SamTherapy opened this issue on Oct 16, 2002 ยท 17 posts
SamTherapy posted Wed, 16 October 2002 at 11:27 AM
I just received an email from "sateuro.com" which contains a virus file attachment called "cdlabel.exe.exe" I scanned it out of curiosity (no, I wouldn't have run it in any case) and found it to be "W32.Bugbear@mm", which is apparently a known virus. So, just be careful out there. :)
Coppula eam se non posit acceptera jocularum.
Chris posted Wed, 16 October 2002 at 11:50 AM
Thank you for the warning
"It Is Useless To Resist!" - Darth Vader
pokeydots posted Wed, 16 October 2002 at 12:33 PM
Thanks ;)
Poser 9 SR3 and 8 sr3
=================
Processor Type: AMD Phenom II 830 Quad-Core
2.80GHz, 4000MHz System Bus, 2MB L2 Cache + 6MB Shared L3 Cache
Hard Drive Size: 1TB
Processor - Clock Speed: 2.8 GHz
Operating System: Windows 7 Home Premium 64-bit
Graphics Type: ATI Radeon HD 4200
•ATI Radeon HD 4200 integrated graphics
System Ram: 8GB
_dodger posted Wed, 16 October 2002 at 12:49 PM
You do have to admit there's something Darwinian about virii, though... anyone who would open and run an exe, bat, or pif file from email with no idea of what it is...
SamTherapy posted Wed, 16 October 2002 at 12:52 PM
Quote: "You do have to admit there's something Darwinian about virii, though... anyone who would open and run an exe, bat, or pif file from email with no idea of what it is... " Hehe. Evil man. ;)
Coppula eam se non posit acceptera jocularum.
xoconostle posted Wed, 16 October 2002 at 1:24 PM
BugBear is an unusually eeeeevil virus. It's my understanding that it can in some cases circumvent Norton AV. (Scary.) I'm glad you caught it without any trouble! IMO The "Darwin" theory is a little rough in this case. Not all computer users are as computer-literate as we, nor do I think that's a matter of stupidity. How many of you have grandparents, for example, who have computers but don't understand all the internet-related issues? Are they stupid if they open an innocent-looking attachment? Not necessarily. Innocently ignorant, is more like it. I see a lot of anti-.exe sentiment in these forums, but it's important to remember that .zip files also sometimes contain malicious scripts. I'm sure we all agree that pretty much all downloads should be scanned with AV software prior to opening or executing.
_dodger posted Wed, 16 October 2002 at 1:32 PM
Hey, I didn't say Darwin was exactly moral B^) He's already out to get our grandparents!
xoconostle posted Wed, 16 October 2002 at 2:17 PM
That's true. Heck, he called the Austrolopithecines, Neanderthals, and Simians, and that's just not very respectful. :-)
JohnRender posted Wed, 16 October 2002 at 2:30 PM
Attached Link: http://www.renderosity.com/messages.ez?ForumID=12418&Form.ShowMessage=911046
Okay, now why is this post still in the Poser Forum? It has NOTHING to do with Poser? And, yet, when I post a thread about Poser as a *sexual aide*, it gets relegated to the OT forum?!?!
igohigh posted Wed, 16 October 2002 at 2:52 PM
xoconostle; you are absolutly correct, BugBear will cripple Norton and cause it to lock up you port(s). you will find that your browsing works but are not able to send mail with any app from your machine. I think Norton's site may have a fix to remedy this?
EvoShandor posted Wed, 16 October 2002 at 3:34 PM
it is my understanding that virii can infect almost any type of file extension. just fyi. I also have heard that bugbear is the latest and greatest as far as the nasties are concerned. I think it disables/corrupts Norton.
MeInOhio posted Wed, 16 October 2002 at 3:49 PM
I'm not sure if there was a virus in a letter I got, but I think there might have been. When I got the letter, I deleted it as soon as I saw it, because I thought it was junk mail. I didn't even notice there was an attachment. The subject of the letter = junk mail to me. Later I noticed that ZoneAlarm had a MailSafe alert. I never noticed that before. I investigated. It seems that the letter had a link on it that called an exe file. Zone Alarm Pro renamed the file to .com. Not sure if it's possible, but it sounds as if that executable file would have executed if I had opened the letter and clicked on that link. Sneaky!
_dodger posted Wed, 16 October 2002 at 4:06 PM
Virii can infect any type of file. Extensions are meaningless except to Windows. however those same extensions tell windows whether or not to let the file be executable. Theoretically a virus could take over a JPEG, for instance, but you would have to set the extension to .exe or .pif to make it run, and if it doesn't run it doesn't do anything. On linux, the equivalent would be setting the user permission to 1, 3, or 7, on MacOS9, by setting the CRTR in the Resource Fork to APPL. There is another type of windows virus, called a Macrovirus, which takes advantage of security holes in Word/Office macros. You could make a Java class virus, but it wouldn't do anything because Java classes don't get access to anything except processor time. Anything else that executes code (reading an OBJect file or a PP2 or CR2, etc doesn't count as executing code even though it looks like code) could activate viral activity. The worst, though, infect the boot sector of the hard drive itself and execute instructions at the BIOS level, below Windows' control -- these can also infect other machines with the same basic architecture (ie, Intel/AMD boot sector virii can infect both Windows and Intel-built Linux boxes). but they still have to get there somehow -- something has to write them to the boot sector in the first place, which has to be executable in some way. One thing to watch out for though -- most plugins DO execute code. So that free filter for Photoshop or 3DSMax primitive generator you found, for instance, should definitely be scanned if you do not know and trust the source. And at this point this is actually vaguely on-topic because it's educational to Poser (and other) users and a virus infection can prevent Poser from working, after all -- and EvoShandor does not need to panic that a FreeStuff download would be a threat (malicious ZIP files are ones that do things like overwrite :Runtime:Libraries:ZygotePeople:Stephanie.cr2 with a blank file, and can be avoided by unzipping somewhere besides directly into the target folder and placing things manually) unless that FreeStuff download is an executable file. (And presumably, one you purchase on 'rosity has already been screened).
_dodger posted Wed, 16 October 2002 at 4:17 PM
Hmm. .com would execute, too, at DOS level. But not from a URL. That's not good. However, unless you've set your security to virtually nil (which you have to know how to do, and generally if you do, you don't), IE and Netscrape will both ask you if you want to save the file to disk or execute it before just running it.
MeInOhio posted Wed, 16 October 2002 at 6:31 PM
Actually, I was mistaken about the renaming to .com. They renamed it to something like zp9
Taura Noxx posted Wed, 16 October 2002 at 8:56 PM
I have been recieving quite a few viruses in emails of late. They are all disguised as either freebies, or something like. "I couldn't get this to work can you take a look at it for me". There was one disguised as a email deamon failure notice. I have my email scanned as it comes in, I just delete them. Its very annoying, the viruses are usually that bugbear or win32klez or something like that. It looks like they try to make it look like official mail to get you to open it, so be careful!
Charlie_Tuna posted Thu, 17 October 2002 at 12:30 AM
DON'T fool around with this 'bugbear' it is one nasty pice of work http://securityresponse.symantec.com/ has quite a sizable section on the beastly thing
Why shouldn't speech be free? Very little of it is worth anything.