[OPLINTECH] RE: ALERT: The latest round of viruses (a bit long)

JKENZIG JKENZIG@cuyahoga.lib.oh.us
Fri, 5 Mar 2004 08:28:57 -0500 

Good Morning:
Watch out! Here is another variant on the latest virus with an attachment
that I just got. It came from support at my email provider.  I am forwarding
this with my original message alert from yesterday also to Oplintech:


Hello user  of Concentric.net e-mail  server,

Some of our clients complained about the spam  (negative e-mail content)
outgoing  from your  e-mail  account. Probably,  you  have been infected by
a  proxy-relay trojan server. In order to keep your computer safe,
follow the  instructions.

Pay  attention  on attached  file.

Attached file protected with the password for  security reasons. Password is
84670.

Cheers,
   The Concentric.net team
http://www.concentric.net


Remember ALWAYS BE SUSPICIOUS OF ATTACHEMENTS.  This one has the potential
to trick a lot of people. 
Regards,
Jim Kenzig
Network Manager
Cuyahoga County Public Library


-----Original Message-----
From: JKENZIG 
Sent: Thursday, March 04, 2004 10:31 AM
To: All-Mailer
Subject: ALERT: The latest round of viruses (a bit long)
Importance: High


Hello All,
Apparently the virus writers are having a feud.(
http://www.eweek.com/article2/0,1759,1541834,00.asp ) New versions of
several viruses have cropped up over the past week that staff should be
aware of.  All involve opening some form of attachment.  

Remember ALWAYS BE SUSPICIOUS OF ATTACHMENTS IN AN EMAIL!  Check with the
person who sent it to verify it is legitimate. 

The one that is really tricking people is an email appearing to come from
your email administratorthat has an attached Zip file to it, that requires a
password to open it.  Here is a version of the email that got distributed to
the Oplin network this week:

Hello user of  Oplin.org e-mail server, 

We warn you about some attacks on your e-mail account. Your computer
may contain viruses, in  order to keep your computer  and e-mail account
safe, please, follow  the instructions. 

Pay  attention on attached  file. 

Attached file protected  with the password  for security reasons.
Password is  57668. 

Cheers,
    The  Oplin.org team
http://www.oplin.org 

The social engineering of this virus is that password protected zip files
cannot be opened and scanned by any current antivirus program. So the virus
comes in tact to your email program. We block zip files here at the library
so our system is protected but your home system probably isn't. The
temptation to put in a password to open the file is just too great for some
people. After all why would a virus be password protected? Once you entered
the password and opened the file it is too late. 

Another problem that is happening is that these current worms and viruses
pull email addresses from infected computers hard drive, previously visited
web pages and address books and then randomly use those addresses as the
from address to resend out the virus. The possibility(probability) exists
that your email address could be used to send out these viruses without you
ever knowing about it. A problem comes when your email address is used to
send out a virus infected email to another email address that is a bad
address and then the virus infected mail is bounced back to your account.
If you get a returned mail like this in your account you should of course
NEVER open the attachment to see where it came from. Delete it immediately. 

Our email virus checking system here at the library has blocked thousands of
these latest worms and viruses from getting to your mailbox over the last
month. I feel that it is important for me to continue to alert staff that
while we make every effort here at the library to maintain a safe
environment, that it is also important to be aware of these threats when you
use your home computer. I urge staff on their home computers to keep their
antivirus software up to date and use a firewall on their PC like Sygate
http://smb.sygate.com/products/spf_standard.htm , or Zonealarm and to get
Adaware and Spybot Search and Destroy (two free spyware removal tools I've
mentioned before) and run them monthly. 

One final item I would like to address (yeah I know this is getting long)
that I feel is important is Hoaxes.  Before you forward an email on about it
taking guts to say Jesus, a Budweiser frog, a petition to remove under god
from the pledge of allegiance,  Bill Gates or a Disney fortune, please check
the below hoax links to verify it.  I like that staff try to keep me posted
on things that they have heard about (and please do not stop sending the
emails), but I do receive a half dozen or so alerts daily from staff that
are indeed hoaxes.  The first tip that an email is a hoax is if it tells you
someplace in the body of the message to urgently forward and send the
message to everyone you know.  
  
I urge staff to reference the hoax links below before jumping to conclusions
on any email that they receive and if you receive a hoax email you can point
the sender to the proper place so they don't propagate it more. 

Here's to safe computing.

Thanks for your time,
Jim Kenzig
Network Manager

Additional resources
CERT http://www.cert.org/
Microsoft Security Page http://www.microsoft.com/security/
Virus Information http://www.trendmicro.com/en/security/report/overview.htm
Hoaxes http://www.snopes.com &
http://www.trendmicro.com/vinfo/hoaxes/hoax.asp
Also see our intranet page on viruses linked off of the ITD page
http://ccplweb/ccpldocs/itd/Documents/Virus%20links.asp