I just received an email from "sateuro.com" which contains a virus file attachment called "cdlabel.exe.exe" I scanned it out of curiosity (no, I wouldn't have run it in any case) and found it to be "W32.Bugbear@mm", which is apparently a known virus. So, just be careful out there. :)

Thank you for the warning

Thanks ;)

You do have to admit there's something Darwinian about virii, though... anyone who would open and run an exe, bat, or pif file from email with no idea of what it is...

Quote: "You do have to admit there's something Darwinian about virii, though... anyone who would open and run an exe, bat, or pif file from email with no idea of what it is... " Hehe. Evil man. ;)

BugBear is an unusually eeeeevil virus. It's my understanding that it can in some cases circumvent Norton AV. (Scary.) I'm glad you caught it without any trouble! IMO The "Darwin" theory is a little rough in this case. Not all computer users are as computer-literate as we, nor do I think that's a matter of stupidity. How many of you have grandparents, for example, who have computers but don't understand all the internet-related issues? Are they stupid if they open an innocent-looking attachment? Not necessarily. Innocently ignorant, is more like it. I see a lot of anti-.exe sentiment in these forums, but it's important to remember that .zip files also sometimes contain malicious scripts. I'm sure we all agree that pretty much all downloads should be scanned with AV software prior to opening or executing.

Hey, I didn't say Darwin was exactly moral B^) He's already out to get our grandparents!

That's true. Heck, he called the Austrolopithecines, Neanderthals, and Simians, and that's just not very respectful. :-)

Attached Link: http://www.renderosity.com/messages.ez?ForumID=12418&Form.ShowMessage=911046

xoconostle; you are absolutly correct, BugBear will cripple Norton and cause it to lock up you port(s). you will find that your browsing works but are not able to send mail with any app from your machine. I think Norton's site may have a fix to remedy this?

it is my understanding that virii can infect almost any type of file extension. just fyi. I also have heard that bugbear is the latest and greatest as far as the nasties are concerned. I think it disables/corrupts Norton.

I'm not sure if there was a virus in a letter I got, but I think there might have been. When I got the letter, I deleted it as soon as I saw it, because I thought it was junk mail. I didn't even notice there was an attachment. The subject of the letter = junk mail to me. Later I noticed that ZoneAlarm had a MailSafe alert. I never noticed that before. I investigated. It seems that the letter had a link on it that called an exe file. Zone Alarm Pro renamed the file to .com. Not sure if it's possible, but it sounds as if that executable file would have executed if I had opened the letter and clicked on that link. Sneaky!

Virii can infect any type of file. Extensions are meaningless except to Windows. however those same extensions tell windows whether or not to let the file be executable. Theoretically a virus could take over a JPEG, for instance, but you would have to set the extension to .exe or .pif to make it run, and if it doesn't run it doesn't do anything. On linux, the equivalent would be setting the user permission to 1, 3, or 7, on MacOS9, by setting the CRTR in the Resource Fork to APPL. There is another type of windows virus, called a Macrovirus, which takes advantage of security holes in Word/Office macros. You could make a Java class virus, but it wouldn't do anything because Java classes don't get access to anything except processor time. Anything else that executes code (reading an OBJect file or a PP2 or CR2, etc doesn't count as executing code even though it looks like code) could activate viral activity. The worst, though, infect the boot sector of the hard drive itself and execute instructions at the BIOS level, below Windows' control -- these can also infect other machines with the same basic architecture (ie, Intel/AMD boot sector virii can infect both Windows and Intel-built Linux boxes). but they still have to get there somehow -- something has to write them to the boot sector in the first place, which has to be executable in some way. One thing to watch out for though -- most plugins DO execute code. So that free filter for Photoshop or 3DSMax primitive generator you found, for instance, should definitely be scanned if you do not know and trust the source. And at this point this is actually vaguely on-topic because it's educational to Poser (and other) users and a virus infection can prevent Poser from working, after all -- and EvoShandor does not need to panic that a FreeStuff download would be a threat (malicious ZIP files are ones that do things like overwrite :Runtime:Libraries:ZygotePeople:Stephanie.cr2 with a blank file, and can be avoided by unzipping somewhere besides directly into the target folder and placing things manually) unless that FreeStuff download is an executable file. (And presumably, one you purchase on 'rosity has already been screened).

Hmm. .com would execute, too, at DOS level. But not from a URL. That's not good. However, unless you've set your security to virtually nil (which you have to know how to do, and generally if you do, you don't), IE and Netscrape will both ask you if you want to save the file to disk or execute it before just running it.

Actually, I was mistaken about the renaming to .com. They renamed it to something like zp9

I have been recieving quite a few viruses in emails of late. They are all disguised as either freebies, or something like. "I couldn't get this to work can you take a look at it for me". There was one disguised as a email deamon failure notice. I have my email scanned as it comes in, I just delete them. Its very annoying, the viruses are usually that bugbear or win32klez or something like that. It looks like they try to make it look like official mail to get you to open it, so be careful!

DON'T fool around with this 'bugbear' it is one nasty pice of work http://securityresponse.symantec.com/ has quite a sizable section on the beastly thing