Re: [NTO] need elementary virus explanation
I too use Eudora and one of the many reasons I do is that many of the email type virii are written expressly for Outlook and Outlook Express since 99% of Windows users use one or the other.
HOWEVER, as you just found out, that is not always the case.
Since I dislike the slowness of all AV's, I have mine set to check all files when they are opened (actually just before they are opened). This helps system speed and catches the little buggers before they can do any damage.
I also use CA's EZ Armor Antivirus instead of Norton or McAffee for the same reason. It isn't as well known as the others so most of the virii creators don't try to defeat it. EZ Armor also has a email protection package with it.
The only time I have gotten virii that weren't immediately identified was when I had my AV turned off for some reason.
You can go to the following link and find out how these virii work.
At 10:16 PM 6/9/2003 -0700, you wrote:
>Hi. I use Eudora, not one of those Outlook programs, and don't open
>attachments from unfamiliar places or that weren't expected or of fully
>known content. Though I own Kaspersky Antivirus, I don't always have it
>installed since I figure, for the reasons mentioned above, that i am not
>likely to contract and redistribute a virus. Nonetheless, I saw a message
>come in that was obviously a virus carrier. I deleted the attachment, but
>was told by somebody in my Eudora address book that I had sent him the
>virus. I have now reinstalled KAV and done a scan with it, but I'm
>perplexed. How does this virus propagate itself? I'm surprised it can use
>my Eudora address book. It's the W32.Bugbear.B.Dam virus. Any
>enlightenment, or pointers to enlightening sites for us non-Outlook users
>would be appreciated.
- Hello Jim,
Tuesday, June 10, 2003, 7:42:07 AM, you wrote:
JH> I too use Eudora and one of the many reasons I do is that many of
JH> the email type virii are written expressly for Outlook and Outlook
JH> Express since 99% of Windows users use one or the other.
JH> HOWEVER, as you just found out, that is not always the case.
Another link where one can read what Bugbear.B does:
,------/ this is a part of that text \----
| To find the new addressees/recipients of the infected e-mails, the worm
| searches through files with the following extensions: .ODS, .MMF, .NCH, .
| MBX, .EML, .TBB and .DBX. A tricky feature of this worm allows it to
| append to existing e-mails and/or send itself by means of resending e-mails
| that had been sent in the past. What is especially tricky is its ability
| to pretend being sent as a reply to the e-mail found.
TBB: The Bat!
All attempts 'till now have failed:
1) Files renamed by ZoneAlarm
2) Intercepted bij NOD32
Even if that would have failed, there was still PC-Cillin...
I don't know about Eudora, but in The Bat!, even if the virus would have made
it as an attachment, it still can't be triggered automatically, whithout a
manual intervention (as possible in OE & Outlook).
using The Bat! 1.63 Beta/10