Worm defense

This forum is for the discussion of technology, computers, & problems relating to the web and your computer

Moderator: Scott Danziger

Post Reply
User avatar
gmattson
Site Admin
Posts: 6069
Joined: Wed Sep 16, 1998 6:01 am
Location: Lake Mary, Florida
Contact:

Worm defense

Post by gmattson »

Someone sent me the following. Since I'm still trying to recover from my last worm attack, this tip sounds especially sound. At least I'll be notified should a computer virus begins to send out infected mail to my address book. What do the experts think? GEM
i think this might work, but not for aol -- more like outlook or the other net mail systems. fortunately the worm does not effect aol mail, so it's not too much of a concern for aol users


Someone e-mailed me this today, it is probably a good idea? Thought I would share it with you.


"I was told about a computer trick today that's really ingenious in its simplicity. As you may know, when/if a worm virus gets into your computer it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm has gotten into your system.

Here's what you do: first, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses. In the window where you would type your friend's first name, type in !000 (that's an exclamation mark followed by 3 zeros). In the window below where it prompts you to enter the new email address, type in WormAlert. Then complete everything by clicking add, enter, ok, etc. Now, here's what you've done and why it works: the "name" !000 will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends. But when it tries to send itself to !000, it will be undeliverable because of the phony email address you entered (WormAlert). If the first attempt fails (which it will because of the phony address), the worm goes no further and your friends will not be infected.

The second great advantage of this method: if an email cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it! If everybody you know does this then you needn't ever worry about opening mail from friends.

Pass this on
User avatar
LeeDarrow
Posts: 984
Joined: Wed May 09, 2001 6:01 am
Location: Chicago, IL USA
Contact:

Worm defense

Post by LeeDarrow »

Mattson-Shihan,

Sorry to disappoint, but there are several worms that do a cascading email, meaning that they essentially create one email letter containing a replica of itself and shoots it to your whole email list at once.

You will still get the reply that you have the worm from the bogus address, if you use it as noted in your post, but it will still go out.

Also, several worms out there write their own SMTP client and simply scan your disk for email addresses without using your email program directly, so this defense will not really work very well.

For IE6, there is a default in Security that is a default setting that will notify you when a program tries to send out email.

But worms don't often just send out spam - they also do other nasty things like reformat your hard drive or rewrite all your Word documents to gibberish or flash (reprogram) your BIOS (which is what your computer uses to start up and talk to the drive, monitor, etc) to garbage which essentially turns your computer to a nice paperweight.

Good idea about the lead address for notification to yourself, though.

After getting such an (unsolicited?) email, I would also run a worm/virus scan as well, just to be safe. This reads like a cover for a worm send, much as I hate to say it.

Respectfully and with fond wishes for a happy holiday season to you and yours,

Lee Darrow, C.Ht.
Computer Innovations, Inc.
312-663-5930
Arnie Elkins
Posts: 44
Joined: Mon Oct 08, 2001 6:01 am
Location: Richmond, VA, USA

Worm defense

Post by Arnie Elkins »

I must agree with Lee. While this may help in alerting you that there is a problem, it will do nothing to prevent the spread of the problem. The part that bothers me most is near the end, "If everybody you know does this then you needn't ever worry about opening mail from friends". Yeah, right.

We used to say 'Don't open email attachments from anyone you don't know'. Now we say, 'Don't open email attachments unless you are expecting them, no matter who they are from'. People are getting more cautious about email, and especially attachments, which is a Good Thing. The statement above makes it sound as though if everyone would just do this one little thing, we could go back to not worrying about nasty things spreading in email ever again. Sorry to say, it just isn't that easy. As our defenses get better, the attackers find new ways to get past them. It is a never-ending cycle, IMHO.

Having said that, anything that will alert you to a problem sooner, rather than later, is a Good Thing. Could be a handy tip. Just don't rely on it to protect you.

Arnie
User avatar
Deep Sea
Posts: 1682
Joined: Sat Oct 19, 2002 6:01 am
Contact:

Worm defense

Post by Deep Sea »

Watch out for the Happy New Year worm.

Also, a report was out today that Windows XP has some bad security leaks in it. I read there that it's pretty easy for an external source to take control of your PC.

------------------
Allen Moulton from Uechi-ryu Etcetera

Just recovered the XP report: http://www.washingtonpost.com/wp-dyn/articles/A7050-2001Dec20.html


And the worm report: http://news.bbc.co.uk/hi/english/sci/tech/newsid_1721000/1721002.stm

[This message has been edited by Deep Sea (edited December 21, 2001).]
Post Reply

Return to “Computer & Web Tech Help”