As many of you know, the Straight Dope Message Board today revoked the posting privileges of the (now former) member known as Jack Dean Tyler.

A few minutes ago, the message board staff received an email from an address associated with that former member which we believe contained a virus of some sort.

We’re still trying to sort things out to figure out exactly what is going on, but for now, please exercise caution in opening emails from sources not familiar to you. As we are able to share more, we will update you.

Please bump this thread from time to time to keep it near the top of the page until we can get the "announcement" function working for us. Thank you.

Can you say something about the nature of the virus? Is it an attachment with an .exe, .vb, .doc or other known extension which you would normally exercise caution about opening anyway? Or is it sneakier?

If EVER you receive an email from an unfamiliar source, treat it like it has a virus, that's just good sense in today's inter-connected world!

*nudge*

I’m sorry, I just don’t know the answer to that, yabob. I’m not even sure it was a virus. All I know is that it set both ActiveX and Norton Anti-virus off. It message I got from my Norton was "The virus WScript.KakWorm was detected in an Internet transmission using the BINARY protocol." And that ActiveX said ""An ActiveX control on this page is unsafe."

We’ll let you know more when/if we’re able.

Aside from viruses, while we're on the discussion of e-mail perils.
I can feel fairly smug that I'm running linux, and therefore fairly immune to the usual slew of viruses. However, when using HTML parsing browsers, you can still give away information you may not want to provide. An e-mail can contain cookies, evil javascript, or even applets with stuff like Brown Orifice built in (Netscape 4.72 java security hole).
I use a cookie filter (JunkBuster) as well as turning off java and javascript in my mail client.
This still leaves the possibility of associating an IP address with my e-mail address through the use of 1x1 invisible gifs.
Ah well, use Pine for suspicious e-mails. :)

I'm still curious exactly what was meant by "virus" though.

bump

Before someone corrects me. :)
Netscape 4.x security hole.
and by 1x1 gifs I mean <img> tags which point to a CGI (web bug).

Hm. actual content in here while I'm bumping the thread...
Are the admins planning on nailing this guy?
Me I'd reply to the address (if it is a valid one) and insert one of the aforementioned security compromisers in an e-mail just to get more information (a legal security compromiser, a cookie or web bug). Hey manhattan, give me an e-mail address and I'll start the hunt. :)

AAAAAhhhhhhhhhhhhh


Puffffffffffffffffff

Originally posted by Kyberneticist
Aside from viruses, while we're on the discussion of e-mail perils. I can feel fairly smug that I'm running linux, and therefore fairly immune to the usual slew of viruses.

:shrug: This week. DOS/Windows used to be immune to viruses, too. So did Palm OS. If Linux really catches on, then I can guarantee you that someone will start writing viruses for it. It's entirely possible that someone has but it hasn't spread enough to make the news or The Wild List. (I'm not Linux-bashing, just making sure that no one gets the impression that any OS is invulnerable to viruses by design.)

I'll third (fourth?) the recommendation that everyone treat all emails from unknown sources with any kind of attachments as suspicious. If your mail client contains a setting for automatically running ActiveX controls or opening attachments, then for the love of God turn it OFF.

If they caught it through Norton, Symantec's knowledge base has a pretty good info on this one, which I'm sure the SDMB techs are utilizing. For anybody else that was curious, like I was:

http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html

Another MS Outlook self-propogating scripting worm - the sender may have not even done it intentionally.

Agreed. Linux users tend to have a few advantages though:
1) We are usually fairly paranoid about binaries.
2) No linux mail software that I know of runs scripts or binaries outside of a "sandbox" (javascript or java fashion).
3a) Users in linux have traditionally very limited access, viruses can only harm their files, which are generally a small set of system files.
3b) Gaining greater access is generally more difficult, and security holes are often quickly found.
4) Sendmail is easily configured to drop files matching certain patterns.

My turn . . .

yabob: It's an attachment showing the extension ".tugahoy"

Bump...

Nudge, nudge
rhymes with fudge.
Fudge
Fudge's brother, Peter
Peter Peter, pumkin Eater
Pumpkin Pie
Thanksgiving dinner
dinner time
lunch time
breakfast
breakfast sausage
eggs
chickens
barns
cows
milk
cream
coffee
cake
chocolate
fudge
nudge, nudge

Bump

Thanks to the trusty mods, I am sure that this virus from JDT will be cut off (so to speak).

I suppose that ought to read 'allegedly sent by JDT'.

Could be someone using a fake email address of his, its very easy to do. Just input the fake address in the real address return field.

Anyway, the message should have a header full of enough info to find out where it really came from, whatever it may be.

Virus: Piece of executable code that makes and sends copies of itself. It may or may not have a payload, a destructive section of code that specifically causes problems. But even if it does not, it still ties up so much of your machine in its own self-replication as to crash it. Technically, little of what you get are viruses in this sense.

Trojan horse: A malicious piece of code disguised as something else. Most, if not all, of the malicious pieces of code you get by email are in trojan form. Trojans require special activation, meaning you can read the email and be safe as long as you do not view or execute attachments (Executable code can be hidden by giving it a name like 'foo.jpg.exe'. All you see is 'foo.jpg', making you think it's an image file.)

Worm: Made famous by Robert Morris, Jr., worms are programs which reproduce by copying themselves over and over, system to system, using up resources and sometimes slowing down the systems. They are self contained and use the networks to spread, in much the same way viruses use files to spread. Some people say the solution to viruses and worms is to just not have any files or networks. They are probably correct. We would include computers.

Logic Bomb: Code which will trigger a particular form of 'attack' when a designated condition is met. For instance, a logic bomb could delete all files on Dec. 5th. Unlike a virus, a logic bomb does not make copies of itself.

nudge...budge...fudge...etc.

Please bump this thread from time to time to keep it near the top of the page until we can get the "announcement" function working for us. Thank you.

A suggestion: Why don't you make it a 'semi-permanent fixture', the way Ed does with his messages to the Doper community?

Please ignore previous post and classify under "model blunders". Fingers typing. Head elsewhere.

Oh well, on the positive side, I did bump.

I realise I am bumping this, but people, you really can stop. There is now an announcement. Manhattan, gonna lock this?

OK. TubaDiva and Alphagene, who actually know about this stuff, have some more info. Apparently, this virus, called Wscript.KakWorm, has been going around. It exploits a hole in Outlook to run upon opening.

You can find more information about the virus here (http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html) and a patch to check for the virus and remove it if necessary here (http://www.symantec.com/avcenter/venc/data/wscript.kakworm.fix.html).

I think all that needs to be said has been said. Manny, I'll leave it to you to do the honors.

Thanks, everybody, and safe computing.

your humble TubaDiva
Admnistrator

Oh holy shit!! I open the email, right, and my freaking foreskin grows back! What in blazes is going on???

Pardon my ignorance, but what does "bump" mean?

Originally posted by barbitu8
Pardon my ignorance, but what does "bump" mean?

If a thread gets no replies it falls down the page so people "bump" the thread back to the top of the page just like this post will now do :)

To post to a topic specifically to move it up to the top of the list. So others can see it.

THAT virus was running around in a mailing list I'm on, but I couldn't find it on my computer, and nothing happened.

Good luck, oh Wise and Wonderful mods. Go get that little foreskinned creep.

bump

:oooOOOOffff!:
::Push, push!::
::grunt::
:get BACK to the top!:

grrrrrrrrr... nudge

1st priority : *BUMP*

Without getting into a 97-reply flame-o-rama and argument, can someone tell me exactly why he was banned? I read the threads, and yeah, he's a wacko, but banned? Whatever happened to ignoring the idiots?

I've heard somewhere about a certain "jerk" rule ;)

He was a jerk and a half so he was banned (well that's my reading of it anyway)

Grind.

<Little Drummer Boy Music>BA-RUMPA-BUMP_BUMP</Little Drummer Boy Music> :)

Please delete the contents of your C drive. Thank you.

I completely ignored JDT until the Pit thread by my ol' buddy Falcon here. Kinda suspicious that an email with a virus from the same ISP should show up shortly after his banning, eh?

Shame he's got nothing better to do with his time.

Robin

Thanks for keeping this up top, folks. I think I can close it now. But...

[hill street]Let's be careful out there[/hill street]