[extropy-chat] Virus problem inquiry

[Robert J. Bradbury]

On Sat, 6 Mar 2004, Jeff Davis wrote:

> I was suspicious, so I scanned the attachment using
> yahoo's virus scan function.  Bingo, red flag, it was
> a virus.
>
> How did this happen?  How did I get an email
> configured to look like something from Gene?

Joe's explanation is most probably correct.  Emails
"from" someone in an address book to someone else in
the address book (assuming that people in the same
address book may communicate from time to time.

One way to check this is to get access to the email
source and to look at the path trace (i.e. the
machines the message came from and went through.
If the machine that the message started from does
not match the numeric IP address of the claimed
"From:" address its good reason to raise an eyebrow.

(Perhaps Harvey could post an example of a complete
header and point out the subelements to pay attention to.)

You don't have to run a virus scan program you can
almost tell from the size.  I get a couple of messages
a day with a size between 36-49K.  They almost
all are 1-line messages with the rest in the attachment.
Such qualities are almost certainly the current
set of viruses that are running around.

One can generally assume that as the viruses & worms become
more sophisticated that they will tend to become larger.
Before you look at any unexpected attachment -- confirm
with whoever sent it that they did indeed do so.

One may also want to take a look at the recent article on /.
(yesterday or today) about spyware.  The Univ. of Washington
found that 1 in 20 computers on their internal net were
infected with spyware.  I'm not up-to-date on how effective
the normal virus/worm scanners are with spyware but you
should be aware of this problem as well.  Spyware is
often hidden in "free" programs (games, cool utilities,
etc.) that one would find on the net and then install
on your PC.  It is very difficult to remove spyware
without special utilities.

Robert