![[dr. bob]](/dr-bob-sm.gif)
Dr. Bob is Robert Hsiung, MD,
bob@dr-bob.orgShown: posts 1 to 5 of 5. This is the beginning of the thread.
Posted by Jonathan on September 22, 2003, at 0:52:18
An email account which I have *only* ever used for PsychoBabble received a hoax message today. It purports to come from "Microsoft Corporation Security Support" and claims that the attached file, called Q976423.exe, is the "September, 2003, Cumulative Patch update which resolves all security vulnerabilities ...". Microsoft never distribute updates by email; you have to download them from their website, like this one, which prevents similar attachments from running themselves automatically on unpatched versions of Windows:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp
My *free* anti-virus software, downloaded from
http://www.grisoft.com/us/us_dwnl_free.php
confirmed that the attachment was the Swen internet worm:
http://www.grisoft.cz/virbase/virbase.php?lng=us&type=web&action=view&qvirus=086fdabbdd980000
http://www3.ca.com/virusinfo/virus.aspx?ID=36939 (more detailed, includes removal instructions).It first appeared too recently to be detectable by out-of-date anti-virus packages; people who suffer from depression often omit to do anything about virus protection immediately after the end of the temporary free trial which may be packaged with their new computer — I did for a couple of years.
Obviously, if you receive this email attachment, the important thing is not to run it!
I created my PB-only email account about a year and a half ago and received no spam at all until, after Christmas, I updated my PB registration to display my address on every post. This account now receives a tolerable amount of spam — about three messages a week — indicating that those evil spiders that harvest email addresses have been crawling over my dusty old posts in the archives; since it's a free, PB-only address, I shall simply stop using it and get a new one when the spam level becomes unacceptably high.
I don't post here every time I receive a dodgy email attachment. There seems, however, to be only one plausible way that this Trojan could have found out my address — by infecting a computer on which a spam list obtained from this site was stored. I therefore believe there's a high risk that others here who have ever used the "include e-mail address with posts" option (which turns the "Jonathan" at the top of this post into a mailto link), or given their address in the body of a post (e.g. name@address.com), may receive the same Trojan in their email.
Jonathan.
Posted by galkeepinon on September 22, 2003, at 1:11:55
In reply to Virus Warning, posted by Jonathan on September 22, 2003, at 0:52:18
Jonathon, thanks for this. I go to 1 other support forum and they posted regarding this also.
I think all of us thank you for the info!
:-)
Have a Great Week!
> An email account which I have *only* ever used for PsychoBabble received a hoax message today. It purports to come from "Microsoft Corporation Security Support" and claims that the attached file, called Q976423.exe, is the "September, 2003, Cumulative Patch update which resolves all security vulnerabilities ...". Microsoft never distribute updates by email; you have to download them from their website, like this one, which prevents similar attachments from running themselves automatically on unpatched versions of Windows:
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp
>
> My *free* anti-virus software, downloaded from
>
> http://www.grisoft.com/us/us_dwnl_free.php
>
> confirmed that the attachment was the Swen internet worm:
>
> http://www.grisoft.cz/virbase/virbase.php?lng=us&type=web&action=view&qvirus=086fdabbdd980000
> http://www3.ca.com/virusinfo/virus.aspx?ID=36939 (more detailed, includes removal instructions).
>
> It first appeared too recently to be detectable by out-of-date anti-virus packages; people who suffer from depression often omit to do anything about virus protection immediately after the end of the temporary free trial which may be packaged with their new computer — I did for a couple of years.
>
> Obviously, if you receive this email attachment, the important thing is not to run it!
>
> I created my PB-only email account about a year and a half ago and received no spam at all until, after Christmas, I updated my PB registration to display my address on every post. This account now receives a tolerable amount of spam — about three messages a week — indicating that those evil spiders that harvest email addresses have been crawling over my dusty old posts in the archives; since it's a free, PB-only address, I shall simply stop using it and get a new one when the spam level becomes unacceptably high.
>
> I don't post here every time I receive a dodgy email attachment. There seems, however, to be only one plausible way that this Trojan could have found out my address — by infecting a computer on which a spam list obtained from this site was stored. I therefore believe there's a high risk that others here who have ever used the "include e-mail address with posts" option (which turns the "Jonathan" at the top of this post into a mailto link), or given their address in the body of a post (e.g. name@address.com), may receive the same Trojan in their email.
>
> Jonathan.
>
Posted by stjames on September 22, 2003, at 11:47:46
In reply to Virus Warning, posted by Jonathan on September 22, 2003, at 0:52:18
I therefore believe there's a high risk that others here who have ever used the "include e-mail address with posts" option (which turns the "Jonathan" at the top of this post into a mailto link), or given their address in the body of a post (e.g. name@address.com), may receive the same Trojan in their email.
I woulld say we are past this being a "risk" as this board is archived via many search engines.
Thi this SOP for a spammer.
Posted by galkeepinon on September 22, 2003, at 15:17:37
In reply to Re: Virus Warning, posted by stjames on September 22, 2003, at 11:47:46
I posted my email addy on the board.
Better to be safe than sorry:-)
> I therefore believe there's a high risk that others here who have ever used the "include e-mail address with posts" option (which turns the "Jonathan" at the top of this post into a mailto link), or given their address in the body of a post (e.g. name@address.com), may receive the same Trojan in their email.
>
> I woulld say we are past this being a "risk" as this board is archived via many search engines.
> Thi this SOP for a spammer.
>
Posted by Jonathan on September 24, 2003, at 2:05:22
In reply to Re: Virus Warning, posted by stjames on September 22, 2003, at 11:47:46
>> I therefore believe there's a high risk that others here who have ever used the "include e-mail address with posts" option (which turns the "Jonathan" at the top of this post into a mailto link), or given their address in the body of a post (e.g. name@address.com), may receive the same Trojan in their email.
> I woulld say we are past this being a "risk" as this board is archived via many search engines.
> Thi this SOP for a spammer.You're right, of course, when you say that we're way past there being merely a "risk" of receiving spam if you post your email address here — any address posted on this site *will* receive spam.
In my experience, however, it takes several months to rise to an intolerable level. Some people may choose, as I have, to display a temporary email address on their posts and replace it with a new one every time the spam level becomes unacceptable; this seems to me like the best option until we have Babblemail — http://www.dr-bob.org/babble/faq.html#babblemail
The risk to which I referred, however, was not a risk of spam in general, but of a specific email with an attachment which will do very nasty things to the operating system of any Windows machine on which it is run (and insecure Microsoft software may run it when the email arrives without consulting the machine's owner).
This email was probably sent to me because the Swen worm infected a machine on which my address was stored. I cannot be certain that *all* the addresses that have ever been posted here were stored on the same machine, so I stand by my decision to warn of "a high risk" rather than a certainty that others would receive it.
I'm sorry that my post failed to make it clear that this, not the wider risk of spam from any source, was the risk to which I was referring.
Jonathan.
This is the end of the thread.
Psycho-Babble Administration | Extras | FAQ
Dr. Bob is Robert Hsiung, MD,
bob@dr-bob.org
Script revised: February 4, 2008
URL: http://www.dr-bob.org/cgi-bin/pb/mget.pl
Copyright 2006-17 Robert Hsiung.
Owned and operated by Dr. Bob LLC and not the University of Chicago.