will they never learn? 1

[VBmim]

Hello all...

I work for a small company as internal helpdesk (in fact, I work as all-around informatics). Today in the mail was the billionth what-should-I-do mail about a virus known as jdbgmgr... (sigh). This mail in particular started in america (we're in Belgium) by a guy who stated that is WAS a hoax, and mails about it should be ignored.
Somehow the people didn't grasp it...

Will we be ever rid of hoaxes? (in particular this one)

Greetz

Mim

 

[jtb]

The short answer is no.

JTB
Have Certs, Will Travel
"A knight without armour in a [cyber] land."

 

[dyarwood]

They long answer is no they won't

 

[pmonett]

But it is still frustrating.
Today alone, I recieved no less than 4 emails from people I never knew and have no idea how they got my email address.
All four mails had a virus attached of the most obvious kind (you know, info.txt.exe or yourfile.pdf.pif)

And I am not talking about spam, I am talking corporate email users in other companies (yes, I replied and told them that their are infected - no answer yet).

I know how spammers get my email address, but corporate users ?!?

Pascal.

 

[algraff]

My boss forwarded a hoax warning to me as well as everyone else in the building. I replied to let her know that it was a hoax and got my rear end ripped for telling her. Sigh...some days you just can't win.

algraff :

http://www.bv.k12.oh.us

http://www.stanleysauctions.com

http://www.srpdc.org

 

[Onyxpurr]

Wow algraff, that was completely uncalled for on you're bosses part.

Unfortunately, no these aren't going to go away, even my professor was talking about this problem he had with a large company who's overseas operation kept doing this to the local company.

What he did? All they could do was make recommendations to the overseas IT to get their act together and they're virus protection system

 

[manarth]

Rather than completely blocking infected emails, sometimes it's useful to let them through. Delete the infected attachment, insert the text "This email contained a virus. The attachment has been deleted. If you have any questions about this email, contact xxxxxxx. Do not send any response to the sender of this email - the sender's address may be forged."

Hopefully, by showing your users examples of infected emails, they'll start recognising the ones that slip through, and behave appropriately.

This should be coupled with an occassional email stating that the virus scanner is not infallible, and occassionally viruses will get through - and that the user should be vigilant.

If you have a reasonably anti-spam client, you could do similar things with spam: for example, you could set the subject line to start "SPAM: "


algraff - keep at it: your boss was out of line and undermining the security of the network. I've worked with plenty of computer illiterati, but your boss's behaviour has got ***hole written all over it.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[TonyJollans]

Personally I'm sick of them, but I agree with others that we won't get rid of hoax emails which are, themselves, a form of virus.

I have complained about them being circulated by bosses and other departments and I have usually been told that yes, of course they know that, but it doesn't do any harm to keep on making people aware of the virus issue. No, they will never learn.

Enjoy,
Tony

------------------------------------------------------------------------------------------------------
We want to help you; help us to do it by reading FAQ222-2244 before you ask a question.

 

[DrJavaJoe]

Well how about that Badtimes virus alert, that thing surely had you scared.

http://www.c4vct.com/kym/humor/badtimes.htm

&quot;Two strings walk into a bar. The first string says to the bartender: 'Bartender, I'll have a beer. u.5n$x5t?*&4ru!2[sACC~ErJ'. The second string says: 'Pardon my friend, he isn't NULL terminated'.&quot;

 

[lionelhill]

I'm personally tired of trying to explain to people that viruses forge the sender address. I mean, every self-respecting virus does that nowadays. So I'm sick to death of endless mails from people telling me I sent them a virus when I did no such thing. Usually they're automated mails from someone's mail-system. Frankly that's worse than mails from misguided individuals: people who run mail systems should understand how viruses spoof. It doesn't help one jot if every virus triggers a cascade of warnings sent to harmless bystanders - it's that, as much as the original virus, that brings the internet to a standstill.

So please, any one out there reading this, Please, Please stop sending me things telling me I sent you a virus. I didn't. Honest!

 

[ecobb]

manarth, the whole &quot;Delete the virus with a notification message&quot; approach doesn't work. At least in my case it didn't...it tried it. When the end user sees the word &quot;virus&quot;, they freak...regardless of what the message says. Most of my users go nuts every time they get one of the &quot;Virus detected and removed, it is now safe to open this email&quot; messages. They insist on coming and telling me the whole story about &quot;I got an email from someone I don't know...It has a Virus!!...blah, blah, blah...&quot; And of course they're not going to leave me alone until I follow them back to their office so they can show it to me and I can completely check out their PC to make sure it's ok.



Hope This Helps!

Ecobb

&quot;My work is a game, a very serious game.&quot; - M.C. Escher

 

[algraff]

I agree with Ecobb regarding delete with a notice. It doesn't work. Our Internet provider routinely replaces suspect attachments with a text file explaining the problem, but doesn't change the headers or body of the message...so unless you look at the name of the attachment...it looks like a virus. I frequently get calls from folks that think they've received the latest version of one virus or another.

algraff :

http://www.bv.k12.oh.us

http://www.stanleysauctions.com

http://www.srpdc.org

 

[jtb]

For the really clueless users, you can build a desktop icon that kicks off a virus scan or something... you know, sort of like a placebo... maybe even script it to email the results to you?

&quot;Oh? You got that message? Well, double click on the 'NipItInTheBud!' icon... yes, the one with the Barney Fife image...&quot;

That way you can be sure they're running it and they see something tangible instead of dragging you away from &quot;real work&quot;...

JTB
Have Certs, Will Travel
&quot;A knight without armour in a [cyber] land.&quot;

 

[pmonett]

I just found a rather frightning article concerning our worries :

http://www.securityfocus.com/columnists/221

Pascal.

 

[VBmim]

Hello all

Thanks for your responses... I know I am not alone in this situation...

I agree that the &quot;Delete the virus with a notification message&quot;-method can help with some users, but the panicky ones would call me (and did!) in this situation ('U:Would you please come take a look at a strange mail I recieved' Me:'What kind of strange mail?' U:'I don't know, but you HAVE to take a look'....)

Today we recieved another spam-like mail. It's the first time I have seen something like this. Here's the mail


Ladies and Gentlemen,
Downloading of Movies, MP3s and Software is illegal and punishable by law.

We hereby inform you that your computer was scanned under the IP 61.236.16.135 . The
contents of your computer were confiscated as an evidence, and you will be indicated.
In the next days you will receive the charge in writing.
In the Reference code: #34143, are all files, that we found on your computer.

The sender address of this mail was masked, to protect us against mail bombs.


- You get more detailed information by the Federal Bureau of Investigation -FBI-
- Department for &quot;Illegal Internet Downloads&quot;, Room 7350
- 935 Pennsylvania Avenue
- Washington, DC 20535, USA
- (202) 324-3000



Of course the ip-adress mentionned is not ours (it doesn't even respond to a 'ping'). Lucky enough, this mail was send to our main e-mail adress, which is read by me or my boss. I cannot imagine the fright a clueless user would have had if he/she had received this email, honestly believing that the FBI is investigating on them...

Greetz

Mim

 

[TheVampire]

Yet another reason to whitelist all mail. On my system, if the incoming mail doesn't have a special password in the subject line, it gets deleted automatically.

Robert

 

[VBmim]

hmmm...

It isn't a solution for a company receiving a lot of extern mail, for example from customers. How will they know what password they have to use when they just mail a question to info@ourcompany.be?

 

[flapeyre]

Vbmim:

The FBI scam is covered here:

http://www.snopes.com/inboxer/hoaxes/download.asp

&quot;When once you have tasted flight, you will forever walk the Earth with your eyes turned skyward, for here you have been, and there you will always long to return.&quot;

--Leonardo da Vinci

 

[JillofAllTrades]

jtb - at NipItInTheBud! Can I buy that from you? I have one user who routinely panics when he sees an attachment from an unknown user and will invariably unplug his network cable and run to my office. I do appreciate his vigilance, but it is hard not to LOL.

I have asked all of my users to tell me when they get those hoax emails instead of passing them around. And if I determine that they are valid warnings, then I will forward it on to everyone. I have never had to forward one on yet. Instead, I end up replying to the submitter with a link to the snopes story about it.

 

[jtb]

TKSAdmin, thanks for "getting it"...

Supporting clueless people can be painful or pleasurable, it's our choice!!

JTB
Have Certs, Will Travel
&quot;A knight without armour in a [cyber] land.&quot;