Windows Virus using group posters

I have received a number of EMails purportedly sent from names found
in this group. It is quite possible that others may receive some
aledgedly from me.  These contain a 'newprice.zip' or 'price-2.zip' or
similar but appears to be a Windows Virus (R)tm.

Do not open these, or if you do then don't do it using a Windows
machine.

Richard wrote:
> I have received a number of EMails purportedly sent from names found
> in this group. It is quite possible that others may receive some
> aledgedly from me.  These contain a 'newprice.zip' or 'price-2.zip' or
> similar but appears to be a Windows Virus (R)tm.
>
> Do not open these, or if you do then don't do it using a Windows
> machine.

VERY common for the do-bads to harvest names from newsgroups. Anyone using a
vailed email address not only puts themselves and others at risk.

Richard <riplin@Azonic.co.nz> wrote in message news:217e491a.0408091346.26a5c518@posting.go
ogle.com...
> I have received a number of EMails purportedly sent from names found
> in this group. It is quite possible that others may receive some
> aledgedly from me.  These contain a 'newprice.zip' or 'price-2.zip' or
> similar but appears to be a Windows Virus (R)tm.
>
> Do not open these, or if you do then don't do it using a Windows
> machine.

Latest Bagle variant gets an e-mail head start

http://www.msnbc.msn.com/id/5652313/

"The new variant, dubbed Bagle.al,
generated a glut of e-mails with the simple message "price" or "new price."
Attachments to the e-mail were named with some variation of the word price,
such as new_price.zip, price_new.zip, or price_08.zip."

"The virus is also clever enough to spoof, or replace,
the "from:" line in the e-mails with the name of a sender
that may be familiar to the recipient.
That increases the likelihood that an unwitting Internet user
might open the e-mail. Antivirus experts urged caution."

In article <PMidndlOI9PCs4XcRVn-rw@giganews.com>, "JerryMouse" <nospam@bisusa.com> writes:[
color=darkred]
>
> VERY common for the do-bads to harvest names from newsgroups. Anyone using
 a
> vailed email address not only puts themselves and others at risk.[/color]

Nonsense.  People who can't distinguish malware from legitimate
email, and who open email attachments, and who run vulnerable
email clients put themselves at risk.  It's not my job to "protect"
them by using a bogus email address on Usenet.

--
Michael Wojcik                  michael.wojcik@microfocus.com

Only the obscene machine has persisted
jerky and jockeying and not knowing why
I have never existed.  Nor should.       -- George Barker

On 9 Aug 2004 14:46:01 -0700, riplin@Azonic.co.nz (Richard)
enlightened us:

>I have received a number of EMails purportedly sent from names found
>in this group. It is quite possible that others may receive some
>aledgedly from me.  These contain a 'newprice.zip' or 'price-2.zip' or
>similar but appears to be a Windows Virus (R)tm.
>
>Do not open these, or if you do then don't do it using a Windows
>machine.

I haven't seen it yet but there is a new variant of an old worm going
around the internet right now.  W32/Bagle.aq@MM is a medium risk
mass-mailing worm that tries to open a hacker backdoor on your PC.
Launched by code hidden inside a ZIP attachment, the virus spreads by
emailing itself to stolen contacts and via popular file-sharing
programs such as KaZaa, Bearshare and Limewire. It also tries to
terminate anti-virus and other security software operation.

You can spot one of those by looking at the following email headings:

FROM: Varies (spoofed)
SUBJECT: Blank
BODY: Examples: new price, The password is, Password:
ATTACHMENT: Examples: price.zip, price2.zip, price_new.zip

Do not open the zip file and delete the email and you'll be safe.

Regards,


////
(o o)
-oOO--(_)--OOo-


"The most important thing is for us to find Osama Bin Laden.
It is our number one priority and we will not rest until we
find him." - George W. Bush, Sept. 13, 2001

"I don't know where he is. I have no idea, and I really don't
care.  It's not that important. It's not our priority."
- George W. Bush, March 13, 2002
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remove nospam to email me.

Steve

Michael Wojcik wrote:
> In article <PMidndlOI9PCs4XcRVn-rw@giganews.com>, "JerryMouse"
> <nospam@bisusa.com> writes: 
>
> Nonsense.  People who can't distinguish malware from legitimate
> email, and who open email attachments, and who run vulnerable
> email clients put themselves at risk.  It's not my job to "protect"
> them by using a bogus email address on Usenet.

1. It protects you from, at least, an avalanche of spam. One address I used
on newsgroups three years ago STILL generates over 200 spams PER DAY to our
domain.

2. The net is a cooperative - or uncooperative - venture. You run the risk
of having your email address or domain blocked by these same inexperienced
users or ISP symins (who THINK the virus came from you). With sufficient
blocking, you will end up on an intranet.

You may rant that: "I should not be blocked! That crap didn't come from me!"
To which many symins will respond: "FOAD spammer. I don't care. Your
address is dropped so far down in my deny tables it'll never get out."

3. It's for the children.

Michael Wojcik wrote:
>
> I'm not concerned about having my address blocked by idiots.  The less
> I communicate with idiots, the better.
>
> I've been posting on Usenet since 1991.  I've always used a valid email
> address; for the past few years, each of my messages has included two,
> in fact, since I use my personal address for the reply-to header and my
> corporate one appears in my signature.  I've yet to have a message I
> sent bounced because some symin blocked it, or to hear that some
> message I sent was black-holed for similar reasons.
>
> The Internet is indeed to some extent a cooperative venture, and I
> cooperate by following the intent of the RFCs, one of which is that
> Usenet posters will provide a return address for emailed replies.
> Many posters can't deal with the "avalanche of spam", as it is
> popularly known, that results from posting with a valid address, and
> so omit it.  I'm willing to tolerate that, but I will not entertain
> the idea that I have some ethical obligation to do the same.
>
> In any event, it's moot in my case, and in the case of anyone else
> who's posted on Usenet since 1997 with a valid address, since
> spammers can easily harvest those addresses from Google and the like
> regardless of how we post in the future.
>
> We've had the solution to forged email for years: signed email, whether
> that's S/MIME or a PGP derivative or what have you.  When people care
> enough to start using signed email in significant numbers, I'll get a
> personal certificate (or, more likely, Micro Focus will get me one)
> and the problem will be resolved - except for idiots, and again that's
> not my problem.
>
> I believe I've more than done my share to assist in improving Internet
> security.  My systems are firewalled and regularly scanned for a
> variety of malware.  They're up to date on patches.  The OSes and
> applications are hardened insofar as they can be configured to be.  I
> avoid known-insecure software where possible.  I follow a number of
> computer security discussions.  I think I've got a nice karmic head-
> start over J. Random Usenet Poster With A Munged Address, thank you
> very much.
>

Well said.

I have also used my real address for years, and cannot see a downside
for an educated user.  Granted, people that open everything that arrives
in the mail may have problems, but then people that have sex with
strangers have the same problem.  I also do not use a virus checker ...
I use Linux for mail.  IMO, the Linux system and my own brain are better
than any virus checker on the market.

Donald

"JerryMouse" <nospam@bisusa.com> wrote

> VERY common for the do-bads to harvest names from newsgroups. Anyone using
 a
> vailed email address not only puts themselves and others at risk.

Your use of 'vailed' is confusing - do you mean 'veiled' or 'valid' -
these are opposites.

I will assume you meant 'valid'.

I use valid email addresses for many things, the group is just one,
and have done for many years. While these can be harvested I cannot
change any past usage and refuse to disguise my current usage.

The email address does _not_ put me 'at risk'.  I can deal with spam
attacks.  What does annoy me is the ignorant admins who bounce spam to
me, but again I deal with it before it even gets into my network.

Others are only 'at risk' if they are using crap software that
'enriches the user experience' by making decisions for them and
allowing malicious software to run. A survey came to the conclusion
that currently 60% of spam comes from MS Windows machines that have
been 'owned' by spammers and these are pumping out the messages while
the user is completely unaware of that happening.

It is the MS Windows machines that are putting the rest of us 'at
risk' of spam attacks.

Michael Wojcik wrote:
> In article <PMidndlOI9PCs4XcRVn-rw@giganews.com>, "JerryMouse"
> <nospam@bisusa.com> writes: 
>
> Nonsense.  People who can't distinguish malware from legitimate
> email, and who open email attachments, and who run vulnerable
> email clients put themselves at risk.  It's not my job to "protect"
> them by using a bogus email address on Usenet.

1. It protects you from, at least, an avalanche of spam. One address I used
on newsgroups three years ago STILL generates over 200 spams PER DAY to our
domain.

2. The net is a cooperative - or uncooperative - venture. You run the risk
of having your email address or domain blocked by these same inexperienced
users or ISP symins (who THINK the virus came from you). With sufficient
blocking, you will end up on an intranet.

You may rant that: "I should not be blocked! That crap didn't come from me!"
To which many symins will respond: "FOAD spammer. I don't care. Your
address is dropped so far down in my deny tables it'll never get out."

3. It's for the children.

In article <qpydnZ5hcfSFwITcRVn-tQ@giganews.com>, "JerryMouse" <nospam@bisusa.com> writes:[
color=darkred]
> Michael Wojcik wrote: 
>
> 1. It protects you from, at least, an avalanche of spam.[/color]

Shrug.  My corporate email account is protected by MessageLabs, and
gets only a few spam messages a day.  My personal account is not, and
gets sometimes hundreds of spam messages a day, which take me a few
seconds to delete.  If they ever start to annoy me, I'll enable
Baysian filtering and train the filter to do the job for me.

> 2. The net is a cooperative - or uncooperative - venture. You run the risk
> of having your email address or domain blocked by these same inexperienced
> users or ISP symins (who THINK the virus came from you). With sufficien
t
> blocking, you will end up on an intranet.

I'm not concerned about having my address blocked by idiots.  The less
I communicate with idiots, the better.

I've been posting on Usenet since 1991.  I've always used a valid email
address; for the past few years, each of my messages has included two,
in fact, since I use my personal address for the reply-to header and my
corporate one appears in my signature.  I've yet to have a message I
sent bounced because some symin blocked it, or to hear that some
message I sent was black-holed for similar reasons.

The Internet is indeed to some extent a cooperative venture, and I
cooperate by following the intent of the RFCs, one of which is that
Usenet posters will provide a return address for emailed replies.
Many posters can't deal with the "avalanche of spam", as it is
popularly known, that results from posting with a valid address, and
so omit it.  I'm willing to tolerate that, but I will not entertain
the idea that I have some ethical obligation to do the same.

In any event, it's moot in my case, and in the case of anyone else
who's posted on Usenet since 1997 with a valid address, since
spammers can easily harvest those addresses from Google and the like
regardless of how we post in the future.

We've had the solution to forged email for years: signed email, whether
that's S/MIME or a PGP derivative or what have you.  When people care
enough to start using signed email in significant numbers, I'll get a
personal certificate (or, more likely, Micro Focus will get me one)
and the problem will be resolved - except for idiots, and again that's
not my problem.

I believe I've more than done my share to assist in improving Internet
security.  My systems are firewalled and regularly scanned for a
variety of malware.  They're up to date on patches.  The OSes and
applications are hardened insofar as they can be configured to be.  I
avoid known-insecure software where possible.  I follow a number of
computer security discussions.  I think I've got a nice karmic head-
start over J. Random Usenet Poster With A Munged Address, thank you
very much.

--
Michael Wojcik                  michael.wojcik@microfocus.com

Only the obscene machine has persisted
jerky and jockeying and not knowing why
I have never existed.  Nor should.       -- George Barker