Virus Warning

Reports of bin Laden's death are viral lure
Beware of clicking
By INQUIRER staff: Saturday 24 July 2004, 18:46 NEWS.COM and other wires report that sensational messages spreading on USENET and by email which flash news of the death of Osama bin Laden's death are really lures to trap the unwary into downloading a Trojan horse.
According to news.com, the message purports to have a picture of the arch-terrorist committing suicide. But click on the picture and before you know where you are you've got an infection.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
First, anyone who couldn't figure out that it was spam of *some* sort, viral or not, shouldn't be on the net.
Second, anyone who can't tell an executable file from a picture shouldn't be on the net.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
oh don't pick on Tom, he's just warning us! He's a staple of this newgroup!!! madgardener
--
Humankind has not woven the web of life.
We are but one thread within it.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Jim I assume you may be having a bad day. Lot's of folks purchase computer systems via price. Some come with defaults set to open access. Not their fault. I'd suggest doing a search on the author of anyone you do not know first before clicking on anything. Actually I'd Grokker the author. Meanwhile Tech support has to make a living too.
A heads up from Tom does no harm.
William (Bill)
--
Zone 5 S Jersey USA Shade Earth sometimes.
There is atleast one word misspelled deliberately in the above post. ;))
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Nice little program "Little Snitch" shareware lets me know about anyone trying to contact my machine. For Mac's but PC folks may have something similar. William (Bill)
Now back to garden stuff.
--
Zone 5 S Jersey USA Shade Earth sometimes.
There is atleast one word misspelled deliberately in the above post. ;))
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Thanks to Tom.
And just a heads up to William Wagner and anyone else out there that doesn't know...
William, can you check something out for me ?
https://www.grc.com/x/ne.dll?bh0bkyd2
If that link doesn't work, try:
http://www.grc.com/default.htm
Scroll down to the ShieldsUp! link and see if you can get that to work ? It is a port scanner that will identify any open ports on your system. Your Snitch software will probably alert you to quite a few a things. There should be a "Common Ports" link that you should try before trying to do all ports. I'm a little ignorant on whether that webpage will work on a MacIntosh system.
As far as any computer goes, PC's or Mac's or other, IP addresses are being contacted constantly. I am not familiar with what "Little Snitch" is, so I assume it is firewall software. My IP address is contacted about 10 to 40 times a minute, every minute of the day, and it doesn't matter that my IP address changes. The reason this happens is because there are a lot of people out there that are probing just about every port on the Internet. A good firewall will hide your system and drop incoming packets that are sniffing your system. Not only are people scanning ports trying to detect open systems, but virally infected systems may do the same and there seem to be a lot of virally infected systems out there. It seems as if most people program a virus to do a couple things:
1) open a port on the infected system, 2) broadcast the open port to people that want to know,
And then there are the other type of viral programs. The ones above are really called worms because they burrow into your system and create a hole for other worms to crawl in. :-)
Viral programs tend to contact a system, may or may not open the system up for Internet communications, but these are the ones you generally hear about that infect a floppy drive, a CD and so on. Their goal isn't so much to open the system up for contact, but is to spread their infection around.
Then there are the viral worms that exhibit both behaviours.
I have noticed that a lot of worms are not detected by anti-viral software. For PC systems, folks are told to get commercial anti- viral software, a firewall as well as two other anti-tracking softwares. :-/ The fact that Microsoft built the operating system so openly, provides PCs with a lot of freedom, but certain corporate entities decided to abuse that freedom and create intrusive software.
http://www.lavasoft.de has the LavaSoft AdAware software that is free and one of the most highly recommended tools to install on any Microsoft Windows operating system.
http://www.safer-networking.org/ has SpyBot Search & Destroy. This is more free software that should be installed on every Microsoft Windows system.
http://www.grisoft.com/ has a free anti-viral software product as well, but I've noticed that it is not recognizing some older viruses. This is some more free software, and it's currently the only anti- virus product I am using on this system. So I do recommend to others that a commercial anti-viral product like Symantec or Macafee's but I don't use those myself. :-/ I guess I am one of those guys that doesn't practise what I preach. :-( So I pass this on with that disclaimer.
The firewall software that is generally used on a PC is called Zone Alarm and is available on a trial basis at www.zonelabs.com or you can get a freeware earlier version from www.oldversions.com. It's PC only software though.
Hope I've cleared up some things.
--
Jim Carlock
http://www.microcosmotalk.com /
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Interesting Jim!
Here our my results for my MAC
"Attempting connection to your computer... Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Preliminary Internet connection refused! This is extremely favorable for your system's overall Windows File and Printer Sharing security. Most Windows systems, with the Network Neighborhood installed, hold the NetBIOS port 139 wide open to solicit connections from all passing traffic. Either this system has closed this usually-open port, or some equipment or software such as a "firewall" is preventing external connection and has firmly closed the dangerous port 139 to all passersby. (Congratulations!)
Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet."
--
Zone 5 S Jersey USA Shade Earth sometimes.
There is atleast one word misspelled deliberately in the above post. ;))
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Jim Shaffer, Jr. wrote:

Jim,
You are correct on both points but the plain truth is that millions of people are just not computer savvy. Tom was just posting the information for those in that group. It has been reported that many people ARE clicking on the link and just maybe the warning will prevent one of our gardening friends from getting hit.
--
Bill R. (Ohio Valley, U.S.A)

Digital Camera: HP PhotoSmart 850
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Bill R wrote:

The problem is, those people who didn't already know (or at least suspect) that something was amiss with the rogue post wouldn't see Tom's warning in time. Either they were zapped already, or they're reading the posts (or threads) in chronological order, and will be zapped before getting to this thread.
It was a nice gesture. But even if it came yesterday, it was too late.
The lesson that can be reinforced to the rest of us is to remember that warnings never come fast enough for the gullible. Anyone who just *has* to see "news" photos before they're released (we'll ignore the unlikelihood of them being in rec.gardens before being on every TV station on the dial) really needs to take a breath, and weigh the possibility of damage over the need to know something a little ahead of everyone else. At least wait for either the warnings, or for it to become public knowledge.
Same goes for your bank, credit card company, or anyone else you do business with needing to confirm information right away. If they need it so quickly that you don't have the chance to call them on the phone to confirm it's really them, then it's something bad for you.
I'm sure we'll see plenty of these for years to come, and the real lesson (which I know we already know) is don't let them rush you. Don't let them come up with *any* reason that convinces you to act faster than the warnings can come, or faster than you can confirm something. The most basic part of any con is getting you to act fast. Too fast.
Most of the people who act too fast in most cons knew better to begin with. They just forgot. Think before acting. Ask before acting. That's the message that needs to constantly be hammered into our human heads, and Tom's message has been a catalyst for this discussion.
BTW... This doesn't just apply to downloading files, or opening messages, or even computers. It applies to watching out when someone offers us a tool or a plant, and tries to entice us to act faster than we should. Impulse buys are fun if it's your impulse. If it's someone else playing you into making an impulsive decision, you'll get burned. And again, the warnings won't come along fast enough to save the most impulsive of us.
Any one who can say they've never been conned either is lying, or they're so dumb they haven't even realized they've been conned yet! And most of us, given a long enough life, will fall victim again. But the more we repeat the lesson to think before acting, perhaps the fewer times we'll be suckered while we're still around.
--
Warren H.

==========
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

The latter may not be obvious at all. I use a Linux box and read mail/news in ascii only, so when an html message pops up I end up having to peruse the html code. Doing that on a couple of spams has been interesting. In one set, the link has one name but the ref has another. In another variant, the name is obfuscated by a lot of white space (e.g.
"funnypicture.jpg .exe" with the last part overwritten. Thus, even people who know the difference between an executable file and a picture can be fooled...
billo
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

in this thread. Everyone should know that the Osama picture may be a link to an maliscious web site that runs a file by taking advantage of a known security hole in Internet Explorer. It is not necessarily an .exe attachment. Or it might be an exe disguised as a jpg. with only the jpg extension seen in the attachment window. Seasoned Internet users can get caught by a tricky email or web virus.
A first line of defense is to make sure the windows operating system is updated at the Windows Update site. Be sure to get every Critical Update. Second is to keep onboard anti virus updated. I even have a DOS virus system onboard if I have to quickly go to DOS and scan my computer.
If someone is caught with an old virus update and a virus installs, sometimes the next update will give a cure for the virus. So don't give up hope of curing the nasty from the infected computer.
Wil
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Neither Norton Anti-Virus (Symantec), CIAC (Dept of Energy), US-CERT (Dept of Homeland Security), CERT (Carnegie-Mellon), nor CVE (Mitre) report such a threat.
According to CIAC, a valid warning has the following characteristics: * There is a link to a report at an authoritative source (e.g., a member of FIRST <http://www.first.org/ but not a news organization). * The warning is digitally signed (e.g., via PGP) so that its origin can be authenticated and the integrity of its content can be verified. * It does not say, "Tell all your friends."
--

David E. Ross
<http://www.rossde.com/
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
there is also one that announces Schwarzenegger's suicide - it too contains a virus.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
we need to get these people into gardening on a grand scale. They have waaaaay too much time on their hands! madgardener whose own garden is now overgrown, half blown out, and the grasses that she "doesn't have" are up to her knees in the pathways between the beds running down the slope..............to the patch of weeds that slipped in quietly in the night under cover of the rains and are now great woods eating things..................
--
Humankind has not woven the web of life.
We are but one thread within it.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I was under the naive impression that these newsgroup forums were monitored by a group moderator whose duties included removing viruses, spam, etc. I protect my emails with programs that look at messages on my server before I download them to my computer. I do not have such a recourse with the newsgroup messages. It's very scary to use the newsgroups, even though I am protected every way I know how.
TOM KAN PA wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
sherwindu wrote:

Very few newsgroups are moderated. Maybe a hundred out of a few thousand groups. This isn't one of them. (Nearly all that are moderated have the word moderated in the title.) However, just because a group is moderated doesn't make it any safer. It's easy enough to fake the headers that authorize the release of a message. (Yes, it's against the rules, but so is distributing viruses.)
It's not hard to protect yourself. Number one on the list is don't open any attached files. There is no legitimate reason for anyone to post a file in a non-binary newsgroup such as this one. alt.binaries.pictures.gardens is available for that. If you're nervous about how safe it is, don't go to that group. (Many ISP's will either strip the attachment off of posts to non-binary groups, or they'll simply drop the posting all together.)
Second, don't follow links to unsafe websites. A link (supposedly) to a story about Sadam hanging himself is probably not safe if it's posted in a gardening newsgroup. So what about a link to something garden-related? It may or may not be a safe site. Look at who's posting it. Is it a regular poster to the group? Is there content in their message other than just an invite to the link? Have others commented on the link? Does the site name look okay?
Worried that the link doesn't go where it says it goes? Well, that isn't a problem in a plain text message, which is one of the many reasons why people prefer newsgroup messages to be in plain text instead of html. If the post isn't plain text, but formatted html, it might go someplace other than what the text shows. Instead of clicking on the link, copy the link, and paste it in your browser. Then you'll go where it says, not to some hidden link under it.
Lastly, most newsreaders have an option to only download headers. The messages are only downloaded if you click on the header. Be judicious in which posts you read. Evaluate whether or not you view the message by looking at the subject line, who posted it, and the size of the message (as in, is it so big that it must have an attachment.)
Just following these common sense guidelines will keep you safe. I have been reading newsgroups for over a decade now, and I have never had a problem. I scan about two dozen newsgroups a day, some are binary groups, too. I probably look at two hundred messages a day. I pass over far more than I read. Having worked for some ISP's and other technology companies, I have the skills to deal with things that could go wrong better than most, but I'm sure you'll find that many of the non-technical people who read this group can give you similar stories of never having a problem. Good judgment and technical skills are not synonymous.
You lock the doors of your house. You keep your car doors locked. You don't walk in deserted areas at night. Unless you're agoraphobic, you leave your house each day, and use good judgment that has allowed you to come home unharmed nearly every day of your life. Yes, there are plenty of things out there that can harm you, and it's possible that no matter how careful you are, something will. But that doesn't keep you from going out, and living your life. Likewise, use good judgment online, and live your online life. Don't let fear keep you from the rich content that is available in many of the thousands of newsgroups.
--
Warren H.

==========
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
<< I was under the naive impression that these newsgroup forums were monitored by a group moderator whose duties included removing viruses, spam, etc. >>
Not all newsgroups are monitored. This one is not. Sometimes the spam even gets into the monitored ones. Iris, Central NY, Zone 5a, Sunset Zone 40 "If we see light at the end of the tunnel, It's the light of the oncoming train." Robert Lowell (1917-1977)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
--


"sherwindu" < snipped-for-privacy@comcast.net> wrote in message
news: snipped-for-privacy@comcast.net...
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Tue, 27 Jul 2004 17:53:11 -0400, Wil wrote:

This group has no moderator. Not all groups have one.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.