Film-Tech Cinema Systems
Film-Tech Forum ARCHIVE


  
my profile | my password | search | faq & rules | forum home
  next oldest topic   next newest topic
» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Internet Worm Disguised As E-mail From Microsoft.

   
Author Topic: Internet Worm Disguised As E-mail From Microsoft.
Paul G. Thompson
The Weenie Man

Posts: 4718
From: Mount Vernon WA USA
Registered: Nov 2000


 - posted 05-20-2003 01:32 AM      Profile for Paul G. Thompson   Email Paul G. Thompson   Send New Private Message       Edit/Delete Post 
Please check it out.

http://www.usatoday.com/tech/news/2003-05-19-worm_x.htm

 |  IP: Logged

Joe Redifer
You need a beating today

Posts: 12859
From: Denver, Colorado
Registered: May 99


 - posted 05-20-2003 02:33 AM      Profile for Joe Redifer   Author's Homepage   Email Joe Redifer   Send New Private Message       Edit/Delete Post 
I got that e-mail this morning (seriously). I opened it, played with the .pif file, double clicked it, did everything I could (again, seriously). For the life of me I could not get the worm to work! Damn it sucks having a Mac. It's not compatible with ANYTHING! I guess if you want the latest and coolest viruses and worms, ya just gotta get Windows.

 |  IP: Logged

Daniel Fuentz
Expert Film Handler

Posts: 230
From: Fresno, CA, USA
Registered: Apr 2003


 - posted 05-20-2003 03:04 AM      Profile for Daniel Fuentz   Email Daniel Fuentz   Send New Private Message       Edit/Delete Post 
A worm got into the system at work last Thursday, I don't know if it was this worm or not. The only thing that behaved abnormally was the video server, it would just randomly go to black even though the screen said it was playing normally. (Burned me in the middle of the Caroline Rhea show - thank goodness for tape backups!) I'm told our sister station in San Francisco had big problems with their server from the same worm we had in our system. Gee, wouldn't that be fun if a worm or virus got into a DLP system!

 |  IP: Logged

Gunnar Johansson
Expert Film Handler

Posts: 181
From: Gothenburg, Sweden
Registered: Mar 2003


 - posted 05-20-2003 03:39 AM      Profile for Gunnar Johansson   Author's Homepage   Email Gunnar Johansson   Send New Private Message       Edit/Delete Post 
Since we put in mime-defang at our relaying mail server (itīs a gateway, all incoming and outgoing mail pass through it) we havenīt had any problems of this kind. I got the mail monday, put all I could see is the following:
WARNING: E-mail has been altered by relay.
Scanner indicated possible malicious contents within
the e-mail, and reported the following messages.
For more information please direct any questions
or concerns to G.U.D. at gud@chs.chalmers.se.

An attachment named application.pif was removed from this document as it
constituted a security hazard. If you require this document, please contact
the sender and arrange an alternate means of receiving it.

Where G.U.D. is the system administrators. Put thanks for the warning. There is a number of websites and mailinglists available if you want to keep up to date with new viruses, worms or security risks. Itīs worth it if youīre responsible, or have any kind of sensitive information, or need to have your computer working all the time (apart from needing to access Film-tech...)

//Gunnar

 |  IP: Logged

John Spooner
Expert Film Handler

Posts: 186
From: South Australia, Australia
Registered: Jan 2003


 - posted 05-20-2003 12:35 PM      Profile for John Spooner   Email John Spooner   Send New Private Message       Edit/Delete Post 
This topic re the worm is timely as I received such an e-mail today. Came from "Microsoft" with the wording to the effect "your query answered in the attachment". However there was no attachment, must have been deleted by the virus scanners at my isp.
Thought it unusual as I have not at any stage sent queries to Microsoft.
John S.

 |  IP: Logged

Bruce McGee
Phenomenal Film Handler

Posts: 1776
From: Asheville, NC USA... Nowhere in Particular.
Registered: Aug 1999


 - posted 05-20-2003 01:05 PM      Profile for Bruce McGee   Email Bruce McGee   Send New Private Message       Edit/Delete Post 
I got one of these on 5/19.

I've never sent any inquiries to Muckrosoft, so I deleted it without opening anything. I'm leery of all email that I dont know. I get tons of spam on my other address... mostly emails from Brittany Spears wanting to show me things! Anybody here need more spam?

I am looking forward to the anti-spam rulings that 'may' be coming soon! Is this just baloney?

 |  IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002


 - posted 05-20-2003 02:00 PM      Profile for Mark J. Marshall     Send New Private Message       Edit/Delete Post 
We turned on reverse DNS verification on our email servers here, and spam & viruses almost stopped completely.

 |  IP: Logged

Jack Ondracek
Film God

Posts: 2348
From: Port Orchard, WA, USA
Registered: Oct 2002


 - posted 05-20-2003 02:17 PM      Profile for Jack Ondracek   Author's Homepage   Email Jack Ondracek   Send New Private Message       Edit/Delete Post 
Ahhhhh... just received mine.
It came from "support@microsoft.com"... subject: "Re: Approved (Ref: 3394-65467)"

It also said that all information is in the attachment... which isn't there.

Brittney doesn't want to show me anything, which is just fine by me... but a whole lot of people I don't know seem to wanna make me the "top banana", if you get my drift....

 |  IP: Logged

Paul Konen
Jedi Master Film Handler

Posts: 981
From: Frisco, TX. (North of Dallas)
Registered: Jun 99


 - posted 05-20-2003 02:34 PM      Profile for Paul Konen   Email Paul Konen   Send New Private Message       Edit/Delete Post 
Daniel, It would be extremely difficult at this point to get a worm into a DLP release.

The systems that I use are Technicolor Digitals' AMS system.

Running Red Hat Linux (Ver ?)

You are NOT allowed into the OS, for obvious reasons.

The content comes on hard drives that are just files, you can't run an executable objects.

Also, I believe that there are not that many LINUX worms, viruses out there as it wouldn't be worth the authors time because they couldn't make an effect like the others.

Paul

 |  IP: Logged

Daniel Fuentz
Expert Film Handler

Posts: 230
From: Fresno, CA, USA
Registered: Apr 2003


 - posted 05-21-2003 06:48 AM      Profile for Daniel Fuentz   Email Daniel Fuentz   Send New Private Message       Edit/Delete Post 
Paul, thanks for setting me straight on that one. Obviously, something running on Linux would be a LOT less susceptible to getting a virus!

(I guess the jokes I had read regarding DLP referred to the Microsoft version only!) [Big Grin]

 |  IP: Logged

Gunnar Johansson
Expert Film Handler

Posts: 181
From: Gothenburg, Sweden
Registered: Mar 2003


 - posted 05-21-2003 12:59 PM      Profile for Gunnar Johansson   Author's Homepage   Email Gunnar Johansson   Send New Private Message       Edit/Delete Post 
Iīve had two so far, and both were stripped by our gateway.
Reverse DNS lookup is what we have too, but SPAM from IP-spoofing ("borrowing" a legitimate IP-adress) and we only do the reverse lookup to a black list server where servers with "problems" get listed. We had some problems with being blacklisted once, some people on our network had no clue to what they were doing...
Spamassassin works really well for us too, it tags incoming mail with points, and I autosort the once with a high point, since itīs VERY likely to be a spam...
//Gunnar, sysadmin chs.chalmers.se (Member of G.U.D. swedish for god, someone thought that was a funny student thing...)

 |  IP: Logged



All times are Central (GMT -6:00)  
   Close Topic    Move Topic    Delete Topic    next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:



Powered by Infopop Corporation
UBB.classicTM 6.3.1.2

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.

© 1999-2020 Film-Tech Cinema Systems, LLC. All rights reserved.