| Author | Message | ||
  Lowell (admin) Board Administrator Username: admin Post Number: 49 Registered: 1-2004 Posted From: 69.3.250.188 |
There was a flap created in the "Temptations Movie" thread as a result of spoofing viruses. So I thought I should post my response here for those who might not read it there. The complaint was basically, "Hey, how come you are sending me viruses." "What do you mean, I didn't send you anything." "Yes you did, your email address is on the return address line." ++++++++++++++++++++++++++++++ ++ Virus creators have become very sophisticatated a using addresses from email address books they penetrate. [Upon infection most viruses go directly for the address book. They then use their own send mail server to spread.] This penetration is used to "spoof" others by sending the virus to addresses in the infected address book and selecting an address to use as the return address. Suddenly we think "Hey here is an email from old so and so addressed to me with an attachment." We open it and, bingo, we are infected and othe virus is distributed to our email address list. My antivirus has similarly trapped numerous examples of this with return addresses of SD forumers. As I am in the internet business and aware of this I don't even give it the time of the day. I don't complain to the "sender" because I know that they didn't send it. But, once again, we can see how this can lead to rounds of accusations and recriminations. A couple of months ago I sent the following advisory to my customers and friends. It bears repeating here. �Spoofing� email is a growing and increasingly more sophisticated spam and fraud tactic. In the case below, an email using the spoofed return address of support@atdetroit.net is notifying Lowell@atDetroit.net of an action required to keep my email coming � open the attached [virus infected] file for instructions. This attempt was very primitive and awkward and, as I am the only user of atdetroit.net, it was easy to spot [there is no support@atdetroit.net]. Beware of this. Just because an email return address can look official or have return address of a friend or colleague, it is not necessarily so. Virus programs now pick names from an address books it infects and use them as return addresses when it send out the message with the virus. Also they are able to create an �official� looking address by adding an official name to the domain name of your email address, as shown above with support@atdetroit.net. I have also seen admin@atdetroit.net. For instance, if your email address is johndoe@somename.com, the message may come with a return address of support@somename.com, admin@somename.com, etc. Other recent spoofing tactics include requests from financial companies such as PayPal, Ebay, American Express etc. requesting that you click a link to go to a web page and provide information on your account, perhaps citing problems with the account. The spoofers make exact copies of standard formatted emails of these companies, so they can look appear completely normal and convincing. When you click the link, you will arrive at page that looks just like the company in question. The only give away will be in the web address in the address bar of your web browser, which usually just be numbers. It is a great pity we have to spend time on this, but it now is a part of life. So the old rules remains -- do not allow these attempts compel you into taking action on these requests, especially by opening an attachment that you are not expecting. If you have any question, reply to the email first and get a clear confirmation. And, as always, set up your antivirus programs to automatically download new virus definitions as they are created. Windows users, set up Windows Update to automatically download and install patches to Windows as they are issued. Another tactic to make sure that you create distinctive subject lines in your email. Virus programs usually have a repertoire of 20-30 subject lines that they randomly select. They are rather general "Why don't you answer my email" etc. as opposed to "Hey Ralph, why don't you answer my email about Terra Shirma studios". | ||
Ralph Terrana (ralph) Moderator Username: ralph Post Number: 291 Registered: 3-2004 Posted From: 209.240.205.63 |
Lowell, Thanks for the heads up on this problem. From now on, any Tera Shirma queries get 86ed. In all seriousness, it's too bad we have to put up with situations like this but this is the way of the world at times. Thanks again Lowell. | ||
Lowell (admin) Board Administrator Username: admin Post Number: 50 Registered: 1-2004 Posted From: 69.3.250.188 |
Just to let you all know you are not alone, I get as many as 100 virus emails a day as I have to maintain several email accounts. Every so often, I have to dump an email account, as I recently did with LoBo[at]DetroitYes.com, which was used for registration support for this forum. It was getting 10 virus emails a day mostly from "you" of this forum sent to that account. ha ha The point is that a friend of a friend who has our email address in their infected system could be the source. We will never know; we can only take precautions. | ||
Juicefree20 (juicefree20) 6-Zenith Username: juicefree20 Post Number: 1100 Registered: 4-2004 Posted From: 24.46.184.162 |
Hi Lowell & Ralph, Thanks for the reminder about the spoof tactics. PC World & PC Magazine have constant reminders of this. I don't know why anyone would think that Soulful Detroit would be sending them viruses. Now, I wouldn't put it past any member who has axes to grind, but certainly now the forum itself. But, I'm glad that you addressed this as I'm sure that many of us have either been unaware or have forgotten about these nefarious practices. The cyber stalkers are always busy! | ||
LarsC (the_norwegian) 2-Debutant Username: the_norwegian Post Number: 26 Registered: 4-2004 Posted From: 193.201.74.2 |
If anyone on the forum should need a antivirus program they can get one for free at www.avast.com. I've used it for a year or so and it seems to do the job well. | ||
Destruction (destruction) 3-Pundit Username: destruction Post Number: 54 Registered: 4-2004 Posted From: 69.139.236.125 |
Lowell, Excellent comments on email "spoofing" and virii. There are some virii(trojans, worms, etc.) that are so sophisitcated that they will not allow you to install anti-virus software once they have infected your comp. However, there are several web sites that will scan your computer and eliminate the virus for you. If no else does, I will post a couple of web addresses tomorrow. Avast is a very good free virus proggie used by geeks and nerds all over. Others are AVG and AntiVir. | ||
Carl Dixon (carl_dixon) 2-Debutant Username: carl_dixon Post Number: 30 Registered: 4-2004 Posted From: 195.153.219.170 |
Watch out for Browser Hi Jacks too! Please install 'Ad-aware' - highly recommended: http://download.com.com/3000-2 144-10045910.html?part=69274&s ubj=dlpage&tag=button And as a supplement to your virus checker, 'Stinger' which removes some common virus/trojans that are around these days. Go to this: http://vil.nai.com/vil/stinger / It is the top one, number 1. Just download it to your desktop (or anywhere you want) and run it! I know for sure one anti piece of virus software could not find what Stinger did - and removed it! If anybody is getting emails from me, and they look suspect, get rid of them. My email address has been hi jacked and I receive at least 5 a day from myself, but with odd senders names. I am so used to it now; it is just more of a pain. Great advice and info Lowell. | ||
Destruction (destruction) 3-Pundit Username: destruction Post Number: 63 Registered: 4-2004 Posted From: 199.173.225.21 |
Carl, More good points. Here's the address for an online virus scan. I believe this feature is referred to as house call. http://housecall.trendmicro.co m/housecall/start_corp.asp Also, beware of email with innocuous subjects like, "Hey There" or "Replying to your Email" and especially email with 30K attachments. | ||
Carl Dixon (carl_dixon) 3-Pundit Username: carl_dixon Post Number: 31 Registered: 4-2004 Posted From: 82.44.203.80 |
Also, why not check your 'ports' at; https://grc.com/x/ne.dll?bh0bk yd2 And see how vulnerable your pc is! If you still use a dial up and are not behind a router/firewall at home, you may have access to your pc compromised without even knowing. This web site checks and confirms if you are vulnerable. To help remedy such vulnerabilities �Zone Alarm� is a must and it is free: http://www.zonelabs.com/store/ content/company/products/trial _zaFamily/trial_zaFamily.jsp?l id=home_freedownloads | ||
Juicefree20 (juicefree20) 6-Zenith Username: juicefree20 Post Number: 1150 Registered: 4-2004 Posted From: 24.46.184.162 |
Carl & Destruction, Thanks for the sites. I ran those tests & my computer passed. Thanks a lot, I appreciate your posting those links. |
