On 12 Aug 2008 17:05:02 +0100 (BST), Eleanor Blair
wrote:

The Natural Philosopher wrote:

But this is not a particularly new one I think.

Oh the payload attached to the UPS emails has been changing pretty
rapidly, far faster than some AV vendors update their virus
definitions. Once a day doesn't really cut it any more.

The advice not to follow links or open attachments unless you've
confirmed in some way that they are genuine is much more useful.
Especially as the scam ones like this are getting more convincing.

But security is all about defense in depth.

Most useful one i know is to run the PC by default as a "normal user"
rather than the default sysadmin that M$oft sets up by default, a lot
of these payloads dont get past the OP Sys security restrictions.

mind you - so many tools dont work properly that i dont do it on my
home machine.......
--
Regards

- replace xyz with ntl

The interesting thing is not that there was a virus the I was almost
sure the was..but how many sites *didn't* find it..

For everyone else, there are a couple of similar sites that do
comparative testing, such as...

http://virusscan.jotti.org

http://www.av-comparatives.org is also useful for checking out the
relative strength of an updated and un-updated machine.

trouble is the Dweebs live amongst us ,I am working with 300+
programmers and professionals for a Major credit card company and last
week alone we have had 6 different viruses caused by them opening dodgy
emails or surfing weird sites during lunch breaks

I'd have to query the accessibility of the machines if it's that
prevalent - let me guess, your site uses IE, allows activex, and uses
an old version of java ?

Perhaps it's time to treat them like babies - given the offenders a
linux box, and add site filtering software to everything else (like K9
web protection)

AVG is still scanning.
gulp

If you're stuck, check out some of the links on my site -
http://www.coreutilities.co.uk

Start with Sysclean (kill AVG temporarily first), and scan with Spybot
S&D as well once you're done.

If you're not sure if the system is clean, try to stay offline for 2-3
days to let the virus signatures catch up, then download the latest
sigs / spyware definitions from another machine and install them with
your main system remaining offline.

I've just had to do this for a colleagues' fathers laptop - an initial
scan showed 18 viruses, mainly of the bank account stealing sort, and
another 20 traces of the same appeared in Spybot S&D.

A scan a couple of days later came up with a couple more things, but
these seemed to have been rendered useless by the earlier scans.

"Colin Wilson" o.uk wrote
in message g...

let me guess, your site uses ... an old version of java ?

Given that there are different bugs in different versions of Java, and even
when there aren't "bugs" that can be proven as such there are
incompatibilities, you sometimes need different versions of Java in order to
be able to run different applications.

If you're *very* unlucky this means each machine needs several versions of
Java, and each user needs to be adept at spotting when an application is
trying to run with the wrong version and fixing it. More common is the
situation that you find a version of Java that works for most of your users
most of the time ... but it's quite likely not the latest one, given the
application development and upgrade cycle times, hence people using "an old
version of Java" for extremely good reasons is not going to be uncommon.

--
Tim Ward - posting as an individual unless otherwise clear
Brett Ward Limited - www.brettward.co.uk
Cambridge Accommodation Notice Board - www.brettward.co.uk/canb
Cambridge City Councillor

you sometimes need different versions of Java in order to be
able to run different applications.

Although I don't use java heavily, I don't recall a single application
written using the official (non-microsoft-*******ised-pseudo-java)
version not working with the latest release :-}

Sadly, our place is keen to use activex and *******ised-non-java-java
for almost everything from intranet to bespoke applications :-/

....and yes, now we find ourselves in the same situation where we need
to have java switchers in place to run what I warned them about years
ago.

Speak of the devil, and he comes and cr*ps on your shoulder ...


--- On Wed, 13/8/08,
wrote:

-----Inline Attachment Follows-----
From:
Subject: Congratulation, You Have Won £800,000.00!!!
To:
Date: Wednesday, 13 August, 2008, 12:31 AM

Dear Winner,

This is to officially notify you that youremail
address officially emerged and wonthe sum of £800,000GBP
(Eight HundredThousand British Pounds Sterling) in theOnline
Irish Gaming Board Programme.

For more information on how
toredeem your prize, You are to replyto your claims agent
with theinformation below as soon as you receive this
notification.
NAME: Mr. Terry
ColeE-mail:
INFORMATION FOR CLAIMS
1. Full Names:
2. Address:
3. Phone numbers:
4. Country:

Your's Truly
(Promotions Co-ordinator)Copyright © 2008 Irish
NationalLottery Inc.

Note:

eMail purports to be from Irish Gaming Board, but comes from
optonline.net domain, which is just another ISP, and I should reply to
hotmail domain, which one of the most easily abused online email
systems, in that they make only minimal, if any, provenance checks.

Split infinitive, wouldn't mean anything the other side of the pond,
but bad English this side, capital Y in middle of sentence, Your's
instead of yours.

Mail contains attachment the purpose of which is not mentioned in
text.

So virus spam, I think. Pity, I could have done with £800,000.

On Tue, 12 Aug 2008 16:58:21 +0100, Java Jive wrote:

Trouble is, they are designed to look like something else.
[snip]
There have been a number of other such recently, but I can't remember
details now. I think one concerned the National Lottery, or Premium
Bonds, or perhaps there was one of each.

AFAICR the one thing they all had in common was that the email address
of the sender didn't appear to be connected with the company being
impersonated.

The Natural Philosopher wrote:
I received a suspect mail and sent it off to the virus scan site

Had the same, it's due to your computer being infected by a virus BEFORE
the email.

Assuming your replies, this is a troll, but,

Boot a live CD and scan.

Ask for more help on this, or better yet, Google and learn a ****-load.

Cork Soaker wrote:
The Natural Philosopher wrote:
I received a suspect mail and sent it off to the virus scan site

Had the same, it's due to your computer being infected by a virus BEFORE
the email.

Assuming your replies, this is a troll, but,

Boot a live CD and scan.

Ask for more help on this, or better yet, Google and learn a ****-load.

Oh dear.

This idiot isn't killfiled here.

Didn't you bother to see I was posting on a Mac, and it couldn't e
infected with a windws virus?

"Colin Wilson" o.uk wrote
in message g...
you sometimes need different versions of Java in order to be
able to run different applications.

Although I don't use java heavily, I don't recall a single application
written using the official (non-microsoft-*******ised-pseudo-java)
version not working with the latest release :-}

Sadly, our place is keen to use activex and *******ised-non-java-java
for almost everything from intranet to bespoke applications :-/

How are they doing that? M$ dumped their java like language years ago.
You can't download the engine or any fixes from M$.
You can't get a license to run their engine so its probably illegal if you
are.
All the existing licenses were revoked IIRC.


...and yes, now we find ourselves in the same situation where we need
to have java switchers in place to run what I warned them about years
ago.