Don't click on "goner.scr" in your emails!

Discussion in 'Archived Threads 2001-2004' started by Patrick Sun, Dec 4, 2001.

  1. Patrick Sun

    Patrick Sun Studio Mogul

    Joined:
    Jun 30, 1999
    Messages:
    38,763
    Likes Received:
    488
    Trophy Points:
    9,110
    Ah! This damn "goner.scr" virus is spreading like wildfire!

    I swear PC users can be so naive and stupid. I get 4 instances of these email worms, and know immediately that's it's a virus of some kind. But obviously other people love clicking on anything with a *.scr extension, so it's been fun cleaning up people's PC messes this afternoon.

    At least it's sort of easy to contain in that we use Notes for email, so none of it is being sent through the Outlook email address books. But it's a pain to kill off the process, and clean up the Windows registry.

    Ugh!
     
  2. Howard Williams

    Howard Williams Supporting Actor

    Joined:
    Mar 7, 2001
    Messages:
    521
    Likes Received:
    0
    Trophy Points:
    0
    6 different people today have sent that virus infected email to me. Network server caught it right off the bat. (McAfee)
     
  3. Bill Catherall

    Bill Catherall Screenwriter

    Joined:
    Aug 1, 1997
    Messages:
    1,560
    Likes Received:
    0
    Trophy Points:
    0
    I got about 14 of those emails at work. All of them sent twice be each user from within the office that was infected. I was suspicious of the first email I received. It was from someone I never get email from with the Subject "Hi." Then before I could even delete it a second one popped up from someone else, then a third. I ran over to my neighbor to warn him and when I came back there were 6 more waiting for me. Then one popped up from a guy that sits just on the other side of the cubical wall from me. I had a good time laughing at him for being so stupid to open it. So far...I'm clean.
     
  4. Kevin P

    Kevin P Screenwriter

    Joined:
    Jan 18, 1999
    Messages:
    1,439
    Likes Received:
    0
    Trophy Points:
    0
     
  5. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
    Trophy Points:
    0
    What I don't get is when the message says something like, "hi! i send nude picture my wife for you!", and people open it anyway. First of all, if the horrible English doesn't clue you in, the nude picture of someone's wife whom you've never heard of being sent to your email account at work ought to enlighten you in some way.

    But no. People still open them. Exactly how do you explain your actions then? "Well, I wanted to see the picture!" If it were my company, I'd be firing people left and right...

    My father is the worst. I've told him time and time again, "STOP opening attachments that people send you." Yet he still calls me up. "Uh, I think I have a virus." How did you get that? .. "Well, I ran this program that so and so sent me, and..." I've told him at least a hundred times. He doesn't listen. He will go back into his computer room 10 seconds later and open the attachment again. I don't know what his deal is. He's an intelligent man. He has no problems following directions. When I tell him how to use other devices, he does fine. But when it comes to the computer, it goes in one ear and out the other. It's to the point that my mother wants to buy a computer of her own so she doesn't lose her documents due to his negligence. (The worst part is he always wants me to come over and fix it for him right away, and I have to be a big meanie and tell him "No, I told you not to do that, so you're going to have to wait until it's convenient for me to fix it.")
     
  6. Joseph DeMartino

    Joseph DeMartino Lead Actor

    Joined:
    Jun 30, 1997
    Messages:
    8,311
    Likes Received:
    13
    Trophy Points:
    5,610
    Location:
    Florida
    Real Name:
    Joseph DeMartino
    Actually, some of the newer and nastier virus do not require that you open them, or open an attached file, to work. Just highlight them with your mouse (as you would to delete them) and they've already executed. Nor are they limited to Outlook and Outlook Express. So before you get hurt patting yourself on the back for not opening files and not running Outlook, make sure your anti-virus software is up to date. I got four of five of these little bastards sent to me in one day (and dealt with I don't know how many customers at work who had them - and didn't update their virus signature files or who let their update subscription lapse.) In my case Norton identified them an quarrantined them before even letting the messages into my in-box.

    Regards,

    Joe
     
  7. Kevin Potts

    Kevin Potts Second Unit

    Joined:
    Feb 17, 2001
    Messages:
    328
    Likes Received:
    0
    Trophy Points:
    0
     
  8. brian a

    brian a Second Unit

    Joined:
    Jan 29, 2000
    Messages:
    448
    Likes Received:
    0
    Trophy Points:
    0
    At this point instead of being pissed at the folks at work that are opening the attachment, you should be pissed at the IT folks for letting .scr files along with a host of others get through to the users.

    brianca...
     
  9. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
    Trophy Points:
    0
     
  10. Bill Catherall

    Bill Catherall Screenwriter

    Joined:
    Aug 1, 1997
    Messages:
    1,560
    Likes Received:
    0
    Trophy Points:
    0
     
  11. MickeS

    MickeS Producer

    Joined:
    Jul 24, 2000
    Messages:
    5,058
    Likes Received:
    1
    Trophy Points:
    0
    Ryan, why don't you just tell your mother to put Norton or McAfee anti-virus on their computer? Problem solved.

    Also, yes there ARE viruses that execute if you just click on the e-mail to view it (in Outlook Express at least). I received one myself.

    However, the one I received only does this under one condition, I believe: if you have deselected to show the "Open attachments warning" in the setting. This is normally done, for example, when you receive an attachment, the warning comes up, you select "Open it" and DESELECT "Always ask before opening this type of file".

    Since this is a fairly common (but very bad) procedure ("I don't want to have to go through this dialog every time, I'll just uncheck this"), but if OE is set this way, yes the attachment WILL execute without having to manually open the attachment. So if a user says "I didn't open the attachment", don't just assume they're lying or don't know what they're talking about; they might just have the warning disabled.

    EDIT: I noticed that Ryan was talking about viruses that executed WITHOUT opening the e-mail, just by selecting it. I too believe no viruses like that exist. However, since the preview pane is ON by default in Outlook Express, "selecting" an email and "viewing" it, are normally the same thing. It was also listed as one of the exceptions in Ryan's post, but I believe that is not an exception, I believe it to be the norm.

    /Mike
     
  12. Joseph DeMartino

    Joseph DeMartino Lead Actor

    Joined:
    Jun 30, 1997
    Messages:
    8,311
    Likes Received:
    13
    Trophy Points:
    5,610
    Location:
    Florida
    Real Name:
    Joseph DeMartino
     
  13. Bill Catherall

    Bill Catherall Screenwriter

    Joined:
    Aug 1, 1997
    Messages:
    1,560
    Likes Received:
    0
    Trophy Points:
    0
    Joseph - I read through the pages you linked and some additional documents regarding this malformed MIME exploitation and they all say that the email has to actually be rendured...meaning you have to open it. No where did it say that simply selecting it before deleting it would execute the virus. Selecting an email does not open it unless you have the preview pane turned on. So now I don't see where you're getting this information.
     
  14. Joseph DeMartino

    Joseph DeMartino Lead Actor

    Joined:
    Jun 30, 1997
    Messages:
    8,311
    Likes Received:
    13
    Trophy Points:
    5,610
    Location:
    Florida
    Real Name:
    Joseph DeMartino
    But if you do have the preview pane turned on the virus can execute without prompting, and therefore a system can be infected without anyone deliberately running the attachment - which is why telling people that they can't get an infection without opening an attached file is, at best, incomplete advice. Which was my only point.

    Regards,

    Joe
     
  15. Bill Catherall

    Bill Catherall Screenwriter

    Joined:
    Aug 1, 1997
    Messages:
    1,560
    Likes Received:
    0
    Trophy Points:
    0
    Ok, Joe. It's just that you didn't make that clear the first time. All you said was that if you highlight it, it executes. The truth then is that if you open the email it executes. Using a preview pane is equivalent to opening it. Thanks for the clarification.
     
  16. Ryan Wright

    Ryan Wright Screenwriter

    Joined:
    Jul 30, 2000
    Messages:
    1,875
    Likes Received:
    0
    Trophy Points:
    0
     
  17. MickeS

    MickeS Producer

    Joined:
    Jul 24, 2000
    Messages:
    5,058
    Likes Received:
    1
    Trophy Points:
    0
     
  18. MikeH

    MikeH Stunt Coordinator

    Joined:
    Nov 22, 1999
    Messages:
    170
    Likes Received:
    0
    Trophy Points:
    110
     
  19. Kendal Kirk

    Kendal Kirk Stunt Coordinator

    Joined:
    Aug 15, 2001
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    0
    We had 17 nimrods in our office that open this thing. Hopefully they learned something yesterday also.
     
  20. John Miles

    John Miles Stunt Coordinator

    Joined:
    Jan 16, 2000
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    0
    The "preview pane" exploit was fixed back when the original ILOVEYOU virus was going around. It is not, to my knowledge, a problem now.
    Everyone running Windows should be visiting http://www.windowsupdate.com early and often.
     

Share This Page