[lug] Someone on this list likely has a windows virus

D. Stimits stimits at idcomm.com
Mon Apr 29 13:04:47 MDT 2002 

Chris Riddoch wrote:
> 
> "D. Stimits" <stimits at idcomm.com> writes:
> 
> > Either someone on this list has a windows virus, or else this list is
> > being targeted.
> 
> I'm not sure I'd call it being targeted. I've been getting about two
> copies of that every day for slightly over a week now, and I've given
> up trying to track it. My filters are doing a good job of putting
> anything containing .exe or .pif files in its place, so the main
> annoyance for me is the time it takes to download my mail over the
> modem.
> 
> I guess the best we can really do is block it at the servers and wait
> for the storm to die down.  *sigh*

I would guess that if you are getting them then you are likely in the
address book of the sender, or else the virus is using other means in
addition to address book to send to things like browsed newsgroups.
Someone doing a google search from windows could in theory run upon an
email from BLUG and unknowingly have the virus send to that browsed
search result. But since I am getting forged headers with Alan
Robertson's name on it, and Tkil got one with my name forged on it (I
don't even read email from windows...it's good for games and that is
about it, assuming the machine doesn't lock up). Now I would suggest
that if you have been getting these for the last week or so, and so have
I, and Tkil got his within the last week, that advertising this on the
BLUG list may get someone reading it from a windows product without
current anti-virus programs may ring a bell. I would guess most people
on this list if they have a windows email setup would be using antivirus
software, but the Klez virus (which I *think* this is) I think tries to
disable antivirus software. Which means even someone with antivirus is
subject to this if the software is not very current at all times.
Generall there seems to be about a week long head start between the time
a virus appears and when patterns become available for anti-virus
software; if someone saw this virus in that time gap, then their
software is disabled whether they know it or not. I have far more hope
that someone on this list would respond if they knew there were a virus
present, than elsewhere. I totally agree that trying to stop it with
forged headers that are hard to trace is a big problem, but there is
about a 99% chance someone on this list will see this and figure it out.
All it takes is a machine with windows that has BLUG mail in its inbox,
or BLUG member addresses in the address book. Chris, if you can, take a
look at what is being filtered out, see if it tries to forge the name of
someone from this list.

D. Stimits, stimits at idcomm.com

More information about the LUG mailing list