"Stichting Geocaching" Spam or Virus

[+TresOkies]

Lately, I've been getting a lot of unsolicited attachments with weird file extensions. All this is lost on me, because I use a Mac. I usually just toss the the email and thank my lucky stars that virus punks usually don't mess around with Macs.

 

Tonight, however, I received an email labelled "Stichting Geocaching" with two files: one is xr.pif and the other is ikonboard.htm. The HTML file is written in German and has JavaScript in it. I haven't ran it yet.

 

Has anyone else seen this? It concerns me that they knew I was into Geocaching and may have been sending a targeted virus.

 

-E

 

--

N35°32.981 W98°34.631

[+Hawk-eye]

Nothing here ?!?!?!

 

[+GatoRx]

Nothing here either, although I did get something that seemed to be targeted to another of my interests earlier today. I had no idea who the person was, or why they'd be sending me something like that (Netscape said it was a .pdf file, but I deleted it anyway.) Is virus targeting via e-mail a big thing right now?

 

[+LarsThorwald]

You bet it is. I got two last week! Thank god for Norton!!

 

Charlie

 

"One should never begin a journey by heading in the wrong direction."

[philip36]

Didn't get anything.

Use your Norton it's safer.

[Jeremy]

It's the Klez virus. A pretty nasty one. If you have your email on a web page somewhere, you can easily get an email like this. It's on a topic you know because your email is in a place you put it. So whoever has ikonboard where they chat about geocaching is either revealing your email address somewhere, or you revealed it (like a signature file)

 

Jeremy

 

Jeremy Irish

Groundspeak - The Language of Location

[+Ranz]

I received one this morning. Norton caught it right away and it was not on the account I use for Geocaching.

 

I am pretty careful about where my email address is listed and I have not been hit through email before. Something is out there grabbing the harder addresses right now.

 

Best defense is to keep your virus detection up to date. As the doctor said to the mother who's son swallowed a dime. "This too shall pass."

 

[FullOn]

Yet another great reason to be on a Mac and not use Microsoft for email.

 

"I thought you said this was a quick find!" - My wife

[FullOn]

Yet another great reason to be on a Mac and not use Microsoft for email.

 

"I thought you said this was a quick find!" - My wife

[+Prime Suspect]

Klez can take a random document from your computer and include it as an attachment when it emails itself to people in your address book. This makes it look more legit. But it has proved embarrassing to some, as in a few cases confidential documents were sent out. Klez is a real problem right now. I had to take down one of the mailing lists I run because of it, and add some code to bounce any messages containing attachments.

 

FYI: There is also a virus going around to purports to contain a file that will clean the virus from your system. In actuality, it's just another version of the virus. If you're infected, download the cleaner from the Symantic website. Don't trust anything emailed to you.

 

[+RAD Dad]

As Leo Laport(sp) on Tech TV ALWAYS says, the answer is simple "NEVER EVER EVER OPEN ATTACHMENTS!" It doesn't matter if you have a virus scanner, you can still get a virus, because all it takes is one new virus that the scanner doesn't recognise yet, and boom. Never ever ever open attachements. (unless you are expecting one) Never send attachments either, unless you are clear about what it is in the email itself, and more than a one line "hey check out this attachment it's cool" blurb, as many virus' create a line in the email encouraging the reciever to open it. Especially avoid anything that looks like whateverfilename.mpg.vbs or whateverfilename.doc.vbs

 

ummmm....not sure what to say here....so ummm, well errrr, uhhhh, well I guess that's it.

[+MrGigabyte]

If you have to list your email address on a web site, then you should use my anti-spambot javascrtipt snippet I have shown here. Just paste this into you web page where your linked email address is to appear. Obviously, change the user and site variables to your own username and domain name.

 

When a spambot scours your page, this is what is sees, NO email address. However, from a browser view after the page is parsed, it is a normal hyperlinked email address.

 

  <SCRIPT LANGUAGE="JavaScript">user = "contact";site = "geocaching.com";document.write('<a href="mailto:' + user + '@' + site + '">');document.write(user + '@' + site + '</a>');</SCRIPT>

 

[+Prime Suspect]

quote:

---

Originally posted by RAD Dad:

As Leo Laport(sp) on Tech TV ALWAYS says, the answer is simple "NEVER EVER EVER OPEN ATTACHMENTS!"

---

That answer's probably too simple. If you were running an older, unpatched version of OutLook, it's possible to get this latest infection without opening an attachment, or even opening the mail. All it would take is for the email to appear in the Preview panel. The email (at least those I examined) was encoded to make the virus payload appear to be an audio midi file, which was to be automatically played. Viewing it in the panel is all it would take to launch the attachment. A patch for this has been available for at least a year, but I'm sure there are still a lot of vulnerable mail clients still out there.

 

[rghermes]

This can easily be avoided by turning off your preview pane in Outlook Express and deleting any mail that have wierd attachments you do not recognize. Especially if the email is from someone you do not know. I strongly suggest you get Norton Antivirus and keep the definitions up to date and you should have no problems.

 

"I am umbilically connected to the temperate zone. It's brought me life. It's brought me love, I never have outgrown"----J. Buffett

[Ridgerunner4]

We solve the attachment dilemma among our family and close friends by using a simple personal authenticator in the subject line. If they don't receive the authenticator (e.g. pet name, anniversary date, etc) in the subject line, they know the email with attachment is not from us, so they delete it (and vice versa). The biggest inconveniance is keeping track of everyone's authenticator.

 

I also disabled my .vbs association, run viruscan constantly and am generally suspicious of everyone's motives...must be my military intelligence background. (NO OXYMORON JOKES PLEASE)!!

[Ridgerunner4]

We solve the attachment dilemma among our family and close friends by using a simple personal authenticator in the subject line. If they don't receive the authenticator (e.g. pet name, anniversary date, etc) in the subject line, they know the email with attachment is not from us, so they delete it (and vice versa). The biggest inconveniance is keeping track of everyone's authenticator.

 

I also disabled my .vbs association, run viruscan constantly and am generally suspicious of everyone's motives...must be my military intelligence background. (NO OXYMORON JOKES PLEASE)!!

[+The GeoGadgets Team]

quote:

---

Originally posted by rghermes:

This can easily be avoided by turning off your preview pane in Outlook Express and deleting any mail that have wierd attachments you do not recognize. Especially if the email is from someone you do not know. I strongly suggest you get Norton Antivirus and keep the definitions up to date and you should have no problems.

---

 

Then why, though I have been diligently practicing all of the above - newest version of IE, update my Norton AV once per week, it is always on and ZoneAlarm keeps things from coming in or going out when I am not online and have the system locked - am I getting emails "returned" to me by a mailer daemon with my email address as the original sender? Now, Norton reads my emails before I do, and when my emails are d/loading it tells me that something infected is attempting to cross the threshold and would I like to quarentine, repair or delete it. I always click on delete, and yet I have been getting 15 to 20 returns or forwarded attempts per day! ARGH!

 

I've run Norton Virus Scan, with the patch to specifically check for all versions of Klez and it tells me I'm clean... and has been since this started. Is Norton missing something, or am I?

----------

Lori aka: RedwoodRed

KF6VFI

"I don't get lost, I investigate alternative destinations."

GeoGadgets Team Website

Comics, Video Games and Movie Fansite

[+Prime Suspect]

quote:

---

Originally posted by The GeoGadgets Team:

 

Then why, though I have been diligently practicing all of the above - newest version of IE, update my Norton AV once per week, it is always on and ZoneAlarm keeps things from coming in or going out when I am not online and have the system locked - am I getting emails "returned" to me by a mailer daemon with my email address as the original sender?

---

That's because the Klez virus has its own STMP mail engine, and doesn't have to rely on the mail client installed on the victim's PC. That allows Klez to spoof the email headers any way it wants to. And what it does is take a randomly selected email address from the victim's address book (or list of recently received emails), and uses it as the FROM address. Chances are that it's someone with your address in their address book that actually has the infection.

 

This is one of the reasons this virus has been able to spread. It's almost impossible to determine from the email which PC the virus email originated from, so you can't inform them of the problem.