Matrix Games Forums

Forums  Register  Login  Photo Gallery  Member List  Search  Calendars  FAQ 

My Profile  Inbox  Address Book  My Subscription  My Forums  Log Out

New Virus: "Please review those files..."

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Current Games From Matrix.] >> [World War II] >> Steel Panthers World At War & Mega Campaigns >> New Virus: "Please review those files..." Page: [1]
Login
Message << Older Topic   Newer Topic >>
New Virus: "Please review those files..." - 7/25/2001 4:23:00 AM   
sinner

 

Posts: 174
Joined: 5/7/2001
From: North Carolina
Status: offline
To Wild Bill and all: This is serious. No kidding, no fun things here. If you get a message from that one that you know (or maybe that you do not know), with an attached file asking to you to review it: What you are getting is a virus! Never open those files, and, if you use Outlook Express as a mail reader, you are probably already infected just by receiving. This happens because of the "auto-preview" feature in Outlook Express. This is the virus SirCam. The email message can appear as follows: Subject: [filename (random)] Body: Hi! How are you? I send you this file in order to have your advice or I hope you can help me with this file that I send or I hope you like the file that I sendo you or This is the file with the information that you ask for See you later. Thanks --- the same message may be received in Spanish --- Hola como estas ? Te mando este archivo para que me des tu punto de vista or Espero me puedas ayudar con el archivo que te mando or Espero te guste este archivo que te mando or Este es el archivo con la información que me pediste Nos vemos pronto, gracias. It hides itself in several places, like renaming needed DLL files from your System folder, inside your "Recycled" folder, it sends (and deletes!!!) any kind of file that you can have inside your "My Documents" folder... To send e-mails it uses a mail client built inside the virus so you cannot see in your Outlook that someone has been sending unauthorised messages. Please, check for the newest anti-virus releases, specifically ones that can fight "SirCam virus". The message with the virus cames, at least, in English and / or Spanish. I recomend that first you get an update for your anti-virus, then send a polite mail message to the people that "send you" the files (it was the virus) and tell them that they are infected with SirCam and, if possible, avoid using Outlook Express. Try other e-mail systems: Eudora, Netscape Messenger... Try, for example http://www.mcaffee.com/ and check for their Alert: http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360 Of course, this virus was all inoffensive against my "Atlantic Wall" called Linux. But I have gotten so far around a dozen of those e-mails. :(

_____________________________

Sinner from the Prairy<br />"Thalassa! Thalassa!"
Post #: 1
- 7/25/2001 6:23:00 AM   
Wild Bill

 

Posts: 6821
Joined: 4/7/2000
From: Smyrna, Ga, 30080
Status: offline
I've just checked using the procedures outlined at McAfee plus checked the \Recycled folder. It appears my machine is okay. Thanks for the warning though. I'm on it. Wild Bill

_____________________________


In Arduis Fidelis
Wild Bill Wilder
Independent Game Consultant

(in reply to sinner)
Post #: 2
- 7/25/2001 7:01:00 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
I received the e-mail with attachment per above from a SP forum member, whose machine is pretty obviously infected. I did not open the attachment file, I never do unless I am absolutely certain the person in question is sending me a legitimate file. I use the Kapersky AVP anti-virus service, as do several other forum members. Daily updates are part of the service, I d/l these and sweep on a daily basis which I did today. From everything I can tell my system is clean. The SirCam virus is covered in depth in an article at the AVP website, it is free, you don't need to be a subscriber: http://www.avp.ch/ Check all of the places SirCam might be on your system and take the necessary steps if it is necessary. A download to remove SirCam files is available at AVP, at the end of the article. Whew. That was a close one. Bill - does the person know his system is sending the infected files?? Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to sinner)
Post #: 3
- 7/25/2001 7:42:00 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
Bump - Because this is important. And, a member's machine is infected and will be sending out infected files. Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to sinner)
Post #: 4
- 7/25/2001 8:48:00 AM   
chanman

 

Posts: 84
Joined: 1/4/2001
From: Westminster, Colorado, U.S.A.
Status: offline
[copied from another thread as this one is more on point] In this day of many people trying to impress their friends by taking down websites and writing viruses, a little paranoia is a good thing. Check the mail program you use for the option to hide filename extensions. Turn it off. Check for unknown extensions, if you see them, delete the message. Running an executable sent to you via email is risky behavior. As another poster pointed out, he received a xxx.doc.vbs file, which is an executable file and probably a virus. A personal firewall did the job for him, and for the rest of you Win9X, WinNT, WinME users out there that is probably a good idea. I would go further and make sure that while you are messing around in cyberspace that any network cables to the rest of your home networks be disconnected. This is called an airwall and is one of the best ways to isolate an infection or assault if you happen to fall victim to one. In the case of Matrix, I strongly urge that your webserver have an airwall between it and the rest of the company jewells. Transfer data from the development machines to the download servers using some removeable media such as a zip disk or cd/rw. Network connectivity is nice, but can burn you if your site gets compromised. These days, sizeable removable media is cheap and readily available. For the rest of us, one final comment. I use an older pc to browse the net when I am at home. I sanitize it regularly and never connect it to my home network until it has been cleaned, and never when I am online. If that machine becomes infected, I scrape the operating system off and start over. I only use Win98 on that machine as I haven't located a DSL driver for linux. Linux is actually a better solution for a browsing machine as it is immune to most of the attacks and email viruses roaming the ether. Note that linux is not really a "consumer" operating system, but based on the level of comments I have seen on the matrix boards, I would say that many of you are "geeky" enough to tackle the learning curve. If any of you try linux and get stuck, send me email and I will attempt to help you. Hope these comments prove useful to someone. Chanman

_____________________________

"As God is my witness, I thought that turkeys could fly"

(in reply to sinner)
Post #: 5
- 7/25/2001 9:23:00 AM   
sinner

 

Posts: 174
Joined: 5/7/2001
From: North Carolina
Status: offline
As Chanman says, the "airwall" method is good to keep vital Matrix info out of the "bad hackers" way. For any computer connected from internet having "MS-Internet Information Server" (or "MS-IIS" ) installed, there's a big chance that can be controlled from the internet, gained "Administrator" status and act like that on any computerattached to it. In fact, for any computer connected to internet, the average time before someone tries to control it, is 45 minutes. So, if you are connected 45 minutes or more, have for sure that someone has tried to enter in your computer. There are not really secure "operative systems" or "servers". There are only security methods to follow. No guarantee, though. Even Linux can be insecure if poorly managed. Even Windows 98 can be pretty well shielded if managed with extremely care. Yes, you can have a Tiger immobilized out in the open in Normandy '44 or you can have green recruits in a bunker with rough terrain, with all kind of mines, obstacles, HMG support and all that around. If you decide to go for Linux, I can help. I have plenty of experience in setting up Linux and playing Steel Panthers on Linux. You all have played Steel Panthers: a King Tiger can blow up. And a green italian infantry can be very lucky. I'm an IT professional. And I urge you to install an antivirus in your machine. Update it weekly, daily if you have a fast connection. Then, install a "firewall" software: single machines connected only by Modem are known to be "compromissed" (euphemism for "hacked"). "ZoneAlarm" is a pretty good firewall... and you can get the basic version for free from internet http://zonealarm.com Check the security of your machine with online tools like the "Shields Up" from http://grc.com/default.htm (scroll down for the "Shields Up" section.) You will be surprised. Remember that DOC, XLS, PPT, HTML documents can have executable code built-in. So they can hide a virus. Remember that "previewing" a document, means that the mail prorgam is executing the code in the document, so you can be infected. The same goes with WinZip programs and "files preview". Files ending in JS, VBS, VBA, WSH, EXE, BAT, COM, BIN are executables. So treat them as a ticking bomb! Please, check that you have turned on the feature "Ask before running VBA macros" . Make sure you have turned off "use Java and JavaScript in mail and newsgroups". In case you get a suspicious e-mail, do not open it. What will you do in SPWaW with a suspected enemy location? Exactly, area fire ('Z' key). In computers, "area fire" works like this: Delete the mail, empty the recycle bin, check your anti-virus, and ask to the sender "did you sent me something?". If they did send it without telling you or without you requesting it in the first place, tell them about what a bad idea this is, and ask for a new e-mail :D

_____________________________

Sinner from the Prairy<br />"Thalassa! Thalassa!"

(in reply to sinner)
Post #: 6
- 7/25/2001 9:36:00 AM   
bchapman


Posts: 302
Joined: 3/30/2000
From: Oklahoma
Status: offline
Bing, Did you notifiy the forum member that his machine was infected and that he was sending out infected emails? I know I would want to know if it were me. :eek:

_____________________________

"A government big enough to give you everything you want is a government big enough to take from you everything you have."<br />- Gerald Ford

(in reply to sinner)
Post #: 7
- 7/25/2001 10:16:00 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
quote:

Originally posted by bchapman: Bing, Did you notifiy the forum member that his machine was infected and that he was sending out infected emails? I know I would want to know if it were me. :eek:
We're working on it. I expect that by this time he knows about it, he is a regular. Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to sinner)
Post #: 8
- 7/25/2001 9:33:00 PM   
sinner

 

Posts: 174
Joined: 5/7/2001
From: North Carolina
Status: offline
Bing, unless his hard-disk gets wipped out, the person will not know that the virus in in his system. The virus does not use Outlook to send the messages, so you don't really know. Please, tell him about it. Sometimes you believe that your antivirus protects you... even when you are infected.

_____________________________

Sinner from the Prairy<br />"Thalassa! Thalassa!"

(in reply to sinner)
Post #: 9
- 7/25/2001 11:11:00 PM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
quote:

Originally posted by Sinner from the Prairy: Bing, unless his hard-disk gets wipped out, the person will not know that the virus in in his system. The virus does not use Outlook to send the messages, so you don't really know. Please, tell him about it. Sometimes you believe that your antivirus protects you... even when you are infected.
Look elsewhere on the message forum. You will see a message from the person. He certainly DOES know about it. Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to sinner)
Post #: 10
- 7/26/2001 4:50:00 AM   
Bing

 

Posts: 1366
Joined: 5/20/2000
From: Gaylord, MI, USA
Status: offline
In the event the forum members are not taking the SirCam virus seriously - or have not given much attention to it, take a look at the news story at the following URL - http://news.cnet.com/news/0-1006.html?tag=tab - regarding compromised FBI internal files. This is indeed serious business. Bing

_____________________________

"For Those That Fought For It, Freedom Has a Taste And A Meaning The Protected Will Never Know. " -
From the 101st Airborne Division Association Website

(in reply to sinner)
Post #: 11
Page:   [1]
All Forums >> [Current Games From Matrix.] >> [World War II] >> Steel Panthers World At War & Mega Campaigns >> New Virus: "Please review those files..." Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.770