|
Sun May 05, 2002, 03:22pm
|
|||
|
|||
I just received an email from the following address:
[email protected] The email had an attachment with the file name "Ojklr.scr". I don't remember providing my email address to Official's Choice, but I suppose I might have and just forgotten about it. But I'm a little leary of opening the attachment. Has anybody else ever received a file (without anything else in the body of the email) from Official's Choice? If not, then I'm just going to delete it. I don't want to open up some virus. Chuck 
|
|
Sun May 05, 2002, 04:43pm
|
|||
|
|||
|
Chuck,
Chances are the email has a virus attached to it. The W32.Klez worm virus has been running rampant for the past 10 days. I've received 7 emails from various addresses with different named files attached. Each and everyone was the Klez worm. My Norton Anti-virus caught it every time. Every email came from a fellow official in my association. You can read about the virus at http://www.symantec.com. I would just delete it if I were you. Tony
|
|
Sun May 05, 2002, 06:05pm
|
|||
|
|||
|
Thanks, Tony. I haven't heard the name of the virus before, but I have also gotten several suspicious-looking attachments in the last week or so. I've deleted all of them, but this one came from Official's Choice, so I thought it might have some credibility. Thanks for the heads-up. I will indeed delete it right now.
Chuck
|
|
Sun May 05, 2002, 06:32pm
|
|||
|
|||
My Norton's always catches any file with the .scr tag and quarantines it. I then delete it without opening regardless of origin.
__________________
Yom HaShoah
|
|
Sun May 05, 2002, 07:32pm
|
|||
|
|||
|
The Official's Choice is a reputable mail order business; it is the official supplier for IAABO. The email you posted is one of two the company uses. The other one is [email protected]. You might want to email the company and ask them about the attachment.
__________________
Mark T. DeNucci, Sr. Trumbull Co. (Warren, Ohio) Bkb. Off. Assn. Wood Co. (Bowling Green, Ohio) Bkb. Off. Assn. Ohio Assn. of Basketball Officials International Assn. of Approved Bkb. Officials Ohio High School Athletic Association Toledo, Ohio
|
|
Sun May 05, 2002, 08:42pm
|
|||
|
|||
|
Files with the .scr extension are normally screen savers. However, viruses can come in the form of any extension. The attachments that I have received in the last week have come in the form of .zip, .exe, doc., etc. But they've all been forms of the W32.Klez worm. Anytime that you receive a file attachment that you were not expecting to receive, you should delete it. You can always contact the person and have them send it again if it was authentic.
Just because the Officials Choice is a reputable firm, it doesn't mean that they aren't susceptible to viruses, just like the rest of us. These worms infiltrate your address book. It then attaches itself to email messages and sends to everyone in the address book. If Chuck had previously communicated with them via email, then that is likely where the mesage came from. They would not be aware that the email had been transmitted. Also, this worm effects AOL address books, not just MS Outlook and Outlook Express address books. 3 of the mailboxes that I received the virus from were AOL addresses. The other 4 were various other ISPs. Here's a copy and paste from the Symantec.com information: Due to an increased rate of submissions, Symantec Security Response is upgrading the threat level for W32.Klez.E@mm from level 2 to level 3 as of March 6, 2002. W32.Klez.E@mm is similar to W32.Klez.A@mm. It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names. The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/sec.../MS01-020.asp. The worm overwrites files and creates hidden copies of the originals. In addition, the worm drops the virus W32.Elkern.3587, which is similar to W32.ElKern.3326. The worm attempts to disable some common antivirus products and has a payload which fills files with all zeroes.
|
|
Sun May 05, 2002, 09:16pm
|
|||
|
|||
|
As an aside, the virus also spoofs email addresses and places them in the FROM field.
For instance, say I have the klez virus on my machine. Let's also say that in the past I've emailed you and also emailed officials choice. It is quite possible for the virus to change the from field to the officials choice email address and send itself to you. you think you have received it from officials choice when it could have come from me all along. I've received this one a dozen times in the past week and everytime I asked the sender to check for the virus on their computers, they came up clean. Ren
|
|
Sun May 05, 2002, 11:08pm
|
|||
|
|||
|
This is true. You have to check the details to determine what the actual path of the message is.
Good point, Ren.
|
|
Mon May 06, 2002, 07:46am
|
|||
|
|||
|
One other thing you should do is disable your preview pane or or auto preview if you use outlook or novell's group wise, this can automatically trip HTML based viruses as well ( I think there is a strain of the klez that does this).
Also, on a side note, I have renamed 'My Documents' to something else, this way if I do screw up and trigger one of those viruses that attach your docs, it cannot find them. They are hard-coded to look in My Docs, but it won't exist.
|
 |
| Bookmarks |
|
|
Linear Mode
