Virus masquerades as PayPal notice at DVinfo.net

Go Back   DV Info Net > And Now, For Something Completely Different... > The TOTEM Poll: Totally Off Topic, Everything Media

The TOTEM Poll: Totally Off Topic, Everything Media
Let's talk about anything media related.


Reply
 
Thread Tools Search this Thread
Old November 21st, 2003, 07:35 AM   #1
Wrangler
 
Join Date: Dec 2002
Location: Mays Landing, NJ
Posts: 11,542
Virus masquerades as PayPal notice

I thought it might be worth mentioning this since I know a number of people around here use PayPal. I've started getting these bogus PayPal account expiration notices. I thought it was strange since I couldn't recall ever opening a PayPal account, so I just deleted them and didn't think anything else about it. But obviously people are getting taken in by this and it's spreading...

http://www.sophos.com/virusinfo/anal...32mimaili.html
Quote:
W32/Mimail-I is a worm which spreads via email using addresses harvested from the hard drive of your computer. All email addresses found on your PC are saved in a file named el388.tmp in the Windows folder.

In order to run itself automatically when Windows starts up the worm copies itself to the file svchost32.exe in the Windows folder and adds the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SvcHost32

The emails sent by the worm pretend to come from the email address donotreply@paypal.com, and have the following characteristics:

Subject line: YOUR PAYPAL.COM ACCOUNT EXPIRES
Boyd Ostroff is offline   Reply With Quote
Old November 21st, 2003, 07:59 AM   #2
Trustee
 
Join Date: Oct 2001
Location: Chigasaki, Japan.
Posts: 1,660
Ha! You beat me to it Boyd, I got the same thing only 20 mins ago
Adrian Douglas is offline   Reply With Quote
Old November 21st, 2003, 11:55 AM   #3
Warden
 
Join Date: Mar 2002
Location: Clearwater, FL
Posts: 8,267
As, always I am thankful I use a Mac and don't have this problem to worry about.
__________________
Jeff Donald
Carpe Diem




Search DVinfo.net for quick answers | Where to Buy? From the best in the business: DVinfo.net sponsors
Jeff Donald is offline   Reply With Quote
Old November 22nd, 2003, 05:40 AM   #4
Moderator
 
Join Date: Mar 2002
Location: Boston, MA (travel frequently)
Posts: 837
I agree with you Jeff. After all these years (ever since '84) of using Macs, I still have yet to ever experience any tangible virus or hacker problem on any of my Apple Macs, PowerMacs and PowerBooks.

The only one I can recall that ever came close to posing a problem was that silly "AutoPlay Worm" from years ago,,, and it never really was a problem at all, since one simple click-of-the-mouse setting rendered it harmless.

By comparison, my WinDoze desktop and laptop always seem to be besieged by some hack trying to take advantage of all of the MicroSoft backdoor security risks. I wouldn't think of running my peecees these days without Black Ice and Norton AntiVirus running in the background.

- don
__________________
DONALD BERUBE - noisybrain. Productions, LLC
Director Of Photography/ Producer/ Consultant
http://noisybrain.com/donbio.html
CREATE and NETWORK with http://www.bosfcpug.org
and also http://fcpugnetwork.org
Don Berube is offline   Reply With Quote
Old November 22nd, 2003, 08:54 AM   #5
Wrangler
 
Join Date: Dec 2002
Location: Mays Landing, NJ
Posts: 11,542
My experience is pretty similar, and the autostart worm was also the last one to nail me. But it actually did cause me some problems because at the time I was using 600MB MO cartridges to do daily backups, and the worm propogated to these. I used Norton to fix the problem, but one effect was that the date stamp on lots of my files was messed up. The wreaked havoc with file sync software. As a reminder, I still have some of those files today with goofy dates.

Now people have been prognosticating that the switch to a Unix based OS opens the door to lots of new nasties. Fortunately we haven't really seen any yet. But I consider myself even more immune than most, since these things generally spread via e-mail. I read all my mail on a remote unix host using the text-based "Pine" mail user agent. There's really no way to get a virus since the mail itself never gets onto my machine. I generally don't accept any attachments, but when I do it involves saving them on the remote host then transfering via ftp. Eccentric perhaps, but this is how I've been reading my mail since around 1990... :-)
Boyd Ostroff is offline   Reply With Quote
Old November 22nd, 2003, 11:37 AM   #6
Moderator
 
Join Date: Mar 2002
Location: Boston, MA (travel frequently)
Posts: 837
Hi Boyd,

That is pretty cool.

How do you read your email at home?

- don
__________________
DONALD BERUBE - noisybrain. Productions, LLC
Director Of Photography/ Producer/ Consultant
http://noisybrain.com/donbio.html
CREATE and NETWORK with http://www.bosfcpug.org
and also http://fcpugnetwork.org
Don Berube is offline   Reply With Quote
Old November 22nd, 2003, 02:37 PM   #7
Wrangler
 
Join Date: Dec 2002
Location: Mays Landing, NJ
Posts: 11,542
<<<-- Originally posted by Don Berube : How do you read your email at home?

I run PINE on a Linux machine which hosts one of our websites. Pine uses a secure IMAP connection to access my inbox on the company mailserver. The mailserver recognizes this host and accepts outgoing SMTP from it. On my Mac(s) I open a shell session using the OSX Terminal program, then use ssh to connect to the remote Linux host where I run Pine. Pine is a simple cursor based program that was written to run on green-screen terminals.

Now under OSX I could eliminate the Linux box and just run Pine on my Mac (there's a version out there). The only problem with this would be sending outgoing mail since I use a variety of machines that can be at different ip addresses. While it would be possible, it would be more awkward to configure our mail server to recognize these (which is necessary to relay SMTP).

Pine used to be popular on campuses since it was easy to implement and allowed users to access their mail from any terminal. I'm surprised to find there are a number of people that still use it. I started out using a similar program, ELM, sometime in the late 80's, then moved to pine sometime after that. In fact, the authors say that PINE is an acronym, "Pine Is Not Elm". Many (if not most) people would find this all very awkward, but as someone who spent years hacking around with Unix, it's a comfortable, even nostalgic environment for me with a 24 line x 80 character interface.

Sorry... showing my age a bit, and also wandering WAY off topic (but this is the TOTEM pole after all!)
Boyd Ostroff is offline   Reply With Quote
Old November 22nd, 2003, 04:58 PM   #8
Moderator
 
Join Date: Mar 2002
Location: Boston, MA (travel frequently)
Posts: 837
Wow Boyd, that is quite impressive.

Reminds me of that warm fuzzy feeling I used to get when I would see some of the MIT people walk around with PC laptops - but they were running Linux OS and apps instead of WinDoze. Have you ever watched the documentary "Revolution OS" ? Excellent film, I always make it a point to watch it when it is on the Sundance Channel.
http://www.revolution-os.com

What was your first computer? Mine was the Timex Sinclair back in the Summer of '82 (I was 19 at the time hehehe)
http://oldcomputers.net/ts1000.html

Check this out, I am sure that you will appreciate the value of APPLE's X11:
http://www.apple.com/macosx/features/x11

- don
__________________
DONALD BERUBE - noisybrain. Productions, LLC
Director Of Photography/ Producer/ Consultant
http://noisybrain.com/donbio.html
CREATE and NETWORK with http://www.bosfcpug.org
and also http://fcpugnetwork.org
Don Berube is offline   Reply
Reply

DV Info Net refers all where-to-buy and where-to-rent questions exclusively to these trusted full line dealers and rental houses...

Professional Video
(800) 833-4801
Portland, OR

B&H Photo Video
(866) 521-7381
New York, NY

Z.G.C.
(973) 335-4460
Mountain Lakes, NJ

Abel Cine Tech
(888) 700-4416
N.Y. NY & L.A. CA

Precision Camera
(800) 677-1023
Austin, TX

DV Info Net also encourages you to support local businesses and buy from an authorized dealer in your neighborhood.
  You are here: DV Info Net > And Now, For Something Completely Different... > The TOTEM Poll: Totally Off Topic, Everything Media

Thread Tools Search this Thread
Search this Thread:

Advanced Search

 



Google
 

All times are GMT -6. The time now is 10:50 PM.


DV Info Net -- Real Names, Real People, Real Info!
1998-2017 The Digital Video Information Network