[Dshield] FW: VIRUS ALERT
keith at keithbergen.com
Thu Jan 22 14:54:02 GMT 2004
I second Johannes suggestions. I've had people say things
like "But it came from a guy that knows everything about
Make sure that people know that there are viruses out there
that people can get. They pick two names from your address
book, and propagate the virus to one name, and from another.
I have had many angry people claim that I sent them virii,
when in fact, I was as much the victim as they were. Some
comprimised system out there simply sent it with my address
spoofed as the from.
As we all know, it is very simple to spoof the from address,
and from addresses are not in any way surety that the email
came from that person.
Just my little input,
Keith ... or was it really Keith?
---- Original message ----
>Date: Wed, 21 Jan 2004 22:17:42 -0500
>From: "Johannes B. Ullrich" <jullrich at sans.org>
>Subject: Re: [Dshield] FW: VIRUS ALERT
>To: General DShield Discussion List <list at dshield.org>
>This is a classic virus HOAX. The message is the virus ;-).
>Do not delete this file, you may render your system useless.
>However, this brings home an important point: Don't trust
>some random guy on a mailing list (no no... trust me...
>just not the other guys).
>- verify virus mails like this with a major AV vendor.
>- do a quick Google search on key words (like jdbg.exe).
>- check with the source.
>- If you are in charge of IT in a company, make sure users
> will not forward virus warnings. They should only go to you
> and you should be the only 'trusted' source for warnings
>> Hi people - I just found out that I received a virus that
>> passed to everyone in my address book. Since you are in my
address book, you
>> will probably find it in your computer too. The virus is
called jdbg.exe and
>> is not detected by Norton or McAfee anti-virus systems.
The virus sits
>> quietly for 14 days before damaging your system. It is
sent automatically by
>> 'messenger' using your address book whether you sent it to
your contacts or
>> not. Here is how to check for the virus and how to get rid
>CTO SANS Internet Storm Center
>phone: (617) 837 2807
jullrich at sans.org
>contact details: http://johannes.homepc.org/contact.htm
>signature.asc 1k bytes
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list