[tig] Viruses

Roddy Pratt roddy
Fri Mar 5 17:49:59 GMT 2004


> ...and just to prove the point that even good guys can run 
> into problems, I
> have just been notified by my ISP that an email from a regular TIG
> contributor has been quarantined, with all the indications of 
> one of the
> current batch of viruses.

You can be 99.9% sure with the current viruses that the 'from' email address is not actually
the person with the infected machine, but merely another email addressee on it.

It works like this:

A opens "imanidiot.exe", and his machine is infected. B and C are both in A's address book, so B gets an email purporting to be from
C with a copy of the virus. Examination of email headers will show a different IP address, but that's guru-level stuff...

The best bit is when B's dumb anti-virus software bounces the virus back to C, saying "email refused to to enclosed virus". thus
giving C another chance to get infected... And, of course, B could be using a Mac, so is still helping spread the virus, even while
immune ;>)

 - Roddy

More information about the Tig mailing list