[TECnewhw] new virus warning
Trevor Cordes
trevor at tecnopolis.ca
Thu Mar 4 10:53:27 CST 2004
Since I've had at least 4 people email me about this in the past 24 hours,
I'm putting out this notice to all my customers. I apologize if you
receive this twice due to being subscribed to both my lists.
If you receive an email with an attached ZIP file that is "password
protected", do NOT open this attachment or type in the password, it is a
virus (named Bagle)!
This is the latest in a long series of "social engineering" style attacks
which try to dupe you into opening an attachment and so infecting your
computer. The other big one (MyDoom) pretends to be an undelivered
message bounce.
If you follow these simple email usage rules, you will greatly minimize
your chance of catching a virus:
1. Never trust the "From:" field in emails. The From can be forged by any
dork (or virus) to be anything they want. Usually they'll spoof it to
appear to be from someone you know, when in fact it has nothing to do with
someone you know.
2. The *old* rule that said "don't trust an email unless you recognize
who it's from" is now completely invalid because of #1. Don't give an
email more trust because it appears to be from someone you know.
3. Never trust the content of an email. Email is insecure and someone can
easily send bogus content or (less likely) alter the content of an email
someone legitimate is sending you.
4. Avoid attachments if at all possible. If you aren't specifically
expecting an attachment that day from that person (remembering that the
>From can be forged) then do not open it.
5. If you believe an attachment to be valid, always select SAVE TO DISK
instead of OPEN. Then save it somewhere temporarily, like the desktop or
My Documents. Then go to where you saved it and right click and click
properties. Look carefully at "Type of File". Make sure that agrees with
what you believe the file to be (an Word file for instance). If it is an
"executable"-type file, then it is almost certainly a virus and you should
delete it. To be extra safe, if you have Norton Anti-Virus, right click
on the file and select "scan with Norton Anti-Virus". Only after you
follow all these steps should you open an attachment.
Most of these rules also apply to files you download from P2P systems like
Kazaa, mIRC, etc. As usual, I strongly recommend NOT running P2P programs
as they are huge adware/spyware and virus magnets. 75% of the virus
infections I fix for people are due to P2P sharing.
Lastly, when browsing the web, if a "do you want to trust content from..."
box pops up, you almost ALWAYS want to answer NO or CANCEL. The *only*
exceptions any "normal" user would want to approve are Microsoft (while
doing Windows Updates) and Macromedia (for Shockwave/Flash).
If you find a web site that says it will give you some wonderful/neat/
cute/slick program for free, it is most likely an adware/spyware (ie: BAD)
program.
I personally follow these rules (and a few more I've discussed in previous
emails) and I have NEVER EVER ONCE caught a virus/malware.
More information about the TECnewhw
mailing list