The Virus is Getting Trickier

[gwpriester]

I received a repsonse from the current tutorial that had the SIRCAM virus included, but not as an attachment, but the machine code. The Hello, How are you... part of the message is what clued me in.

Anybody know how that might work? Does Outlook Express look at code like this and automatically play it?

Gary

Gary Priester

Moderator Person

me be hub televisor

[Erik Heyninck]

I mean that SirCam is known to change the title of the e-mail it sends by taking the title of one of your files, and includes a piece of text or whatever from your files. So my guess is that it found itself, and copied its own code to you.

Njanjanja (eerie voice): so now you know how to make viruses... [img]/infopop/emoticons/icon_eek.gif[/img] some tutorial for september...

I got an infected mail, warned the people and they said they had been cautious not to open ANY attachment and that they had an updated virus scanner installed... If this is true, something weird and very frightening is going on...
Must say that I always look at my mail on the server now. And I hope they find this b****y freak as soon as possible and force him to eat six Macs, and not McDonalds!!! [img]/infopop/emoticons/icon_mad.gif[/img]

[diniel]

Outlook 2002, the email component of Microsoft's Office XP, automatically barrs you from receiving any files with the file extensions below.

ade, adp, bas, bat, chm, cmd, com, cpl, crt, exe, hlp, hta, inf, ins, isp, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, pif, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh

It sounds like a major problem when you first think about it, but it's not at all. First of all, you can't be irresponsible enough to open any of the double extensioned files, because you just simply never see them.

Secondly, there are only 3 or 4 filetypes you'd ever actually expect to receive by email - .js, .pcd and .mdb - Javascript code, Photo CD files (barred because they share the pcd extension with Microsoft Visual Test compiled scripts) and Microsoft Access databases.

However, it's no trouble at all to ask people to zip the files up before they send them to you.

That way, you never get to see any malicious code. Sounds like Microsoft trying to wrap you up in cotton wool so that you can't harm yourself, but it is very effective. If you really really wanted to be able to receive any of the above files, you can just edit a registry entry and get access back to your chosen extension(s).

I've used Outlook 2002 for about six weeks now, and haven't had a problem. I wouldn't expect to have a virus get to me anyway, because I use Norton Antivirus too, but on the offchance, Outlook has the extra layer of protection too.