E-Mail Virus Trick
Moderator: Wiz Feinberg
-
Jack Stoner
- Posts: 22136
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
E-Mail Virus Trick
Deleted. See comment below.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jack Stoner on 27 November 2001 at 04:28 PM.]</p></FONT>
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
Jack,
It doesn't work; it's an urban legend:
Although I haven't received the latest virus, my guess is everyone on the forum is getting the Badtrans.b worm. It and most of the recent variants wouldn't be stopped by the above-described address book trick because they carry their own SMTP engine. That is, they don't use your e-mail program to send out copies. Which is also why the virus won't fail when it hits a "bad" address.
Also, just because addresses display to users in alphabetical order doesn't mean e-mail programs file them the same way. Most don't, using instead a numeric code. A worm/virus looking for the first entry in the address book database isn't necessarily going to come up with the "!000" entry.
The Badtrans, SirCam, and other recent exploits thrive because of one common user configuration: file extensions are turned off by default in Windoze. Every user should turn them on immediately. Then, you'll be able to identify the double extensions these worms use. Such as: "resume.doc.pif".
It doesn't work; it's an urban legend:
Although I haven't received the latest virus, my guess is everyone on the forum is getting the Badtrans.b worm. It and most of the recent variants wouldn't be stopped by the above-described address book trick because they carry their own SMTP engine. That is, they don't use your e-mail program to send out copies. Which is also why the virus won't fail when it hits a "bad" address.
Also, just because addresses display to users in alphabetical order doesn't mean e-mail programs file them the same way. Most don't, using instead a numeric code. A worm/virus looking for the first entry in the address book database isn't necessarily going to come up with the "!000" entry.
The Badtrans, SirCam, and other recent exploits thrive because of one common user configuration: file extensions are turned off by default in Windoze. Every user should turn them on immediately. Then, you'll be able to identify the double extensions these worms use. Such as: "resume.doc.pif".