Email issue

[Vibrant 3D]

Hi,

Someone has received two e-mails from our tech support email address today - techsupport@vibrant3d.com today. The Subject of both was “Have a excite Lady Day” and contained nothing in the body of the e-mail. Total blank.

Anyone have a clue how to address this problem?

Thanks in advance.

Todd

[MichaelC]

Most likely a spam filter would take care of that.

Seriously, I've recently seen a few similar messages. I checked to make sure there wasn't any hidden HTML (or worse), then from the titles and From fields I quickly surmised that it was just spam from a really dumb spammer.

If you think these might be legit messages that are getting messed up in the mail system, you might try sending something to that address via Yahoo mail or similar, just to check it out.

Michael

[kitchin]

http://vil.nai.com/vil/content/v_99367.htm
(That address is ok to click on! It is McAfee's web site.)
The virus is probably not on your computer. It fakes your return address, which it found in someone else's address book. But you should run a virus check (with updated definitions) to be sure your computer is not sending out the virus. Also use Start/Find to look for "wink*.exe" in your Windows/System folder.

[kitchin]

A yahoo or google search is always a good place to start. This one was a little difficult. The second set of keywords I tried worked. Most of these email viruses have a common phrase, but this one chooses from a random selection of words. Bravo McAfee for listing all the words.

[MichaelC]

Interesting, kitchin. A randomly composed title is a new wrinkle.

One question, though. Using a Mac and Eudora as I do, I don't have to worry about getting or distributing such a worm, but I would presume I'd (and Todd should) at least see an attachment with the "payload." (That's why I didn't bother looking it up -- an attachment would have been a dead giveaway for a worm or virus, for sure.)

Is it possible this worm just might send empty messages on occasion?

Michael

[kitchin]

Yes. Some reports say it can send bounce-like messages too.

[MichaelC]

Quote:

Originally posted by kitchin:
Yes. Some reports say it can send bounce-like messages too.

In a way , that's even more insidious -- you get a message with no attachment or anything, totally benign, so the next time you get it you think it's just a repeat of the first, and delete without checking to see if it's compromising your machine!

Just think how much cooler the world would be if virus authors turned their skills to actually making usable products!

Michael

[kitchin]

"When the Email is opened the worm immediately activates using mentioned vulnerability (previewing the message may be enough if your system is not patched)."

This is why I recommend againt Outlook. If you use it, run Windows Update. Windows update is not foolproof though. The important Java Virtual Machine update for Internet Explorer often fails, and Windows Update does not notice. Run "jview" in "\windows\" to make sure the version is >= 5.00.3805. Etc. Ridiculous.

[songdog]

I use Outlook 2000 and have no worries about this kind of virus/worm.

If you follow Microsoft's recommended Security best practices, you'll set your Outlook "security zone" to Restricted. This prevents any scripts or active content from running.

Of course, I also keep up with all Microsoft security patches and Norton AntiVirus updates. I use the Windows Update feature often, and it always works fine for me (Windows 2000 Pro SP2). And I subscribe to a MS mailing list that notifies me whenever they release a security bulletin and/or patch.

Also, I always log onto my PC using a "Restricted"-level user account (unless I need to do software installs/uninstalls or system admin stuff).

As Bruce Schneier says: "security through layers".

[kitchin]

Sound like good practices!

I have had Windows Update fail from time to time on several dissimilar PC's with Win9x/Me. I see an error message either when it completes or on reboot. Then I check the version of a dll or, as above, check jview, and sure enough no update, although Windows Update says the update is no longer needed. Other people here say not to use it for driver updates. I still use Windows Update! Just disappointed.

Thanks for the hints on Outlook Express. Many of my clients use it, and my one experience getting an office to switch to Eudora was a big hassle, because people get used to their email programs. Kinda personal, I guess! I can't even get myself to upgrade to a better version of Eudora. But I have learned a lot of techniques for fixing "broken" files (I'm only talking about very old versions of Eudora). Tricky when an ASCII 0 or 26 gets in a file!