Site New Answers Search Boards ILM ILE Answers New Question New Questions New Poll Blog View Register Login

Don't open emails from SUPPORT@MICROSOFT.COM

Message Bookmarked
Bookmark Removed
Don't know how many of you have gotten this already, but my inbox is overflowing with messages from "support@microsoft.com" claiming to be something about "your request" or "your movie" or whatever. When you open the file up it's a PIF file (I checked using the web interface). Bad news.

Anyhow, you're all probably a sharp enough bunch to realize this but just in case, don't click on these things, and probably best just to scoot 'em straight into the trash.

Sean Carruthers (SeanC), Tuesday, 20 May 2003 12:47 (twenty-two years ago)

I've had two of these so far today. The one I checked was from someone on shawcable.net.

caitlin (caitlin), Tuesday, 20 May 2003 12:53 (twenty-two years ago)

I got 6 of them (luckily saw the attachment was weird and deleted). info here

Aaron W (Aaron W), Tuesday, 20 May 2003 12:54 (twenty-two years ago)

How on earth I manage to keep my email address out of virus-infected suckers' address books, I will never know. I never get these things.

Stuart (Stuart), Tuesday, 20 May 2003 12:56 (twenty-two years ago)

I got a few from them entitled Desktop or something like that, the jerks.

Sarah MCLUsky (coco), Tuesday, 20 May 2003 13:10 (twenty-two years ago)

I've been getting loads of these damn things. Luckily Norton has indentified them every time and I just delete the infected attachments, and I've set up a filter to send them all directly to the Trash folder. It's still a right pain, though.

Chriddof (Chriddof), Tuesday, 20 May 2003 13:15 (twenty-two years ago)

Oh yeah, our mail server scrubs virus attachments before messages ever reach me - so maybe that has something to do with it. If only it would eat spam too. And whoever invented html email should be punched.

Stuart (Stuart), Tuesday, 20 May 2003 13:22 (twenty-two years ago)

Stuart - do you live in Manchester? (honest question)

james (james), Tuesday, 20 May 2003 13:24 (twenty-two years ago)

No, why?

Stuart (Stuart), Tuesday, 20 May 2003 13:31 (twenty-two years ago)

I got three yesterday, and six new ones this morning. Some were blocked my my webserver, but most were not, and were sitting in my inbox naked and scary. They were all to the web address below -- I'm convinced this board is where they got the address from.

Kenan Hebert (kenan), Tuesday, 20 May 2003 13:32 (twenty-two years ago)

I've been getting loads of these, all of a sudden.

Matt (Matt), Tuesday, 20 May 2003 13:32 (twenty-two years ago)

just i know a stuart who looks like Gonzo (truely i do) thought it might be him, but hey its not.

james (james), Tuesday, 20 May 2003 13:32 (twenty-two years ago)

It's quite possible that it's nailing the addresses from the web cache of signed-in subscribers, which is part of the reason I posted this here. All it would take would be reading a couple of long threads and an unfortunate click (or auto-open in certain mail programs) and the rest is pain and suffering.

Sean Carruthers (SeanC), Tuesday, 20 May 2003 13:34 (twenty-two years ago)

I've never registered on ILX, and I've gotten these emails, so y'all should not be so paranoid.

hsetncil, Tuesday, 20 May 2003 13:36 (twenty-two years ago)

The mailserver I use strips out any .exe (and certain other) attachments. Not that they can hurt me. You should all ask your ISP/sysadmins to do the same.

more info.

Ed (dali), Tuesday, 20 May 2003 13:38 (twenty-two years ago)

wow i've had about 6 of these as well...they seem pretty lame tho - NAV doesnt even bother providing an alert message so i just delete them straight away with no fuss

stevem (blueski), Tuesday, 20 May 2003 13:38 (twenty-two years ago)

sorry wrong virus, the correct one is here.

Ed (dali), Tuesday, 20 May 2003 13:39 (twenty-two years ago)

At your regular email address you mean? Or the one you use for posting? Either way, the webcache c/o ILX would still be a very nice way to get a lot of addresses quickly for anyone from ILX who happened to get infected, inadvertantly or not, and paranoia or not.

Sean Carruthers (SeanC), Tuesday, 20 May 2003 13:39 (twenty-two years ago)

I use my regular email address on ILX, I have two levels of filtration and keep my black/white lists resonably up to date.

Ed (dali), Tuesday, 20 May 2003 13:43 (twenty-two years ago)

By the way (for Microsoft OS users): this would be as good a time as any to correct a problem with the way MS has set up the default configuration of Windows operating systems since ME or so.

1. Double click on "My Computer"
2. From the "Tools" menu at the top, select "Folder Options"
3. Click on the "view" tab
4. Uncheck the box that says "Hide extensions for known file types"
5. Hit "OK".

This will show the three-letter extension on all of your files, in all programs that use that setting (like Outlook). This makes things a little bit less elegant but it also means you won't be double-clicking on files that look like picture files when in fact they're executables. (The file "picture.jpg.exe" will just show up as "picture.jpg" if you have this box checked, which may fool you even if you can see the icon for the file is NOT a picture program icon.)

Sean Carruthers (SeanC), Tuesday, 20 May 2003 13:50 (twenty-two years ago)

Dude, hstencil, whether you are registered or not, your email address is still up for grabs on the board if a spam bot parses source code. It seems pretty obvious that this came from this board (it's the only spam I've ever GOTTEN at the address I use on here, actually); I'm actually surprised this is the first one though??

Ally (mlescaut), Tuesday, 20 May 2003 14:12 (twenty-two years ago)

I've got other virus type things that I assume have come from here... that's the danger of the INTERNET and talking to all these DIRTY and CREEPY people. Heh. Speaking of, time to get tested.

Aaron W (Aaron W), Tuesday, 20 May 2003 14:28 (twenty-two years ago)

Its unlikely to be farming addresses from ILE, It will just get into someone's address book (and auto complete list which has everyone you ever mailed ever in it) and bang out mails to them. There is one simple rule though:

NEVER OPEN ATTACHMENTS IF YOU DON'T KNOW WHO SENT THEM

Ed (dali), Tuesday, 20 May 2003 14:31 (twenty-two years ago)

i think it is farming addresses from ilx actually ed. we already had this conversation i recall. especially as i have received one of these from an address that doesnt actually exist

gareth (gareth), Tuesday, 20 May 2003 14:34 (twenty-two years ago)

Spoofing email addresses is as common as muck for spam and viruses. This one is spoofs support@microsoft.com.

Rule 2

EVEN IF YOU KNOW WHO SENT THE ATTACHMENT, DON'T OPEN IT UNLESS YOU WERE EXPECTING IT

if in doubt don't open atachments, check with the person who sent it. Most viruses rely on people's stupidity to work.

Ed (dali), Tuesday, 20 May 2003 14:39 (twenty-two years ago)

I know that it could get my address from ILX, but I don't think that's the sole source of all this. I mean, this virus has affected lots of computers around the world, saying "oh they might be trolling ILX" is unnecessarily paranoid.

hstencil, Tuesday, 20 May 2003 14:41 (twenty-two years ago)

That WOULD be paranoid, but that's not what we're saying. The newer generation of viruses (virii?) doesn't just hit your address book, it goes into your computer's webcache to look for anything that looks like an email address; anyone who surfs to a page that has email addresses is thus collecting a bunch of email addresses for these viruses to make use of if one of them is later activated on that PC system. It's not a question of the virus trawling ILX unsolicited, it's a question of ILX fans unwittingly launching the virus.

Sean Carruthers (SeanC), Tuesday, 20 May 2003 14:44 (twenty-two years ago)

Most viruses rely on people's stupidity to work

Or they rely on folks' inability or unwillingness to bother changing the large amount of predictable and potentially unsafe default configurations provided by Microsoft.

I've been using Eudora since it was one of the only PC mail clients, so I never started using Outlook. The number of email-distributed viruses designed to exploit Outlook has made me never even bother. A couple years ago when that fucking nimdA virus ground the servers where I work to a temporary halt and infected countless browser, it never managed to get to my desktop machine either... Cause I was using Netscape 4.7 for testing backwards compatibility that week, and Netscape isn't stupid enough by default to just download a .eml (email) inclusion on a web page. IE, by the way, is that stupid.

Sean's right about this thing likely getting it's addresses from the cache folder, because I started getting them first (and get a lot more) at one of my work addresses, which is of the webmaster@blah.edu variety and also featured on nearly every page of the site I maintain.

martin m. (mushrush), Tuesday, 20 May 2003 14:49 (twenty-two years ago)

Sean is OTM, hstencil go read a computer magazine as punishment!

This sort of thing always amuses me, these worm viruses. We ALWAYS get them at work--the best was the one that sent out an email saying it was a special love letter from me to you, you are so sexy, blah blah blah, then you had to open the attachment to read the special sexy love letter. THE PERSON WHO FIRST OPENED IT--and thus sent it to everyone in the company--WAS THE OWNER. Oh the joy of reading that over and over all day, I was like finally my dreams have come true and I will be a trophy wife! ALAS it is just a virus, damn you MS!

Ally (mlescaut), Tuesday, 20 May 2003 14:54 (twenty-two years ago)

it didnot came on my ilx address. but it came nonetheless!

Erik, Tuesday, 20 May 2003 16:20 (twenty-two years ago)

THE VIRUS READS OUR MINDS!

Ally (mlescaut), Tuesday, 20 May 2003 16:22 (twenty-two years ago)

I just got one of these. Deleted it right away. I hardly ever open e-mail unless I know who it's from -- attachments NEVER get opened unless someone says "I'm sending you a file" and I say "OK."

"Microsoft.com" is a very vague address -- aren't their support teams a bit more software-specific?

Jody Beth Rosen (Jody Beth Rosen), Tuesday, 20 May 2003 17:16 (twenty-two years ago)

I've had this one 8 or 10 times since yesterday, here and at work. It's getting everywhere.

Another way of protecting yourself against viruses is to not doubleclick on them, but save them to somewhere then open a safe program and open them in that. Word files (.doc) can run dangerous macros, but if you open WordPad and then go File/Open you can view the .doc contents.

Martin Skidmore (Martin Skidmore), Tuesday, 20 May 2003 17:28 (twenty-two years ago)

SoBig virus, our company lists it as using the Outlook address book and not cache, but of course it could be wrong.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 17:41 (twenty-two years ago)

I've also gotten it twice, and unless its changin zeros to 'o's and removing whitespaces I'd say its hitting the address book. Haven't gotten it at any of my other email addresses though.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 17:48 (twenty-two years ago)

I always wondered what sort of person DID open up random email attachments, to be honest.

Ally (mlescaut), Tuesday, 20 May 2003 17:50 (twenty-two years ago)

nalini opened a random one on my pc in arsenal:(

gareth (gareth), Tuesday, 20 May 2003 17:52 (twenty-two years ago)

Ummm, let me copy and paste quickly here.

Subject line will be one of the following:
Your details
Approved (Ref: 38446-263)
Re: Approved (Ref: 3394-65467)
Your password
Re: My details
Screensaver
Cool screensaver
Re: Movie
Re: My application

Body is:
"All information is in the attached file."

Atttachment will be one of:
your_details.pif
ref-394755.pif
approved.pif
password.pif
doc_details.pif
screen_temp.pif
screen_doc.pif
movie28.pif
application.pif


That sound about right people?

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 17:53 (twenty-two years ago)

by random i mean attachment that had a virus, this was over a year ago though on a different pc, not this new one, i havent got that yet

gareth (gareth), Tuesday, 20 May 2003 17:54 (twenty-two years ago)

That sound about right people?

Precisely.

Mommy, what's a pif?

Kenan Hebert (kenan), Tuesday, 20 May 2003 18:15 (twenty-two years ago)

For soem reason from the fog of my days napping in OS class, "program information file" comes to mind.

Ding Ding Ding, Im a winner: http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?Program+Information+File
What a guess.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 18:39 (twenty-two years ago)

like everyone else I've gotten probably 8 of these in the past two days at the address I use here. I have no idea how it's connected. I did update my norton virus defs today and it now catches them when they come in, and a made a filter to dump them straight to the trash anyway. What does this virus do, actually? anything malicious or just annoying copy/email to everyone junk?

anthony kyle monday (akmonday), Tuesday, 20 May 2003 18:56 (twenty-two years ago)

Bah, looks like Sean is right, uses multiple sources to harvest emails.

Im guessing its an update of the old Big Boss emails we were getting in January.
http://vil.mcafee.com/dispVirus.asp?virus_k=99950

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 19:03 (twenty-two years ago)

The bad part is, if I'mr eading this right, it downloads a keylogger amoung other things as described here: http://vil.nai.com/vil/content/v_99788.htm

I also posted the wrong URL above, I meant to say it looks like an updated version of http://vil.nai.com/vil/content/v_99950.htm which is how it spreads itself.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 19:09 (twenty-two years ago)

Bah, looks like Sean is right, uses multiple sources to harvest emails.
I don't know whether to feel thrilled that I was right or upset that you doubted me. I'll get you for this, Nudels! Get you, I tells ya!

Sean Carruthers (SeanC), Tuesday, 20 May 2003 19:35 (twenty-two years ago)

Don't make me drop the hammer and dispense some indiscriminate justice Stinkypants.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 19:47 (twenty-two years ago)

You...you...YOU ROUGE MONITOR! You don't scare me!

Sean Carruthers (SeanC), Tuesday, 20 May 2003 19:50 (twenty-two years ago)

No, but my hairy carrots might.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 19:52 (twenty-two years ago)

I'm going to start a thread called "Don't open Mr. Noodles' hairy carrots" now. That sounds even scarier than this new virus.

Sean Carruthers (SeanC), Tuesday, 20 May 2003 19:58 (twenty-two years ago)

The newer generation of viruses (virii?) doesn't just hit your address book, it goes into your computer's webcache to look for anything that looks like an email address;

I know nothing about this, but: would it be at all non-difficult, and would it do any good, to automatically mask email addresses visible on ilxor.com, even to logged-in folks? I'm assuming anything like these viruses would delete NOSPAM and stuff like that, but presumably they wouldn't know to take out POXYFULE, whereas we would.

Tep (ktepi), Tuesday, 20 May 2003 20:01 (twenty-two years ago)

Of course people using Macintoshes don't really have to worry about this

J0hn Darn1elle (J0hn Darn1elle), Tuesday, 20 May 2003 20:24 (twenty-two years ago)

No they have their own concerns covering their back orfice.

Mr Noodles (Mr Noodles), Tuesday, 20 May 2003 20:26 (twenty-two years ago)

I am on Mac and I've been getting these all day long:(

Mary (Mary), Wednesday, 21 May 2003 04:07 (twenty-two years ago)

don't worry, they can't hurt you. Annoying though that a few dumbass windows users opening unsolicited attachments purpoting to be a patch from the Beast of Redmond can cause so much havoc.

Ed (dali), Wednesday, 21 May 2003 06:28 (twenty-two years ago)

Still not convinced about the farming ILX thing - my graffiti.net address, the one I use here, hasn't received any of these whearas I've had a load to my work addy - which as far as I'm aware has never been used here.

Matt DC (Matt DC), Wednesday, 21 May 2003 09:27 (twenty-two years ago)

Every time a Mac user preaches smugly about how right they are, I kill a kitten.

Mark C (Mark C), Wednesday, 21 May 2003 09:33 (twenty-two years ago)

It warms the cockles of my heart to hear that I have touched you so.

Ed (dali), Wednesday, 21 May 2003 09:34 (twenty-two years ago)

What about when Linux and other Unix users preach smugly about how they've been right for much longer than these upstart Mac people? ;-)

caitlin (caitlin), Wednesday, 21 May 2003 09:53 (twenty-two years ago)

Unix yes, linux no.

Ed (dali), Wednesday, 21 May 2003 09:55 (twenty-two years ago)

I've been getting lots of these too.

Alex in NYC (vassifer), Wednesday, 21 May 2003 10:55 (twenty-two years ago)

Everytime a Mac user gets smug I reach for my dis-Ease disk.

Mr Noodles (Mr Noodles), Wednesday, 21 May 2003 12:07 (twenty-two years ago)

i'd imagine you'd want to keep your hands off it..

oh you said DISK my mistake

electric sound of jim (electricsound), Wednesday, 21 May 2003 12:26 (twenty-two years ago)

Well that truely would be sick. I give you 10 Dan Perry Points.

Mr Noodles (Mr Noodles), Wednesday, 21 May 2003 12:28 (twenty-two years ago)

I always wondered what sort of person DID open up random email attachments, to be honest.

Er.....

Anyone know what this particular one is supposed to do if someone is stupid enough to open it? (DOH!)

James Ball (James Ball), Wednesday, 21 May 2003 12:32 (twenty-two years ago)

http://vil.nai.com/vil/content/v_99950.htm

Mr Noodles (Mr Noodles), Wednesday, 21 May 2003 12:35 (twenty-two years ago)

get some up to date virus protection software.

NOTE TO EVERYONE: MICROSOFT DOES NOT SEND OUT SOFTWARE UPDATES BY EMAIL, WHEN IN DOUBT BE SUSPICIOUS

Ed (dali), Wednesday, 21 May 2003 12:36 (twenty-two years ago)

http://www.netspace.net.au/~xfang/xfiles/pics/trustno1.jpg

Mr Noodles (Mr Noodles), Wednesday, 21 May 2003 12:39 (twenty-two years ago)

As much as it irritates me when people open up attachments they shouldn't be opening, it also bugs me when people find it inconceivable that people would open attachments such as this. Many of these virus-packed emails are designed, almost masterfully in some cases, to take advantage of people's gullibility, greed, lust, or inexeperience (as well as various Microsoft-related design issues).

There are an awful lot of people going online these days that aren't sharp younger kids who have been raised in an Internet culture where it's always been a bad idea to click on something you weren't expecting. For example, there is a growing segment of senior citizens online, and I can completely understand why one of them, on the net for the first time, would say "oh, Microsoft has a problem with my computer, maybe I'd better figure out what it is". There are a number of people who find themselves working in an office where, for the first time, they're on the Internet and dealing with email, even though they may have wanted to avoid technology in their daily lives. Basically, it's a lot of ordinary people online who haven't bee taught the basics yet about not clicking on unexpected things. And as I've stated before, Microsoft does NOT make it any easier for people to understand such things with such utterly moronic default choices like "hide extensions for known file types".

Sean Carruthers (SeanC), Wednesday, 21 May 2003 12:47 (twenty-two years ago)

I whole heartedly agree with you this is why I put it in big type, then people will remember for the future.

Ed (dali), Wednesday, 21 May 2003 12:49 (twenty-two years ago)

Thanks for your kind words, Sean, but I'm only 34.

James Ball (James Ball), Wednesday, 21 May 2003 13:00 (twenty-two years ago)

Stupid people shouldn't be allowed near the internet. Companies should realise this, and, say, strip out all attachments from emails to or from known morons.

When I'm World Dictator, anyone who wants an internet connection will have to have a Common Sense exam first.

caitlin (caitlin), Wednesday, 21 May 2003 13:03 (twenty-two years ago)

But I've got 'O' levels and everything.

James Ball (James Ball), Wednesday, 21 May 2003 13:05 (twenty-two years ago)

*When Smart People Do Stupid Things -- tonight at 10*

Kenan Hebert (kenan), Wednesday, 21 May 2003 13:08 (twenty-two years ago)

You work at a corporation as a higher up --> you insist on using a computer --> you open a virus onto the entire corporation --> you should be beheaded.

Ally (mlescaut), Wednesday, 21 May 2003 13:09 (twenty-two years ago)

If it makes you feel better James, I almost opened it.

Kenan Hebert (kenan), Wednesday, 21 May 2003 13:09 (twenty-two years ago)

Well I was expecting an answer to something from our IT department and wasn't paying attention when I opened it.

Daft behaviour, I know, but decapitation's a bit harsh.

James Ball (James Ball), Wednesday, 21 May 2003 13:14 (twenty-two years ago)

I'm sorry but that's the type of ship I run, kid.

Ally (mlescaut), Wednesday, 21 May 2003 13:26 (twenty-two years ago)

Just got my first two of these, and they were both adressed to the address I only use here.

Chewshabadoo (Chewshabadoo), Wednesday, 21 May 2003 14:01 (twenty-two years ago)

Well I was expecting an answer to something from our IT department and wasn't paying attention when I opened it.

That's another reason why these things spread; they're also designed to take advantage of overworked people not paying attention as closely as they should. I can definitely foresee a day when I inadvertantly launch one of these things just through sheer carelessness or mental exhaustion. It can happen to anyone under the right circumstances, I'm guessing.

Sean Carruthers (SeanC), Wednesday, 21 May 2003 14:52 (twenty-two years ago)

Good thing you don't work for me!

Ally (mlescaut), Wednesday, 21 May 2003 14:59 (twenty-two years ago)

Latest news on this virus appear to suggest that it is a sleeper virus that a some stage can be activated to download code to act as a proxy server for spammers. If you opened the virus please clean it off.

Ed (dali), Thursday, 22 May 2003 08:28 (twenty-two years ago)


You must be logged in to post. Please either login here, or if you are not registered, you may register here.
Site New Answers Search Boards ILM ILE Answers New Question New Questions New Poll Blog View Register Login