I recieved this unsolicited e-mail
They want MY advice???
No intro letter???
Not very good grammer???
So what do you think???
The file is in the familiar flying windows logo box.
The cautious side of me says just trash it.
Is there a better way of getting rid of it???
I don’t think I’ll open the file
I wouldn’t and recommend you don’t either.
Abby
I got a few similar emails… I just deleted the attachment…
And yes, it is a virus… I had a friend check it out on his companies scanner… he said that his network had already blocked 100 emails that day with it…
BTW
the name on the message is Jon Doler
E-mail with this text content is sent from a system infected with the SirCam worm. You don’t want to open the attachment.
Um, it’s a virus. The SirCam virus, to be precise. Follow the instructions at the link provided to see if your computer was infected and, if so, to remove it.
Names are going to be different. I have received three of these at work from two different people, neither of whose names sound familiar.
Do not open the attachment. Delete the message as well as the attachment, and then empty the trash.
Howyadoin,
Don’t open the attachment, it’s the SirCam worm… very nasty!
see the following:
Good Luck!
I work for a computer helpdesk and people have been receiving the sir cam virus and the “code red” virus left and right. If anyone sends an email that says hi how are you! don’t open it. It’s usually some warped hackers idea of a good time virus. 
There are no viruses that you can contract just by opening a message. If you open an attachment, on the other hand…well, you’d best not, especially if you don’t know the person.
Cool sig, btw. That is House of Yes, right?
This worm has its peak a couple of weeks ago. I got ten or fifteen copies of it myself, almost all of them in Spanish. I had to go to BabelFish to translate the text into something I could understand. The attachment showed up as “payments.xls.com” or “letter.doc.exe”, so the two file extensions were supposed to throw you off and not make you realize that it’s an executable.
Something that was unique about this worm is that it wasn’t dependent on using Microsoft Outlook or Outlook Express to propagate (although it did require Windows). The executable had its own mail program built-in, so it would work with any Windows mail program. Also, it would “personalize” the attachment by actually getting a file from your disk and wrapping it with the worm. It would send itself to your Windows Address Book, which not all mail programs use, but would also scan your browser’s cache looking for e-mail addresses. I think this is how I got most of them, because I didn’t know the people sending them to me.
ultrafilter, sorry to correct you but there are viruses (viri?) you can get just by opening or even previewing your e-mail. These are only active in MS Outlook or Outlook Express. And then only when your settings are set up in a specific way (unfortunately on older versions the default). However as this is now one of the most common mail readers out there you have provided potentially very dangerous and misleading information to those who may not be aware. This is how many of the .vbs virus spread. In fact this is the primary reason to use .vbs is that these readers will automatically execute the attachment.
You sure about that, Bartman? I recall reading statements from a Symantec exec who said what you’re saying wasn’t possible yet, although it could me in the relatively near future. To my knowledge, just opening an e-mail cannot activate a virus.
While what you say isn’t inconceivable, I don’t think it’s come to pass just yet. I’m not in the mood to go searching through the virus warnings center right now, but I think I’ll take a look tomorrow.
Bartman is correct, but so is ultrafilter.
In most cases it is true that you need to open an attachment in order to spread a virus, but Microsoft Outlook used to open attachments by default. So, if you read the email in Microsoft Outlook, and you hadn’t changed your settings to disallow it, the script would run and you’d be infected.
The most famous example of this was the LoveLetter virus. Microsoft even released a patch to restrict the behaviour of Outlook vis a vis opening attachments.
Unfortunately, that isn’t the whole story. There have also been worms that have exploited vulnerabilities in email/web programs, notably BubbleBoy. Excerpt from Symantec:
Here the interconnectedness of Outlook and IE contributed to the problem- the worm could spread from a web page OR from an email, since the same program code was used in both cases.
A patch was made available to fix the bug in Outlook/IE in this case. Note that this is different from the LoveLetter case in that the patch that closed the LoveLetter vulnerability changed the designed-in behavior of Outlook, while the BubbleBoy fix fixed an unintended weakness (i.e. bug) in Outlook.
Er, I meant ultrafilter is almost correct.
I have received literally hundreds of emails containing this worm, from several different addresses, none of whom are known to me. I have a Macintosh at home, so it was only a nuisance, but since each attachment is 200k and I have only a 28.8 modem at home, it was a major nuisance.
I’ve been replying to most of these people, explaining about the virus and providing a link to Symantec’s removal tool. Now most of them have stopped.
But there’s one address, eshaw31@earthlink.net, that keeps on sending 'em. Literally dozens per day, and when I try to reply, my replies bounce with “bad address” messages.
How can I be getting email from a bad address? Is this person malicious, instead of just clueless?
Oh, and notifying the abuse department at Earthlink did nothing to stem the tide.
Thank you douglips you explained that better than I did. I am a system administrator and had to update a lot of software when loveletter came out so yes, I am quite sure.
The problem is that Miscrosoft tried to add a lot of extra functionality into the Exchange Server and Outlook reader. One of the functions they wanted was for active code to be imbeded into an e-mail. They envisioned companies like stock brokers sending their clients e-mail with current quotes. As the quote might be out of date when the client read it the broker would insert a java script or something like it. When the person opened the e-mail the java script would run and a current quote would be downloaded from the broker’s site. Of course this kind of functionality is a virus writer’s dream. It only took one person to realize how a virulant self propagating virus could be made out of this. Now any script-kiddy can get ahold of workable code and write something to exploit this. This is not the first nor certainly the last time MS has/will be burned by their lack of attention to security.
ultrafilter and Sauron I can appreciate your scepticism. I spent the past ten years debunking GoodTimes over and over again. And it is really frustrating that MS coded everything needed to make GoodTimes possible into the free mail and news reader that comes with every copy of Windows. It makes you wonder what orafice their collective heads are in.
Truth be told, I had forgotten about MS Outlook when I wrote that. There’s some evidence that Windows XP promises to put Outlook to shame in terms of security problems; look at http://grc.com/dos/winxp.htm for details.
ultrafilter is ultimately the correct one here.
Don’t talk about Bubbleboy. It was the biggest case of virus hype ever promoted (up until Code Red, of course). Bubbleboy was merely a concept virus (and one that was not even “In the Wild”) that exploited a hole that no longer exists in any current versions of Outlook. Symantec, McAfee (which sent out press releases about how dangerous the virus was at the same time their own analysis called the virus “low risk”) and the rest did a great disservice with their hysteria; the wildlists at the time never showed more than the same three people detecting it in any given month (compared to 12 for VBS_Freelink, for instance – one I’m sure you’ve never heard of).
The ultimate proof that Bubbleboy was mere hype was that no other virus has attempted to use its method to propagate. If Microsoft was still vulnerable in this way, why don’t people write code to exploit this? How much more effective would Sir Cam be if it didn’t require someone to click on the attachment? If you could send the virus automatically why did virus writers pass up the chance?
I discussed the entire issue in [url+“http://www.sans.org/infosecFAQ/malicious/bubbleboy.htm”]a paper for the SANS Institute.
BTW, as far as Loveletter is concerned, you need to click on the attachment to get it to run. It is not automatic.