[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bill Ricke Email

no "one" is sending mail using Bill's Addy.  It goes a little something like this, Bill opens an attachment that he shouldn't, wrapped inside of the .exe is a virus of some sort, in this case the Magistr Worm.  What this now does is infect 32 bit PE tyle files in the Windows directory and subdirectories.  It will then proceed use our POP mail service to email Bill's contact list.  And finally to give itself some virus security, it installs itself to run at eash system startup.
The code is encrypted, polymorphic and uses anti-debugging techniques to make it difficult to detect.  It has been cleaned before, but for "some" reason he got it again.  Dont' fret, no one is infected besides bill,,and if you are infected from Bill's email it is because you opened something you shoudln't have.
----- Original Message -----
Sent: Thursday, November 15, 2001 10:14 AM
Subject: Re: Bill Ricke Email

so who is sending this using Bill's address????
----- Original Message -----
Sent: Thursday, November 15, 2001 9:07 AM
Subject: Re: Bill Ricke Email

Well, the reason why it looks like a virus is because it is a virus.  But the problem really is that it didn't originate from this office.  So this leads me to believe that there are support people or salesmen in the field or from other offices opening emails that they shouldn't or just not paying attention to what the attachment is.
So listen, rule of thumb for viruses.  DON'T OPEN ANYTHING!!!  And by open, I don't mean "don't view your mail", I mean don't open an attachment, unless you are overly sure it is from someone you expected it from.
Don't open an .exe, .eml, .js, etc.
Robert-Quarantine Office LOL
----- Original Message -----
To: Support
Sent: Thursday, November 15, 2001 10:00 AM
Subject: Bill Ricke Email

I have been deleting all mail from Bill as it is suspicious
suggest we find out what is going on as it looks like viruses