Recommend
 
 Thumb up
 Hide
16 Posts

BoardGameGeek» Forums » Everything Else » Chit Chat

Subject: Strange email. Is this trouble for my computer? rss

Your Tags: Add tags
Popular Tags: [View All]
Mary Weisbeck
United States
Black Hawk
South Dakota
flag msg tools
"Blow up the damned ship, Jean-Luc!"
Avatar
mbmbmbmbmb
A couple weeks ago I received an email with the subject line "price". It said it was from a friend who often forwards funny or useful things to me. When I opened it all it said was "February price" with an attachment "pricelist.zip". When I unzipped the file, it was empty.

I kept receiving these every couple of days so I wrote my friend and said, hey, what gives? She replied that she hadn't sent anything named price but that the last couple of things she *had* tried to send came back to her.

One of the email features is "view message source" so I did that and this is what I got:

Return-Path:
Received: from mail.bhfc.net (mail.bhfc.net [10.3.1.8])
by mail.bhfc.net (Cyrus v2.2.10-Gentoo) with LMTPA;
Sun, 12 Feb 2006 15:41:58 -0700
X-Sieve: CMU Sieve 2.2
Received: from smtp.rushmore.com (smtp.bhfc.net [209.159.192.11])
by mail.bhfc.net (8.12.11/8.12.6) with ESMTP id k1CMfw2l002992
for ; Sun, 12 Feb 2006 15:41:58 -0700
Received: from gabbert.com (user-0cetc5b.cable.mindspring.com [24.238.176.171])
by smtp.rushmore.com (8.12.11/8.12.11) with SMTP id k1CMfwTU001645
for ; Sun, 12 Feb 2006 15:41:59 -0700
Date: Sun, 12 Feb 2006 16:43:29 -0600
To: "Mariwise"
From: "BurdnBoogzMa"
Subject: price
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------cgrmdwhzkvhfuahvajyd"
X-Virus-Scanned: ClamAV version 0.88, clamav-milter version 0.87 on smtp.rushmore.com
X-Virus-Status: Clean

----------cgrmdwhzkvhfuahvajyd
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit


February price




----------cgrmdwhzkvhfuahvajyd
Content-Type: application/octet-stream; name="pricelist.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pricelist.zip"



----------cgrmdwhzkvhfuahvajyd--

I don't speak computer-ese so I'd appreciate any thoughts or knowledge you geeks might have. This email is starting to worry me.

My friend is BurdnBoogzMa and that *is* her email address. I have no idea who 0cetc5b.cable.mindspring.com is. Should I be worried and how can I make it stop? If I mark it as junk, I probably won't be able to receive mail from my friend.

Confused in South Dakota.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Eric "Shippy McShipperson" Mowrer
United States
Vancouver
Washington
flag msg tools
badge
Ami. Geek.
Avatar
mbmbmbmbmb
You need to get some good virus scanning software and make sure your computer is protected and up to date. That was almost certainly a virus or some other thing that you don't want running on your computer. Here are two rules you should always remember:

1) It is very easy to 'spoof' someone elses email address or make an email appear to be coming from one of your friends. It is also easy to, once imbedded on said friends computer, start sending emails AS that person.

2) For this reason. Never, ever, EVER, open any zip files or any other attatchments that you were not explicitly expecting from them.

If there is one your are not sure about. Call first, or send an email asking if they sent you an attachment before opening.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Eric "Shippy McShipperson" Mowrer
United States
Vancouver
Washington
flag msg tools
badge
Ami. Geek.
Avatar
mbmbmbmbmb
Oh, and one more thing. If you do find an email that is suspect, simply deleting it should do the trick. The vast majority of viruses strike when you actually open the attachment. The email just sitting in your inbox is relatively safe.

PS - It would be a good idea to bring this to your friends attention as well. There could be a virus running on her computer mailing spam to everybody on her contacts list or address book as if it were coming from her.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Michael Van Biesbrouck
Canada
St Catharines
Ontario
flag msg tools
badge
Avatar
mbmbmbmbmb
Yes, it is trouble. Avoid potentially funny attachments in favour of rec.humor.funny.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=110...
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=5...
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mary Weisbeck
United States
Black Hawk
South Dakota
flag msg tools
"Blow up the damned ship, Jean-Luc!"
Avatar
mbmbmbmbmb
Thanks, Eric. I do use an anti-virus program, the free version of AVG, and run it every day. I also use Spybot: S & D, and AdAware and run them about every 2-3 weeks.

Is there something else I should do to check if I have a problem BEFORE I have a melt-down?
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Dave Lartigue
United States
Springfield
Massachusetts
flag msg tools
badge
Avatar
mbmbmbmbmb
Also, if you use Outlook Express, consider changing to a safer mail program, such as Mozilla's Thunderbird. Microsoft has shown a callous disinterest in protecting its users from such things while other email programs have included protections against email viruses.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mary Weisbeck
United States
Black Hawk
South Dakota
flag msg tools
"Blow up the damned ship, Jean-Luc!"
Avatar
mbmbmbmbmb
In response to Michael: CRAP! and thanks. I'm in the process of trying to decipher all that info. If I have any questions, can I send you a geekmail?
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Peter Dahlstrom
United States
Arlington
Virginia
flag msg tools
(This is a picture of a frozen waterfall, from behind the waterfall)
Avatar
mbmbmbmbmb
I have AVG - good program.

You ought to do 2 things now:
1- Make sure your virus definitions are up to date. If they are not, and the virus was created after the virus definitions, the virus checker will not protect you.
2- Once that's done, do a full scan of the computer. If you are infected, AVG should find it and fix it. Different viruses are corrected in different ways - AVG is good at picking the best way, so you don't have to worry about picking.

I don't have AVG here at work, so can't go step-by-step through those operations, but I can write it out for you tonight if you'd like. Just geekmail me.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mary Weisbeck
United States
Black Hawk
South Dakota
flag msg tools
"Blow up the damned ship, Jean-Luc!"
Avatar
mbmbmbmbmb
Peter, my AVG definitions update automatically daily and I run a scan every day. I may not be terribly computer literate, but I know that much.

I appreciate all the help and wanted to update you. I've run the eTrust Antivirus Web Scanner that Michael pointed me to and my AVG and it looks like I'm clean. WHEEEWWW!

It's a scary place out here in Web-land. It's nice to know I'm not all alone. kiss
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Michael Van Biesbrouck
Canada
St Catharines
Ontario
flag msg tools
badge
Avatar
mbmbmbmbmb
Your description makes it sound a lot like you were hit. Did notepad pop up? The program is new (2 Feb), so there might be variants not detected by the antivirus software.

Since your friend is affected, it would be interesting to check if your antivirus software detects the virus on your friend's machine.

Outlook is pretty scary. At one point there was a worm that could affect you if you selected an email, even if you didn't open the email. This made it tricky to delete the email.

I remember the `GOOD TIMES' virus which purported to warn about a virus born by email with the subject line `GOOD TIMES' and instructed people to pass on the warning so that they wouldn't open any such email. Networks got clogged with well-intentioned warnings, but the warning message was the virus -- it infected people, not computers. Then there were the `security experts' saying how silly it was to believe that email could infect your computer....
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Michael Van Biesbrouck
Canada
St Catharines
Ontario
flag msg tools
badge
Avatar
mbmbmbmbmb
Note that I wasn't endorsing any particular antivirus products, just trying to point out the symptoms. Even downloading an alleged virus scanner is not necessarily safe. Are .doc files on BGG scanned? Even an image file can be a danger if the image decoding library has a bug.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Jorge Montero
United States
St Louis
Missouri
flag msg tools
badge
I'll take Manhattan in a garbage bag. With Latin written on it that says "It's hard to give a shit these days"
Avatar
mbmbmbmbmb
mlvanbie wrote:

I remember the `GOOD TIMES' virus which purported to warn about a virus born by email with the subject line `GOOD TIMES' and instructed people to pass on the warning so that they wouldn't open any such email. Networks got clogged with well-intentioned warnings, but the warning message was the virus -- it infected people, not computers. Then there were the `security experts' saying how silly it was to believe that email could infect your computer....


Well, way back then, most email readers did not have any scripting or attachment running features, so reading an email could not infect your computer. It was an unfortunate day when MS decided that running VBscript automatically was a good idea. All the 'reading an email can't give you a virus' indoctrination that everyone received to avoid the 'GOOD TIMES' fiasco just helped the first Outlook viruses to spread faster.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mary Weisbeck
United States
Black Hawk
South Dakota
flag msg tools
"Blow up the damned ship, Jean-Luc!"
Avatar
mbmbmbmbmb
mlvanbie wrote:
Your description makes it sound a lot like you were hit. Did notepad pop up? The program is new (2 Feb), so there might be variants not detected by the antivirus software.

Since your friend is affected, it would be interesting to check if your antivirus software detects the virus on your friend's machine.


The notepad did NOT pop up, so I took that as a good sign. And I assumed that eTrust could find it since they knew all about it.

My friend said her computer has loads of anti-virus and firewalls, etc. I think her husband takes good care of the computer since he uses it for work.

BTW, I don't use Outlook. I'm a Thunderbird/Firefox enthusiast.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Eric "Shippy McShipperson" Mowrer
United States
Vancouver
Washington
flag msg tools
badge
Ami. Geek.
Avatar
mbmbmbmbmb
It wasn't necessarily your friend that is infected. It could be anybody who has both of your email addresses in their contacts or address books. Sometimes viruses will pick two random people from your addresses and send an email 'from' one of them 'to' the other.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Tim Franklin
United Kingdom
Braintree
Essex
flag msg tools
badge
Avatar
mbmbmbmbmb
sodaklady wrote:

Received: from mail.bhfc.net (mail.bhfc.net [10.3.1.8])
by mail.bhfc.net (Cyrus v2.2.10-Gentoo) with LMTPA;
Sun, 12 Feb 2006 15:41:58 -0700
X-Sieve: CMU Sieve 2.2
Received: from smtp.rushmore.com (smtp.bhfc.net [209.159.192.11])
by mail.bhfc.net (8.12.11/8.12.6) with ESMTP id k1CMfw2l002992
for ; Sun, 12 Feb 2006 15:41:58 -0700
Received: from gabbert.com (user-0cetc5b.cable.mindspring.com [24.238.176.171])
by smtp.rushmore.com (8.12.11/8.12.11) with SMTP id k1CMfwTU001645
for ; Sun, 12 Feb 2006 15:41:59 -0700


These lines tell you where the mail went on its way from the sender to you. They read from the bottom up, and normally only the ones that are under your control or that of your ISP can be 100% trusted - it's possible for viruses, spammers and other kinds of scum to forge the rest.

However, in this case it looks pretty plausible all the way down.

If your friend isn't on Mindspring cable, this particular mail probably didn't come from their machine. (Although it's worth their while to virus check etc anyway). As mentioned, if a third party has been infected who has both of you in their address book, you'll get spoofed emails between you sooner or later. It's worth giving a warning to any mutual friends.

If they are on Mindspring, it may be them. Have your friend run 'ipconfig' from a command prompt / DOS box, and see if the address in the last line (24.238.176.171) shows up as being theirs. If so, it's pretty likely to be their machine that's spewing the odd emails, and it probably has something nasty lurking...

(Most cable services do technically recycle IP addresses eventually, but there's a good chance to hang on to the same one for a while...)

The advice given earlier in the thread to switch any from any variant of Outlook to pretty much anything else (although I'll second Thunderbird) is also wise - Outlook makes it far too easy for viruses to get a hold.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Ken B.
United States
flag msg tools
badge
Avatar
mbmbmbmbmb
Mary,

From reading what you're written, it does sound like you got hit--unless your ISP stripped the virus out (the blank .zip file). Lots of ISPs scan incoming mail for viruses--it's as much in their interest as yours that you don't get infected. However, let's just go with the idea that you did get hit since you double-clicked.

First, make sure your anti-virus definitions are up to date. How to do this varies by program, but you want to make sure you have definitions dated within the past two weeks. Older than that, it is suspect that your machine will detect the latest virus threats. Definitions older than a month or two, and realistically you might as well not have virus protection, for all intents and purposes.

Once you are sure you're up to date, reboot the machine in Safe Mode. This is done by hitting F8 during the boot-up process. Once you're in Safe Mode, run the full virus scan (making sure to scan zips and archive files in the process). Let this run, if you have lots of files it can take a while.


The reason you want to run in Safe Mode is because viruses can mask their presence if they are allowed to run in Prefetch or during regular system start-up. Safe Mode bypasses all of this stuff so that they don't initialize and therefore can't "hide" from AV programs. Be warned, though, I have seen some more obstinate viruses be able to load and run even in Safe mode.


If you find any infected files, make sure to take note of the exact virus name that it finds along with the file. You'll want that name so you can research the virus and suggestions for dealing with it on Symantec.com. Virus names will typically have a name like "W32.Sasser.B.Worm", and if you Google the virus name one of the first results that will come up will usually be Symantec's security page where they detail how to deal with the threat.

If you do find anything, allow your AV to Quarantine or Delete the offending file.

Once it appears you are clean, you can restart in normal mode. If you found any viruses, make sure to look them up, they will tell you tell-tale things to look for and offer tips for rooting out the virus if you haven't already.




As far as email, yes, Outlook is more vulnerable--but only because more people use it. I've noted that with many ISPs if you don't use a widely-known package such as Outlook then you may receive subpar customer service.

The "click on email and get virus" problem comes about when Outlook has its Preview Pane open. If you have that turned on, make sure to disable it. The reason it creates a problem is that Outlook has to open the mail (and thereby process all enclosed items) in order to generate that preview.



Good luck!
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.