Due
to recent widespread outbreaks of various computer viruses/worms such as
KLEZ, MyDoom, Bagle, Exploit, et al., we felt it was necessary to
post some information related to these nasty bugs because it has been affecting
us directly. We are receiving several emails daily from Internet
Service Providers' (ISP) Virus Checking Servers across the country claiming
that we have sent an infected file to one of their Internet users.
If
you receive such a notice that WE tried to send you a virus, rest assured
that we DO NOT send any virus infected files.
Recent
Viruses and/or Internet Worms FAKE the FROM:
line in a message from an infected computer.
They spread by emailing themselves from an infected computer to everyone
in that user's Personal Address Book.
THEY
CHANGE THE FROM: LINE BY PICKING A RANDOM ENTRY FROM THE INFECTED
USER'S ADDRESS BOOK SO THAT THE INFECTED MESSAGE IT SENDS OUT APPEARS
TO COME FROM THE RANDOM ADDRESS RATHER THAN FROM THE ACTUAL INFECTED COMPUTER.
Since
our email addresses are in MANY address books across the country, our address
has been picked numerous times making it appear that we are sending infected
email.
Not
only do these worms disguise themselves and the sender, they may also CONTAIN
ANOTHER VIRUS and install it on the infected computer. This is darn
NASTY stuff.
Our
Poultry Business is a sideline. Until my stroke in April, 2003, I
made a living maintaining Windows 2000 network file servers for Sprint
Corporation
and was at that job for over 30 years. One of my primary responsibilities
at work was to assist in the installation and maintenance of Virus Detection
and Cleaning Software on over 1000 file servers. I reviewed numerous
Anti-Virus Company websites daily to stay abreast of the latest developments,
and still do, so I know what I'm doing and talking about when it comes
to Computer Viruses.
Here's
an example of a recent virus that was spreading today, Feb 17, 2004.
Here's how our INBOX looked:
(NOTE: Effective 22 March 2004,
Dashlink.com is no longer our ISP - see the "Contact Us" page for more
info)
Out of 13 total messages,
7 were the just discovered "W32/Bagle.b@MM" worm, (1,2,4,5,7,9,11) one
was a different virus that has had the attachment stripped by some web
server along the way and came through with no text (6), One was a suspected
virus (it wasn't) which our ISP has stripped an attachment from (3), and
only four were REAL messages (8,10,12,13).
The size of the Bagle infected
messages was always 16K since the infected attachment (the paper clip indicates
there is an attachment) is 11,264 bytes and the rest is the header info
and short text.
As indicated by the check
marks, I deleted all but one of the suspect messages (2) before download
so I could do testing on it. But I did it carefully realizing
that it was "probably" infected.
This virus even went as
far as FAKING the FROM line on three of these using OUR OWN email addresses
making it seem that we sent OURSELVES viruses (1,4,9).
This was done using our
past ISP's internet "Mailman" utility where you can check your inbox from
anywhere on the web. It is convenient for screening our inbox before
actually downloading the messages to our computer. Check with your
ISP to see if they have such a utility available. Besides "Mailman", we
know of two other such utilities called "Mail2Web" and "SQWebMail".
All mail we really send
out has a FROM: line of "rockingt@LTEX.net",
but this can also be faked. The following email addresses are all registered
to us: rockingt@ltex.net, rockingt@dashlink.com (pending disconnect
06/01/04) anything@rockingtranch.com,
anything@poultryhelp.com,
anything@rockingt.com,
anything@rockingtpoultry.com, anything@uspatriothelp.com
and anything@justinescrafts.com. We DO NOT use these addresses
to send out mail, and have blocked incoming email to these addresses due
to HUGE amounts of spam they were receiving.
Our
home computer has the very latest version of McAfee Anti-Virus installed,
and the Virus data files are updated each Wednesday to the most current
version as soon as it's released by McAfee. McAfee often releases an emergency
DAT file if a particularly nasty threat is discovered. In these cases
they email their "Warning List", which we are on, and we immediately install
the newly released DAT file.
If
you use McAfee Anti Virus, you can get the latest virus DAT files FREE
here:
Or you can have you computer
scanned for viruses and cleaned with Trend-Micro Anti Virus for FREE by
clicking here:
Our
ISP and web host also has virus detection and cleaning software installed
that would block any infected files I might try to send, so we are covered
from all angles.
If
you receive a message with a virus in it, you can usually tell who it actually
came from by viewing the "Message Source". Most email programs have
a button or menu option for viewing the "message source". There will
be a "Reply To:" address and several instances of "Received FROM:".
Review this message header and besides the address in the actual FROM:
line, you'll see another entry in one or more of the "FROM" entries that
will indicate the actual originating address.
You
can find out more about current virus/worm threats at these Anti-Virus
Websites:
Please
remember to check our Current
Virus Information Page whenever you visit our site to stay aware of
what's currently going around. That page is updated in real-time
by Trend Micro. There's also a link on that page that will TEST AND
CLEAN your computer of any virus infections found FREE, courtesy of Trend
Micro.
BE DILIGENT !!!
IF A MESSAGE LOOKS SUSPICIOUS, DELETE IT BEFORE READING IT, AND NEVER,
NEVER,
NEVER CLICK ON ANY ATTACHMENT YOU WEREN'T
EXPECTING TO RECEIVE.
May
you and your computer remain healthy.
Pete
Theer Webmaster PoultryHelp.com
/ RockingTRanch.com / USPatriotHelp.com / JustinesCrafts.com
Recent
Virus Attacks
