Posted by Jonathan on September 22, 2003, at 0:52:18
An email account which I have *only* ever used for PsychoBabble received a hoax message today. It purports to come from "Microsoft Corporation Security Support" and claims that the attached file, called Q976423.exe, is the "September, 2003, Cumulative Patch update which resolves all security vulnerabilities ...". Microsoft never distribute updates by email; you have to download them from their website, like this one, which prevents similar attachments from running themselves automatically on unpatched versions of Windows:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp
My *free* anti-virus software, downloaded from
http://www.grisoft.com/us/us_dwnl_free.php
confirmed that the attachment was the Swen internet worm:
http://www.grisoft.cz/virbase/virbase.php?lng=us&type=web&action=view&qvirus=086fdabbdd980000
http://www3.ca.com/virusinfo/virus.aspx?ID=36939 (more detailed, includes removal instructions).It first appeared too recently to be detectable by out-of-date anti-virus packages; people who suffer from depression often omit to do anything about virus protection immediately after the end of the temporary free trial which may be packaged with their new computer — I did for a couple of years.
Obviously, if you receive this email attachment, the important thing is not to run it!
I created my PB-only email account about a year and a half ago and received no spam at all until, after Christmas, I updated my PB registration to display my address on every post. This account now receives a tolerable amount of spam — about three messages a week — indicating that those evil spiders that harvest email addresses have been crawling over my dusty old posts in the archives; since it's a free, PB-only address, I shall simply stop using it and get a new one when the spam level becomes unacceptably high.
I don't post here every time I receive a dodgy email attachment. There seems, however, to be only one plausible way that this Trojan could have found out my address — by infecting a computer on which a spam list obtained from this site was stored. I therefore believe there's a high risk that others here who have ever used the "include e-mail address with posts" option (which turns the "Jonathan" at the top of this post into a mailto link), or given their address in the body of a post (e.g. name@address.com), may receive the same Trojan in their email.
Jonathan.
poster:Jonathan
thread:262325
URL: http://www.dr-bob.org/babble/admin/20030808/msgs/262325.html