Keith Bergen keith at keithbergen.com
Thu Jan 22 14:54:02 GMT 2004

I second Johannes suggestions. I've had people say things 
like "But it came from a guy that knows everything about 

Make sure that people know that there are viruses out there 
that people can get. They pick two names from your address 
book, and propagate the virus to one name, and from another. 
I have had many angry people claim that I sent them virii, 
when in fact, I was as much the victim as they were. Some 
comprimised system out there simply sent it with my address 
spoofed as the from.

As we all know, it is very simple to spoof the from address, 
and from addresses are not in any way surety that the email 
came from that person.

Just my little input,

Keith ... or was it really Keith?

---- Original message ----
>Date: Wed, 21 Jan 2004 22:17:42 -0500
>From: "Johannes B. Ullrich" <jullrich at sans.org>  
>Subject: Re: [Dshield] FW: VIRUS ALERT  
>To: General DShield Discussion List <list at dshield.org>
>This is a classic virus HOAX. The message is the virus ;-).
>Do not delete this file, you may render your system useless.
>However, this brings home an important point: Don't trust
>some random guy on a mailing list (no no... trust me...
>just not the other guys).
>General rules:
>- verify virus mails like this with a major AV vendor.
>- do a quick Google search on key words (like jdbg.exe).
>- check with the source.
>- If you are in charge of IT in a company, make sure users
>  will not forward virus warnings. They should only go to you
>  and you should be the only 'trusted' source for warnings 
>  this.
>> Hi people - I just found out that I received a virus that 
is automatically
>> passed to everyone in my address book. Since you are in my 
address book, you
>> will probably find it in your computer too. The virus is 
called jdbg.exe and
>> is not detected by Norton or McAfee anti-virus systems. 
The virus sits
>> quietly for 14 days before damaging your system. It is 
sent automatically by
>> 'messenger' using your address book whether you sent it to 
your contacts or
>> not. Here is how to check for the virus and how to get rid 
of it.
>CTO SANS Internet Storm Center               
>phone: (617) 837 2807                          
jullrich at sans.org 
>contact details: http://johannes.homepc.org/contact.htm
>signature.asc 1k bytes
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list