i just recieved an email about snowwhite and attatched is ‘sexy_virgin.scr’ immediately i thought it was a virus, but i want to be sure. Does anyone know what an SCR extension means?
SCReen saver
And since screen savers are just programs with a different extension, it can still do bad hoodoo to your system. Only install it if you trust the source.
Just don’t. It’s probably a variation of a Hybris worm - I got a similar email a few days ago. Check here for more info - there’s a list of text messages at the bottom of the page that are included in the e-mail.
-mdf
.scr is often a screen saver, but in this case it’s masking a scripted file; aka, a virus.
Here’s the write up from SARC(W95.Hybris.gen) and McAfee(W32/Hybris.gen@MM).
The snowwhite virus has been around since last September.
Jim
I’m not clear here. Is it an .src or an .scr? A .src file is a source code file, like a C++ source code file. But if someone emailed this to you and you’re not an advanced programmer type person, that probably isn’t it.
My money’s on the virus script. Chas, the title is probably a typo. Raw, the safest thing is to delete it and then tell the person who sent it to you their computer might be infected with a virus. Read the link JimB provided.
To clarify a few points.[ul][li]I agree with Derleth that the title is a typo, since the body of the OP calls out the file name ‘sexy_virgin.scr’.[]Sexy_virgin.scr is one of the several attachment file names that go with the Snowwhite virus, actually a worm, I think.[]the .SCR extension is for screen saver files. Open Windows Explorer click View > Options choose File Types tab. Scroll down till you find Screen Saver on the list. You’ll see the extension is SCR []And like SmackFu said, they are executable programs just like .EXE files.[]It isn’t a script file. If you open it in notepad you’ll see executable code, not a script, which is readable text.[/ul]Having screen savers files being executable, instead of a type of script file that could be controlled, is just another favor done for us by MS, so that they aren’t limiting our enjoyment as we watch screen savers destroy our system.[/li]
Jim
Doesn’t it seem that every new feature Microsoft provides makes it easier for virus writers?
Why doesn’t MS ever consider this possibility?
That might not be so easy. In the version I received months ago, the header suggested it came from hahaha@sexyfun.net, but according to that site, they are the innocent victims of someone else’s attack. Their address was probably spoofed by a malicious third party.
All operating systems are vulnerable to trojans (a virus is a specific type of trojan horse). The reason that we all hear about susceptibility of new features in MS products is because that is the OS/browser/productivity suite 90% of the world uses. There are most likely similar vulnerabilities in Linux and MacOS but the smaller number of users does three things:
- It reduces the chances that the trojan programmers are even familiar with these systems,
- It reduces the number of potential victims (who wants to write a worm that only attacks one user?)
- Hi, Opal! (1st time I’ve ever done that!)
- Reduces the likelyhood that the rest of us will even hear about it. What are the chances that Dan Rather will report about a virus that only affects Mac users in Nepal?
That’s not entirely accurate. “hahaha@sexyfun.net” is part of the virus itself; no matter where it comes from, the virus will create that address which is completely fake. The sexyfun.net domain didn’t even exist until somebody registered it as a public service message. From what I can tell, it’s possible to look through the headers and find out from which ISP the email came from, but not the exact person.
J.E.T.
It is possible to LOOK at the header of an email message, but there is no guarantee that what it says is correct. Someone who wants to cover their tracks is sure to supply bogus info; this is called “spoofing.”
This is a legacy from the early days of the Internet when security was not high on the priority list but exchange of info was.