[Az-Geocaching] Warning the Geocaching community about a new virus

Brian Cluff listserv@azgeocaching.com
Sun, 15 Jun 2003 11:06:43 -0700 

Trisha wrote:
> It is the second one that has me more concerned...someone has taken an
> executable file and changed the suffix from .exe to .htm so the
> recipient
> thinks it's a harmless HTML page.

Oh it's much worse than that.  There is a bug in most of microsoft's 
OSes that if unpatched will open stuff like that automatically if you 
are using Outlook express or outlook (with MS patented virus transfer 
protocol (VTP) http://www.satirewire.com/news/0103/outlook.shtml )
But seriously, the way it works is that the virus is put on an e-mail as 
an attachment... this also works as a webpage with a similar setup... 
the attachemnt is a mime attachement with some sort of executable date 
format, and the suffix on the name of the attachement is some sort of 
file that the e-mail program would normally show inline.  It can also be 
the other way around with the name being an executable and the content 
type being something that a virus can't be in.
Anyway... microsoft has had too many retarded formats for identifying an 
  executable in the past and has retained all of them to remain 
compatible and they get confused when you use conflicting types.
The first type will get you past the weak safe guards of the e-mail 
system and the second will get passed along to the OS itself which will 
reidentify the virus as an executable and run in.. poof your infected, 
and all of this by just opening the mail... you don't even have to run 
the attachment.
so... either update your systems frequently, or run a much better e-mail 
program that doesn't use internet explorer to view e-mail messages, or 
at least turn off viewing attachments all together.
One last thing... turn off your preview pane.  Make it so that you HAVE 
to double click to open a message.  With the preview pane open, you 
can't even delete a message without opening it, so even if you KNOW it's 
  a virus you can't delete it without getting it.  That also leaves you 
open to triggering spammers webbugs that report back to the spammer that 
you did indeed open the message... so now they'll send you lots more 
spam because you obviously open it.

<shameless linux plug>
You could always run linux and just do away with all viruses... there 
aren't any known viruses that are currently capable of running, and in 
the extremely  rare case when a virus is found, the system is fixed so 
it's incapable of running any more... virus killer software is just the 
wrong way of doing things... it doesn't fix the origional problem that 
lets the virus infect you in the first place.
I host both the Phoenix Linux Users Group (PLUG 
http://plug.phoenix.az.us), and the (free) Linux Newbie Classes (same 
address)
Plug meets the second thursday of each month at 7pm, and the newbie 
group meets the 1st wed. at 7pm both at the same location.  If you are 
interested in attending, either write me, or check out the website (that 
I hate)
</end shameless linux plug>

Brian Cluff
Team Snaptek