[Date Prev][Date Next] [Chronological] [Thread] [Top]

(erielack) Re: Viruses - Any virus protection for Linux?

George: Good suggestions! For most of my normal email
I use a Yahoo account (it's free). This is also the
account I use when ordering anything over the
Internet.

My private email address is the email account from my
web site and I use an old version of Eudora to get
email. I have given it out to only a few friends. Even
so, I get about one of those 'Klez' viruses a week
from addresses I don't know.

I recently set up one of my home computers for dual
boot to Win98 or Linux. Does anyone know a good way to
set up virus protection on a Linux box?

Bob Mitchell
ELHS 899



- --- gelwood <gelwood_@_dnaco.net> wrote:
> I received the following message from a friend who
> is also in computer
> security. I am passing it along as food for thought.
> 
> Another point - remember, the bad guys are also
> trying to get into your
> computer to get personnel information. Even though 
> you use a dialup, your
> system can still be and probably is being probed.
> One of the people in our
> office runs a personnel firewall and receives 3-5
> probe alerts DAILY form
> source in Asia (China, Korea, Singapore). If the bad
> guys get access to
> your computer, they will be looking for SSN and
> other personnel data.
> 
> --- Bill's message --
> 
> DON'T GET KLEZED
>
- -------------------------------------------------------------------
> 
> I don't know about you, but I'm getting Klezed on an
> hourly basis. In
> fact, after a huge drop-off of email worms and
> viruses for several
> months, I'm suddenly being inundated by email
> messages containing
> malicious W32.Klez attachments again. So much so
> that I'm beginning to
> feel like it's only a matter of time before one of
> them gets me.
> 
> Perhaps the worst offender is a message I've
> received repeatedly whose
> subject line reads: "W32.Klez.E removal tools." That
> subject couldn't
> be further from the truth; if you open this
> attachment, you're
> unleashing the W32.Klez.gen_@_mm virus on your PC. The
> subjects of
> similar messages say "Worm Klez.E immunity" and
> "W32.Elkern removal
> tools." Other notable message subjects containing
> virtual bombs include
> "Look my pretty girlfriend" (sic), "A special powful
> tool" (sic), "A
> WinXP patch," and "IE 6.0 Patch." It seems clear
> that you don't need to
> be great with the English language to send out Klez.
> And also that you
> think you have a sense of humor. I even got one that
> read: "Hello,
> scot,eager to see you." Yeah, right.
> 
> By and large, my antivirus program (I'm currently
> using Norton
> AntiVirus 2002 -- because of something I'm testing
> -- even though I
> recommended against it) is keeping up with the Klez
> barrage. But I have
> found some messages that Norton missed with
> suspicious attachments
> (like Setup.exe) from people I didn't know. That's
> why I say it's only
> a matter of time.
> 
> There are things you can do to prevent disaster on
> your PC in these
> strange times. The most important ones are at the
> top:
> 
> 1. Buy, install, and regularly update (at least
> weekly) a top-notch
> antivirus program. I like the products from Trend
> Micro, Norton, and
> Panda. Be sure to renew your annual subscription to
> the antivirus
> updates. That's money well spent.
> 
> 2. Outlook and Outlook Express users, you must
> install all the security
> patches for your version of Windows, Office, and
> Internet Explorer.
> Windows Update handles Windows and Internet
> Explorer. Outlook users in
> particular need to visit the Office Product Updates
> site as well.
> 
> Windows Update:
> http://windowsupdate.microsoft.com/
> 
> Office Product Updates:
> http://office.microsoft.com/productupdates
> 
> While you're at it, stay up to date on all things
> Office-related with
> Jim Powell's The Office Letter newsletter:
> http://www.officeletter.com/
> 
> 3. Never, ever open an attachment in an email
> message from someone you
> don't know. All sorts of file types can run
> automatically when you
> click them -- not just .EXE and .SCR files. Start
> out by assuming any
> file attachment is a program, not a file. And it's
> sad to say, but
> you're also better off assume it's a malicious file.
> 
> 4. Never open an attachment from someone you do know
> if anything about
> the message or the attachment is surprising or out
> of context. If you
> have even the slightest doubt, don't open the
> attachment. Contact the
> sender, and ask him or her to verify that the
> attachment was sent
> intentionally.
> 
> 5. Avoid opening messages whose topics sound too
> good to be true, like
> someone posing as someone you know or like Spam.
> Most malicious code
> borne by email requires you to click it. But there
> are some variants
> that begin to work on your PC as soon as you open
> the message. The most
> likely type of email to do that would be HTML or
> other graphical or
> animated mail, but there are no guarantees. And
> using a mail preview
> window is no protection either. In fact, with some
> email programs, a
> preview window may unleash the bad stuff without
> notice.
> 
> 6. If you use Outlook or Outlook Express, your
> address book is
> frequently targeted by email worm and virus creators
> who use your
> address book to proliferate their destructive seeds.
> Even if you have
> one of these programs installed but don't use it, it
> can still be
> harnessed to send out viruses without your
> knowledge, so long as you
> have email addresses in the address book. Your first
> line of defense is
> to add your own email address as a contact in your
> Microsoft address
> book. If the virus triggered a virus message from
> your PC, you would in
> all likelihood receive a copy of the message sent to
> others. Hopefully,
> that would alert you to the problem.
> 
> 7. A variation on the same idea is a tip supplied by
> SFNL readers Rasa
> Petrovic and also Charlie and Jan Knutsen. I've
> tested it, and the tip
> works, though it makes assumptions about how email
> worms or viruses
> send email to replicate themselves. It's not going
> to work with all
> malicious code; it's not a panacea; but for Outlook
> and Outlook Express
> users, it's worth doing.
> 
> Open your email address book and add a New Contact.
> In the first name
> field type *000 (that's an asterisk followed by 3
> zeros). Two zeros,
> four zeros, !000, or others -- so long as the new
> entry appears at the
> very top of your address book. (Varying this name is
> preferable because
> if everyone uses the same contact name, virus
> writers may wise up and
> delete a specific entry.)
> 
> In the box where you would enter the email address,
> type XXX_WormAlert,
> replacing XXX with your own first name. Click Add,
> and click OK when
> the address book wonders whether you really want to
> add an invalid
> email address. Close your address book, and your
> done.
> 
> How it's supposed to work: When a virus attempts to
> send out one
> message to all the recipients on your contact list,
> your email program
> will halt the sending of the message because the
> first (lowest
> alphabetical) address is invalid. No messages will
> go out at all, and a
> dialog box will open showing you that XXX_WormAlert
> is the address with
> the problem. If you ever see that error message, you
> know 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com

------------------------------