• Previous message: Hardy M. Cook: "A TEST FROM SHAKSPER: PLEASE DELTE and Ignore"
• Messages sorted by: [ date ] [ thread ] [ subject ]

The Shakespeare Conference: SHK 13.2415  Monday, 16 December 2002

From:           Hardy M. Cook <editor@shaksper.net>
Date:           Monday, December 16, 2002
Subject:        WARNING, Worms, Viruses, and Spoofing

Dear SHAKSPEReans:

Let me first say that I scan every message that I send out and every
message that I receive.

I am beginning to put together the problem with the "Honey" Message.

The only person who can send messages to listserv for distribution to
SHAKSPER is me. I do this from my editor account as it appears above or
with the three missing vowels – editor@eae.shaksper.net. Then listserv
distributes the digests to the SHAKSPER members.

My editor account was apparently "spoofed." If you got a message from my
editor account, it most likely was infected. I never sent the HONEY
message to listserv for distribution to the list. If you got one from
SHAKSPER it probably would have appeared like nonsense characters; you
also may have gotten a virus/worm warning but I am not convinced that
message was destructive. In fact, it appears to have been generated
automatically, so I hope that my password was not compromised.

Here is a bit about what the Norton Anti-Virus website says about
"spoofing":

* This worm often uses a technique known as "spoofing." When it performs
its email routine, it can use a randomly chosen address that it finds on
an infected computer as the "From:" address, numerous cases have been
reported in which users of uninfected computers received complaints that
they sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with
W32.Klez.H@mm. Linda is not using an antivirus program or does not have
current virus definitions. When W32.Klez.H@mm performs its emailing
routine, it finds the email address of Harold Logan. It inserts Harold's
email address into the "From:" portion of an infected message that it
then sends to Janet Bishop. Janet then contacts Harold and complains
that he sent her an infected message, but when Harold scans his
computer, Norton Anti-Virus does not find anything--as would be
expected--because his computer is not infected.

* There have been several reports that, in some cases, if you receive a
message that the virus has sent using its own SMTP engine, the message
appears to be a "postmaster bounce message" from your own domain. For
example, if your email address is jsmith@anyplace.com, you could receive
a message that appears to be from postmaster@anyplace.com, indicating
that you attempted to send email and the attempt failed. If this is the
false message that is sent by the virus, the attachment includes the
virus itself. Of course, such attachments should not be opened.

* The message may be disguised as an immunity tool. One version of this
false message is as follows:

Klez.E is the most common world-wide spreading worm. It's very dangerous
by corrupting your files. Because of its very smart stealth and
anti-anti-virus technic, most common AV software can't detect or clean
it. We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once, and then Klez will never come into
your PC.

NOTE: Because this tool acts as a fake Klez to fool the real worm, some
AV monitor maybe cry when you run it. If so, Ignore the warning, and
select 'continue'. If you have any question, please mail to me.

Apologies but I've lost a whole day with this one,
Hardy

_______________________________________________________________
S H A K S P E R: The Global Shakespeare Discussion List
Hardy M. Cook, editor@shaksper.net
The S H A K S P E R Webpage <http://www.shaksper.net>

DISCLAIMER: Although SHAKSPER is a moderated discussion list, the
opinions expressed on it are the sole property of the poster, and the
editor assumes no responsibility for them.

• Previous message: Hardy M. Cook: "A TEST FROM SHAKSPER: PLEASE DELTE and Ignore"
• Messages sorted by: [ date ] [ thread ] [ subject ]