| [Thread Prev] | [Thread Next] | [Thread Index] | [Date Prev] | [Date Next] | [Date Index] |
Greetings everyone Yes, its rather annoying to deal with this sort of thing on the list, however this virus is bizarre enough enough to warrant a comment lest people begin formulating conspiracy theories. Just in case people think, because of the "unique" and seemingly individually appropriate subject headers on these virus attacks, that they are being personally targeted... This new virus is rather remarkable in its "social engineering". Apparently what it does is take subject headers by replying to unanswered emails and then uses the victim's addressbook to begin sending itself out. Thus, if your email is in an affected colleague's addressbook, its quite likely that he/she will have emails with subject headers that look appropriate to the sort of work you do (and have email addresses of people whom you recognize). I don't think anybody is being specifically targetted. There are 100's of thousands of people, that are being affected by this one right now. Nobody can custom-send that many emails. It was only a matter of time when we'd pass the simplistic "Oh... the subject says 'I Love You'... it MUST be a virus" epoch. The actual attachment, however, has a limited number of file name combinations. From the Symantec virus site... ----------- This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR DOCS S3MSONG ME_NUDE CARD SEARCHURL YOU_ARE_FAT! NEWS_DOC IMAGES PICS The first extension that is appended to the file name is one of the following: .DOC .MP3 .ZIP The second extension that is appended to the file name is one of the following: .pif .scr The resulting file name would look something like this: CARD.DOC.PIF NEWS_DOC.MP3.SCR etc. =========================================== Denis Tetreault, PhD <denist@alumni.uwo.ca> Dept of Earth Sciences Univ of Western Ontario London, Ontario, Canada
Partial index: