Use the BIG mirror service in the UK:
http://www.mirrorservice.org
Tim Ward
news:176uZD2KcidF-p...@rikki.tavi.co.uk...
>
> I'll confess to being one of those irresponsible people who increases
> their mythical 'carbon footprint'. I receive a LOT of email, and several
> thousand spams each day, which I doubt an ISP would be as efficient at
> filtering.
I used to receive thousands of spams but my ISP has fixed their systems and
the spam no longer consume entropy and thus carbon by being sent down the
wire to my house.
Tim Ward
> "Tim Ward" <t...@brettward.co.uk> writes:
>
>> If you think "ISP" means *just* the service of providing connectivity,
>> and not all the other things that many of us unbundle these days, that
>> would explain the confusion.
>
> provider, news, and so on. I really don't see any utulity in
> overloading ISP.
Oh, right. I use lots of different packet shifters, depending on where I am
and what device I'm using, and quite often I don't even know what packet
shifter I'm using[#], but only one of each of most of the others.
[#] After all you never need to. Apart from having to know their SMTP
server. Which isn't *quite* enough of a pain for me to organise one of the
many alternatives for myself.
Fevric J Glandules
> If you think "ISP" means *just* the service of providing connectivity, and
> not all the other things that many of us unbundle these days, that would
> explain the confusion.
That is what most people - both internet pros and the great unwashed -
mean by "ISP", in the absence of any further qualification.
--
One way ticket from Mornington Crescent to Tannhauser Gate please.
Fevric J Glandules
> "Tim Ward" <t...@brettward.co.uk> writes:
>
>> "The Natural Philosopher" <a@b.c> wrote in message
>> news:12234936...@proxy01.news.clara.net...
>>>
>>> I thought they were mainly in email attachments..
>>
>> Haven't seen one of those for years. Are there really still people who
>> use ISPs who don't throw them away on the server?
>
> Are there really still people who use their ISP for email?
You jest.
There's gazillions of people who still have no idea that their
browser's homepage doesn't have to be btinteryahoogle.com, let
alone that they can change browser, or get email from elsewhere...
Fevric J Glandules
> In message <12234936...@proxy01.news.clara.net>, at 20:18:39 on
> Wed, 8 Oct 2008, The Natural Philosopher <a@b.c> remarked:
[viruses]
>>I thought they were mainly in email attachments..
>
> Not any more; the networks got too good at filtering them out, so the
> effort has gone into other avenues.
Still plenty of viral emails kicking around: I have a relatively
unfiltered email feed, partly so's I can get a feel for what's
going on out there.
Fevric J Glandules
> Viruses today are mainly "drive by" attacks on browsers, having
> attracted the user to an infected website. The major anti-virus vendors
> no doubt have statistics for which platforms are most vulnerable.
<tangent>
It struck me a couple of days ago that the whole situation is like
having one dominant car company that ships all its cars with bald
tyres and duff brakes. As a result there's an enormous after-market
in five-point harnesses, roll cages, fire extinguishers and even
replacement air-bags.
</>
Jules
> In message <6l4m6qF...@mid.individual.net>, at 22:15:06 on Wed, 8
> Oct 2008, Tim Ward <t...@brettward.co.uk> remarked:
>>If you think "ISP" means *just* the service of providing connectivity, and
>>not all the other things that many of us unbundle these days, that would
>>explain the confusion.
>
> Agreed. I'm currently using seven ISPs, only two of them for
> connectivity. And that's not counting niche services like Googlemail,
> Skype, MS-Messenger and another half dozen other providers of similar
> stuff.
Interesting - I don't think I've ever come across anyone using that
definition for ISP. By that meaning, presumably someone running a website
on a machine at home also qualifies as an ISP? (or is there some usage
level below which "providing an IP-based service on the public Internet"
doesn't apply?)
Fevric J Glandules
[ISPs vs "internet service providers"]
> Interesting - I don't think I've ever come across anyone using that
> definition for ISP. By that meaning, presumably someone running a website
> on a machine at home also qualifies as an ISP? (or is there some usage
> level below which "providing an IP-based service on the public Internet"
> doesn't apply?)
'zackly.
"ISP" has come to mean "bit-provider" - even amongst professionals.
A bit like "broadband" has ended up meaning "anything faster than
dial-up".
Ivor Jones
Tim Ward <t...@brettward.co.uk> typed, for some strange, unexplained
reason:
: "Bob Eager" <rd...@spamcop.net> wrote in message
: news:176uZD2KcidF-p...@rikki.tavi.co.uk...
: >
: > I'll confess to being one of those irresponsible people who
: > increases their mythical 'carbon footprint'. I receive a LOT of
: > email, and several thousand spams each day, which I doubt an ISP
: > would be as efficient at filtering.
:
: I used to receive thousands of spams but my ISP has fixed their
: systems and the spam no longer consume entropy and thus carbon by
: being sent down the wire to my house.
I reduced my spam count from several thousand per day to around 15 or so
simply by disabling the "catchall" facility on my domain name. Now I only
ever even see mail for the 4 addresses I've told it about and what gets
through is almost always weeded out by filtering it through a spare gmail
account kept for the purpose.
Nothing unwanted has made it to the inbox for months.
Ivor
Fevric J Glandules
> I reduced my spam count from several thousand per day to around 15 or so
> simply by disabling the "catchall" facility on my domain name. Now I only
> ever even see mail for the 4 addresses I've told it about and what gets
> through is almost always weeded out by filtering it through a spare gmail
> account kept for the purpose.
>
> Nothing unwanted has made it to the inbox for months.
Lucky you.
A certain "MISTER BROWN" of "DOWNING STREET, LONDON" keeps offering
me "FOUR HUNDRED BILLIONS OF POUNDS" if I can only come up with some
bank details, like which ones I own.
Roland Perry
17:50:26 on Wed, 8 Oct 2008, Jules
<jules.rich...@remove.this.gmail.com> remarked:
>>I'm currently using seven ISPs, only two of them for
>> connectivity. And that's not counting niche services like Googlemail,
>> Skype, MS-Messenger and another half dozen other providers of similar
>> stuff.
>
>Interesting - I don't think I've ever come across anyone using that
>definition for ISP.
It's very common, you must have led a sheltered like.
>By that meaning, presumably someone running a website
>on a machine at home also qualifies as an ISP? (or is there some usage
>level below which "providing an IP-based service on the public Internet"
>doesn't apply?)
There are various regulatory definitions, but the one I'm using involves
offering a commercial service to specific subscribers (although
sometimes free of obvious charges), including email, domain hosting and
connectivity.
--
Roland Perry
Roland Perry
2008, August West <aug...@kororaa.com> remarked:
>>> Are there really still people who use their ISP for email?
>>
>> You jest.
>
>moved their email elsewhere, and all withut me suggesting it would be a
>good idea.
I found that relatives were using Hotmail as the default, without even
considering whatever their connectivity-ISP-that-week was offering
(probably not a sufficiently useful webmail if my own experiences are
anything to go by). One has since registered a domain name, which I
organised for them, and the email is forwarded to their hotmail account.
--
Roland Perry
Roland Perry
2008, August West <aug...@kororaa.com> remarked:
>The ISP shifts the packets,a mail provider provides, mail, News
>provider, news, and so on. I really don't see any utulity in
>overloading ISP.
They all operate in the same commercial, regulatory and standards
framework.
There's no point in trying to draw arbitrary lines between companies who
offer (eg) connectivity and web hosting, and some of whose customers
take just the connectivity, some take just the web hosting, and some who
take both. To all three classes of customer they are simply "an ISP".
--
Roland Perry
Roland Perry
Fevric J Glandules <fev...@invalid.invalid> remarked:
>[viruses]
>
>>>I thought they were mainly in email attachments..
>>
>> Not any more; the networks got too good at filtering them out, so the
>> effort has gone into other avenues.
>
>Still plenty of viral emails kicking around: I have a relatively
>unfiltered email feed, partly so's I can get a feel for what's
>going on out there.
Of course there will be a few still going round, but the main action is
elsewhere.
--
Roland Perry
Brian L Johnson
Re: spam
> Ivor Jones wrote:
>> Nothing unwanted has made it to the inbox for months.
>
> Lucky you.
> A certain "MISTER BROWN" of "DOWNING STREET, LONDON" keeps offering
> me "FOUR HUNDRED BILLIONS OF POUNDS" if I can only come up with some
> bank details, like which ones I own.
ROFL!
--
blj
Richard Torrens (News)
Whether they do or not, the service the ISP provides should work.
And yes, to judge by the mail we receive, the bulk of people use their
connectivity provider (ICP) for email.
Some ICPs (aol, bellsouth, att.net) are draconian in their rejection of
valid emails, because some spam has been forwarded via a legit server.
hotmail is a problem too: any email written in hotmail purports to be
multipart/altenative. But the plain text version is completely unformatted
and essentialy unusable.
--
------------------------------------------------------------------
Richard Torrens. News email address is valid - for a limited time only.
http://www.Torrens.org.uk for genealogy, natural history, wild food, walks, cats
and more!
Eleanor Blair
>"The Natural Philosopher" <a@b.c> wrote in message
>news:12234936...@proxy01.news.clara.net...
>>
>
Does your ISP throw away *all* attachments then, or just all attachments
containing executables? Because there've been some very quickly
mutating ones lately which are getting through good AV software because
they change so quickly. And they're much better at convincing social
engineering techniques to get people to open them. We've had pretty
clued up people here caught out by a supposed message from UPS about a
delivery because they were *expecting* something with UPS.
The Natural Philosopher
click on the link and see where it takes you.
Roland Perry
9 Oct 2008, Eleanor Blair <ele...@the-blairs.co.uk> remarked:
>We've had pretty
>clued up people here caught out by a supposed message from UPS about a
>delivery because they were *expecting* something with UPS.
I'd had a few recently with the classic "message from your ISP" saying
that they've detected a virus on my PC and here's a program to clean it
up. Apart from that being a well known line, they've made a hilarious
assumption about who my ISP is, based on the domain name.
--
Roland Perry
The Natural Philosopher
>
sure, but all will allow you to investigate a link before going there in
some way as far as I know.
David Woodhouse
>
> Oh, right. I use lots of different packet shifters, depending on where I am
> and what device I'm using, and quite often I don't even know what packet
> shifter I'm using[#], but only one of each of most of the others.
>
> [#] After all you never need to. Apart from having to know their SMTP
> server.
Why on earth would I want to know that? If can't reach the standard
submission port¹ on my own servers, the packet-shifter is broken -- or
my servers are :)
The idea of using someone else's SMTP server for outgoing mail makes me
shudder -- how would you check the logs if someone complains that they
didn't receive your mail?
--
dwmw2
¹ Port 587, as defined by RFC 2476
The Natural Philosopher
connected to the internet. Yu ned at lest a reverse IP lookup on te
forwarding machine that is globally valid, and many people run a
'trusted relays only: screw everyone else' policy.
My mail agent has transmission logs to whatever SMTP relay it is using.
After that its in the laps of the gods. You cant track it beyond any
machines out of your control anyway, so why tracking it beyond the first
hop is relevant beats me.
Fevric J Glandules
> Eleanor Blair wrote:
>>
>> Does your ISP throw away *all* attachments then, or just all attachments
>> containing executables? Because there've been some very quickly
>> mutating ones lately which are getting through good AV software because
>> they change so quickly. And they're much better at convincing social
>> engineering techniques to get people to open them. We've had pretty
>> clued up people here caught out by a supposed message from UPS about a
>> delivery because they were *expecting* something with UPS.
>>
> The key on any mail that tries to redirect you to a website is right
> click on the link and see where it takes you.
We're talking about attachments, not hyperlinks.
The Natural Philosopher
exist, and that the real danger was hyperlinks..
And in act my original query wasn't so much that I had recieved such,
but har recieved it with an enormous amount of personal information that
*very* few online sites actually know. Namely my certificated christian
name that I haven't used for years, no one knows of, and only is EVER
used by me on legal documents and occasionally my bank details. Its not
even printed on my credit card or cheques.
Which suggested a major leak somewhere in some pretty trusted organisation.
dennis@home
"Roland Perry" <rol...@perry.co.uk> wrote in message
news:u36K4ZiP...@perry.co.uk...
> In message <vp0fxn7...@pugwash.gen.cam.ac.uk>, at 13:32:56 on Wed, 8
> Oct 2008, Paul Leyland <pc...@pugwash.gen.cam.ac.uk> remarked:
>>> And 'live CD' implies Linux, and I have yet to actually see a Mac
>>> infected by a virus. I am sure its possible, but they are as rare as
>>> hen's teeth. Viruses are largely a windows PC phenomenon.
>>
>>I've seen them, but over 10 years ago and back in days of floppy-borne
>>beasties. One of the joys of working for a university computer
>>service.
>
> Viruses today are mainly "drive by" attacks on browsers, having attracted
> the user to an infected website. The major anti-virus vendors no doubt
> have statistics for which platforms are most vulnerable.
They probably have statistics for the most attacked, and the most
compromised but not the most vulnerable as that is unknown.
dennis@home
"Roland Perry" <rol...@perry.co.uk> wrote in message
news:iq2Z$CE$ba7I...@perry.co.uk...
> In message <873aj66...@news2.kororaa.com>, at 23:16:36 on Wed, 8 Oct
> 2008, August West <aug...@kororaa.com> remarked:
>>>> Are there really still people who use their ISP for email?
>>>
>>> You jest.
>>
>>Not greatly; my entier extended family, from ages 10 to 84, have allree
>>moved their email elsewhere, and all withut me suggesting it would be a
>>good idea.
>
> I found that relatives were using Hotmail as the default, without even
> considering whatever their connectivity-ISP-that-week was offering
> (probably not a sufficiently useful webmail if my own experiences are
> anything to go by). One has since registered a domain name, which I
> organised for them, and the email is forwarded to their hotmail account.
Hotmail is good, especially if you signed up early enough to get a sensible
name and free access from outlook.
Tim Ward
news:V0D*Ui...@news.chiark.greenend.org.uk...
>
> Does your ISP throw away *all* attachments then, or just all attachments
> containing executables?
Just viruses. I get 0 viruses coming through, and being a software engineer
send and receive executables from time to time and don't recall ever losing
any. (At my end, that is - people at the other end with poorly configured
Outlook is another matter.)
--
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor
Eleanor Blair
>"Eleanor Blair" <ele...@the-blairs.co.uk> wrote:
>> Does your ISP throw away *all* attachments then, or just all attachments
>> containing executables?
>
>Just viruses. I get 0 viruses coming through, and being a software engineer
>send and receive executables from time to time and don't recall ever losing
>any. (At my end, that is - people at the other end with poorly configured
>Outlook is another matter.)
Which ISP is this? Do you know how they're identifying these viruses?
I'm just surprised that you so strongly suggest that this is an easily
solved problem which all good ISPs should have got licked, rather than
simply that none have got through to you.
Tim Ward
>
> Which ISP is this?
34sp
> Do you know how they're identifying these viruses?
Nope. And if I did know I wouldn't publish details somewhere virus writers
could read them.
Fevric J Glandules
> And in act my original query wasn't so much that I had recieved such,
> but har recieved it with an enormous amount of personal information that
> *very* few online sites actually know. Namely my certificated christian
> name that I haven't used for years, no one knows of, and only is EVER
> used by me on legal documents and occasionally my bank details. Its not
> even printed on my credit card or cheques.
>
> Which suggested a major leak somewhere in some pretty trusted organisation.
Hmmm... where was the original post? Seems to have crept into cam.misc
mid-thread.
The Natural Philosopher
it. Cork-soaker IIRC.
The history is that I got sent a virus as zip file attachment,
purporting to be from Orange.
I checked it, found it was a virus, so nothing new there,.
However the disturbing part of it was how mch very restricted
information they had about me. Almost enough to convince me it might not
have been a virus.
Then thread drift happened with peole telling me I already had a virus,
and should boot from a Live CD. which is linux terminology: I run a
Mac, or reinstall windows, which isn't anymore relevant,
Then others climbed in claiming that email attachments never contained
viruses anymore, and that the real danger was web sites with active code
etc etc.
In short the usual thread drift.
Some ISP's do remove known virus laden emails. Some don't. Its a bit of
a pain if they do, if you want to send one to a virus checking site.
A more interesting drift was the relative vulnerability of the main
platforms..windows, MAC Linux etc.
The Natural Philosopher
> "Eleanor Blair" <ele...@the-blairs.co.uk> wrote in message
> news:VPj*g0...@news.chiark.greenend.org.uk...
>> Which ISP is this?
>
> 34sp
>
>> Do you know how they're identifying these viruses?
>
> Nope. And if I did know I wouldn't publish details somewhere virus writers
> could read them.
>
There are a zillion programs out there that can scan an email, and unzip
any zipped bits, and look for known 'signatures' that identify a certain
bit pattern as being characteristic of a known virus.
They are called 'virus checkers;' and they contain a downloaded library
of such signatures.
And applying them to a mail stream at an ISP is no different to having
them installed on your desktop. They just take a huge amount of
processing power.
Its nothing new. And nothing the virus writers dont know already.