The Official Forum  

Go Back   The Official Forum > Basketball
Register FAQ Community Calendar Today's Posts Search

Reply
 
LinkBack Thread Tools Rate Thread Display Modes
  #1 (permalink)  
Old Sun May 05, 2002, 03:22pm
Official Forum Member
 
Join Date: Aug 2001
Location: Western Mass.
Posts: 9,105
Send a message via AIM to ChuckElias
Question

I just received an email from the following address:

[email protected]

The email had an attachment with the file name "Ojklr.scr". I don't remember providing my email address to Official's Choice, but I suppose I might have and just forgotten about it. But I'm a little leary of opening the attachment. Has anybody else ever received a file (without anything else in the body of the email) from Official's Choice? If not, then I'm just going to delete it. I don't want to open up some virus.

Chuck
Reply With Quote
  #2 (permalink)  
Old Sun May 05, 2002, 04:43pm
Official Forum Member
 
Join Date: Aug 2000
Posts: 14,616
Chuck,

Chances are the email has a virus attached to it. The W32.Klez worm virus has been running rampant for the past 10 days. I've received 7 emails from various addresses with different named files attached. Each and everyone was the Klez worm. My Norton Anti-virus caught it every time. Every email came from a fellow official in my association. You can read about the virus at http://www.symantec.com. I would just delete it if I were you.

Tony
Reply With Quote
  #3 (permalink)  
Old Sun May 05, 2002, 05:45pm
Official Forum Member
 
Join Date: Feb 2002
Location: clinton, utah
Posts: 244
Tony and Chuck,
Thanks for posting the info about the virus for the rest of us to be aware of.
__________________
Ron
Reply With Quote
  #4 (permalink)  
Old Sun May 05, 2002, 06:05pm
Official Forum Member
 
Join Date: Aug 2001
Location: Western Mass.
Posts: 9,105
Send a message via AIM to ChuckElias
Thanks, Tony. I haven't heard the name of the virus before, but I have also gotten several suspicious-looking attachments in the last week or so. I've deleted all of them, but this one came from Official's Choice, so I thought it might have some credibility. Thanks for the heads-up. I will indeed delete it right now.

Chuck
Reply With Quote
  #5 (permalink)  
Old Sun May 05, 2002, 06:32pm
certified Hot Mom tester
 
Join Date: Aug 1999
Location: only in my own mind, such as it is
Posts: 12,918
Exclamation

My Norton's always catches any file with the .scr tag and quarantines it. I then delete it without opening regardless of origin.
__________________
Yom HaShoah
Reply With Quote
  #6 (permalink)  
Old Sun May 05, 2002, 07:32pm
Administrator
 
Join Date: Sep 1999
Location: Toledo, Ohio, U.S.A.
Posts: 8,073
The Official's Choice is a reputable mail order business; it is the official supplier for IAABO. The email you posted is one of two the company uses. The other one is [email protected]. You might want to email the company and ask them about the attachment.
__________________
Mark T. DeNucci, Sr.
Trumbull Co. (Warren, Ohio) Bkb. Off. Assn.
Wood Co. (Bowling Green, Ohio) Bkb. Off. Assn.
Ohio Assn. of Basketball Officials
International Assn. of Approved Bkb. Officials
Ohio High School Athletic Association
Toledo, Ohio
Reply With Quote
  #7 (permalink)  
Old Sun May 05, 2002, 08:42pm
Official Forum Member
 
Join Date: Aug 2000
Posts: 14,616
Files with the .scr extension are normally screen savers. However, viruses can come in the form of any extension. The attachments that I have received in the last week have come in the form of .zip, .exe, doc., etc. But they've all been forms of the W32.Klez worm. Anytime that you receive a file attachment that you were not expecting to receive, you should delete it. You can always contact the person and have them send it again if it was authentic.

Just because the Officials Choice is a reputable firm, it doesn't mean that they aren't susceptible to viruses, just like the rest of us. These worms infiltrate your address book. It then attaches itself to email messages and sends to everyone in the address book. If Chuck had previously communicated with them via email, then that is likely where the mesage came from. They would not be aware that the email had been transmitted.

Also, this worm effects AOL address books, not just MS Outlook and Outlook Express address books. 3 of the mailboxes that I received the virus from were AOL addresses. The other 4 were various other ISPs.

Here's a copy and paste from the Symantec.com information:

Due to an increased rate of submissions, Symantec Security Response is upgrading the threat level for W32.Klez.E@mm from level 2 to level 3 as of March 6, 2002.

W32.Klez.E@mm is similar to W32.Klez.A@mm. It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/sec.../MS01-020.asp.

The worm overwrites files and creates hidden copies of the originals. In addition, the worm drops the virus W32.Elkern.3587, which is similar to W32.ElKern.3326.

The worm attempts to disable some common antivirus products and has a payload which fills files with all zeroes.

Reply With Quote
  #8 (permalink)  
Old Sun May 05, 2002, 09:16pm
Official Forum Member
 
Join Date: Sep 2001
Posts: 110
As an aside, the virus also spoofs email addresses and places them in the FROM field.

For instance, say I have the klez virus on my machine. Let's also say that in the past I've emailed you and also emailed officials choice. It is quite possible for the virus to change the from field to the officials choice email address and send itself to you. you think you have received it from officials choice when it could have come from me all along.

I've received this one a dozen times in the past week and everytime I asked the sender to check for the virus on their computers, they came up clean.

Ren
Reply With Quote
  #9 (permalink)  
Old Sun May 05, 2002, 11:08pm
Official Forum Member
 
Join Date: Aug 2000
Posts: 14,616
This is true. You have to check the details to determine what the actual path of the message is.

Good point, Ren.
Reply With Quote
  #10 (permalink)  
Old Mon May 06, 2002, 07:46am
Official Forum Member
 
Join Date: Jan 2000
Posts: 1,051
One other thing you should do is disable your preview pane or or auto preview if you use outlook or novell's group wise, this can automatically trip HTML based viruses as well ( I think there is a strain of the klez that does this).

Also, on a side note, I have renamed 'My Documents' to something else, this way if I do screw up and trigger one of those viruses that attach your docs, it cannot find them. They are hard-coded to look in My Docs, but it won't exist.
Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 07:18am.



Search Engine Friendly URLs by vBSEO 3.3.0 RC1