RE: Completely off topic

From: Roger Burton West
Sent: 13 April 2002 09:07
Subject: Re: Completely off topic

> When it was realised that [sulfnbk.exe was a hoax], a real virus
> was written to take advantage of the fact, but this is extremely
> rare (I've never seen it in the field).

I obtained my "zoo" copy of Magistr-A from an infected sulfnbk.exe
file. I've also removed one of the Magistr variants from a co-
worker's (Randall, place that last hyphen where you will) system
after it arrived by the same means. I think this method of
propagation may have enjoyed more success in continental Europe;
I hadn't seen a real case of the hoax until now.

======== Background You Can Skip Unless You're Worried ========

W32/Magistr is a combined e-mail worm and program file infector;
it can spread between program files on your computer, and will also
ransack your address book and send copies of itself (possibly
along with other files) by e-mail to people you have corresponded
with.

For a more in-depth description, see:
 http://vil.nai.com/vil/content/v_99040.htm
(NAI are Network Associates, aka the corporate face of McAfee)

If someone sends you an attached file you weren't expecting, be
extremely cautious. If they send you an executable file (.COM,
.EXE and .VBS are the most frequent carriers) then don't touch
them without the benefit of an up-to-date anti-virus program.

Going back to Glen's original inclusion, there are two or three
distinctive phrases that scream hoax:

1. Name dropping
>>> "This virus is not detectable by McAfee or Norton"

2. Gratuitous use of capitals and multiple exclamation marks
>>> "PLEASE READ AND THEN ACT PROMPTLY!!"

3. Requests to redistribute the message*
>>> "...send this e-mail to everyone listed in your address book."

Don't take these three rules as gospel. I've mentioned McAfee and
Glen's original message mentioned Symantec; these outfits and
others maintain alert lists for live viruses, and hoax lists to 
help you spot the fakes. Have a look around and find a source of
information you're happy with, then bookmark it for emergencies.
Beware that when there's a real electronic pandemic on, these sites
can slow right down or go off the net completely.

* cleverly qualified in this case.

====================================================================
I _like_ the WindowsXP Resource Kit Documentation. It has gravitas.
It impresses the users. It's permitted in offices where a length