Virus in the Dropbox

It is a new deluge and spreading rapidly. I got about eight so far.

Basic rule -- *never* download and run a program unless you know what it is and who put it there. (In the Dropbox, look for the ".txt" file which should accompany it, to explain what it does, and why it is there. If there isn't one, it is probably from a virus._

I talked to Steve, and he says that the ones you see are a tiny fraction of the ones which get caught. It is not clear why some of them are sneaking past the filters he has set up, but it is happening.

My wife just downloaded and printed the Symantec information about it, (This one turns out to be the newest version of Sobig, "W32.Sobig.F@mm".)

Executable extensions:

.scr .exe .com (old MS-DOS, but it might still be recognized) .bat (batch files, but the OS discovers that it is an executable.) .doc (MS-Word document files, which can execute macros)

.??? (Whatever the spreadsheet files are called, since they can run macros, too.)

And -- there are probably more of them out there.

Be careful, and good luck, DoN.

Hi all,

As many of you know, I don't have time recently to read rec.crafts.metalworking regularly.... so I rely on friends to let me know when I should take a look. (Thanks Don)

Today several virus files made it into the dropbox. It is not the first time, nor will it be the last. Regrettably people keep coming up with novel ways to format e-mail so that the attachment decoder in the dropbox robot gets fooled. I typically delete several each week that sneak past. Usually these are harmless. Today, such was not the case, and I want to apologize to any unfortunate souls that eagerly downloaded the "new" files. This latest virus has been sent to the dropbox almost 100 times and has been trapped with the exception of one sender whose e-mail is strangely formatted. For whatever reason they sent several variations of the e-mail. The dropbox normally refuses to post any PIF, SCR, EXE, DOC, XLS, CMD, or BAT files. If you see such files, DO NOT DOWNLOAD them. On rare occasions I have checked DOC or XLS files for macro viruses and then posted them into the dropbox.

For those of you with a morbid interest, the Metalworking.com web site monitors the Microsoft security mailing list and regularly installs patches and hotfixes in an attempt to avoid problems. The patch to avoid the recent rash of "MSBASHER" viruses attacking the remote procedure call interface of Windows NT was installed when issued (several weeks ago) and no infection occurred. We do however get probed for this weakness several hundred times a day.

Keep the faith.....

Regards, Steve Stallings snipped-for-privacy@metalworking.com (and yes this e-mail address gets an unbelievable amount of spam)

-- Sites useful for readers of rec.crafts.metalworking: FAQ (frequently asked questions) -

at Metal Web News - "Drop Box", other info - archive of r.c.m. messages -

We don't say it enough: Thanks, Steve.

-Carl

Indeed yes. I think he does an admirable job, and the fact that only a few slipped through speaks of his diligence.

I know of one large facility that was pretty well laid low by those worms, in spite of the fact that they had advanced notice. :(

Jim

================================================== please reply to: JRR(zero) at yktvmv (dot) vnet (dot) ibm (dot) com ==================================================

More to come.... unfortunately.....

Overnight more copies of the virus managed to get past the robot filters. I don't have time right now to figure out what is wrong with the filtering, so I have put benign stub files with the same names into the dropbox. Since duplicate filenames are not allowed, this will stop the virus for those file names known to me. There may be new ones in the future, be safe, do not download files with PIF, SCR, EXE, COM, or BAT extensions.

Regards, Steve Stallings snipped-for-privacy@metalworking.com

Can't you just delete *.pif, etc.? Would seem to me that there'd have to be an active attack against you to figure out how to bypass your systems.

And yes, keep up the good work!

Tim

-- In the immortal words of Ned Flanders: "No foot longs!" Website @

Due to the high risk of getting a virus in the dropbox it is recommended users post .,jpg files directly to the newsgroup.

Bad idea. First, this is not a binaries NG. Second, .JPGs are not executables so viewers don't execute them.

Ted

My firewall machine at home is blocking packets on ports 68 and 135 every two seconds at the moment. There is barely enough bandwidth for the spam to get through.

Mark Rand RTFM