Author Topic: Is this virus warning for real?  (Read 2170 times)

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Is this virus warning for real?
« on: 26 November 2005, 23:02 »
My sister received this email:
Quote

From: Lakeland Communications - Steven Brady [mailto:[email protected]]
Sent: 17 November 2005 14:19
To: Abby Mobile
Subject: FW: NOT A JOKE - PLEASE OPEN A.S.A.P.

VERY IMPORTANT WARNING
This is not a joke!
Please Be Extremely Careful especially if using internet mail such as
Yahoo, Hotmail, AOL and so on. This information arrived this morning
direct from both Microsoft and Norton.
Please send it to everybody you know who has access to the Internet.
You may receive an apparently harmless email with a Power Point
presentation "Life is beautiful."
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and
delete
it immediately. If you open this file, a message will appear on your
screen
saying: "It is too late now, your life is no longer beautiful."
Subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent
it to you will gain access to your name, e-mail and password.
This is a new virus which started to circulate on Saturday afternoon.
AOL has already confirmed the severity, and the antivirus software's are
not
capable of destroying it. The virus has been created by a hacker who
calls himself "life owner."
PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask them to
PASS IT ON IMMEDIATELY
 
Regards,

 
Steven J Brady
Managing Director
Lakeland Communications Limited
Blackhall Yard
Kendal
Cumbria
LA9 4LU
 
t:   0870 990 7973
f:   0871 433 1456
m: 0797 344 8245
e: [email protected]
w: http://www.lakeland-communications.co.uk


This won't affect me anyway because I don't have Power Point and the normal usesr doesn't have enough privileges to remove any system (or anyone else's) files so it's a user area wipe at the worst.

Anyway, is this a hoax or is it a real threat?
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Is this virus warning for real?
« Reply #1 on: 26 November 2005, 23:08 »
All I could find on it from Google News: http://www.irishdev.com/NewsArticle.aspx?id=1358
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

cymon

  • Member
  • **
  • Posts: 354
  • Kudos: 172
Re: Is this virus warning for real?
« Reply #2 on: 26 November 2005, 23:09 »
It's real. I got a fake FBI email today, it said to answer questions but the file with the questions on it was a virus. Luckily Hotmail scans everything for virii, and I don't run windows.

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Is this virus warning for real?
« Reply #3 on: 26 November 2005, 23:15 »
It looks real to me ... but I don't care I run Linux :D

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Is this virus warning for real?
« Reply #4 on: 26 November 2005, 23:57 »
Quote from: piratePenguin
All I could find on it from Google News: http://www.irishdev.com/NewsArticle.aspx?id=1358

Thanks piratePenguin, I agree it is bullshit, I don't see how a virus can delete all your files even on an insecure Windows machine sice the file locking system will prevent this.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Re: Is this virus warning for real?
« Reply #5 on: 27 November 2005, 00:26 »
This hoax has been around for years.  I'm surprised you just got it now.

I wish someone would bring back the old "It takes guts to say 'Jesus'" hoax. :D
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: Is this virus warning for real?
« Reply #6 on: 27 November 2005, 05:30 »
Quote from: Aloone_Jonez
My sister received this email:

This won't affect me anyway because I don't have Power Point and the normal usesr doesn't have enough privileges to remove any system (or anyone else's) files so it's a user area wipe at the worst.

Anyway, is this a hoax or is it a real threat?

Let's examine the warning signs.  I'll bet we don't get one line in before we hit an inconsistency.

Quote
From: Lakeland Communications - Steven Brady [mailto:steve AT wanafone DOT com]

There. RIGHT THERE. See a problem? You should. The parent company is Lakeland Communications, Ltd. Wanafone.com is a subsidiary. Why would a subsidiary - which SELLS PHONES - have this information? According to http://www.lakeland-communications.co.uk/content/view/8/33/, their contact address is at email AT lakeland-communications DOT co DOT uk. Under normal circumstances, that would mean their MAILSERVER (and this doesn't exactly look like Verizon, so I'd assume there's just the one) is listed at that domain.

Hoax mistake number one: perpetrators often use domains UNVERIFIED to be compatible with their agenda.

Quote
Sent: 17 November 2005 14:19
 To: Abby Mobile

I would assume an organisation large enough to warrant its own mailserver would know HOW TO USE EMAIL, but moving on.

Quote
Subject: FW: NOT A JOKE - PLEASE OPEN A.S.A.P.
 

Again, notice that the subject is not in ANY kind of recognised warning format. Usually, when issued by Symantec or McAfee (or an equally reputable vendor), these warnings will carry subject information including the virus name, severity, and/or date-of-discovery - not to mention the name of the discovering agency.

 
Quote
VERY IMPORTANT WARNING
 This is not a joke!

Off of what we've seen so far, I see no reason to give them the benefit of the doubt anymore than you'd stall your car on the train tracks and expect a passing freighter to yield, but let's continue as if we did.

Quote
Please Be Extremely Careful especially if using internet mail such as
 Yahoo, Hotmail, AOL and so on.

Sage advice.  I wonder if they have a stake in POP3, given that they don't seem to address THOSE providers?

Quote
This information arrived this morning
 direct from both Microsoft and Norton.

Funny, I didn't know Microsoft had its anti-virus engine in gear already.

Quote
Please send it to everybody you know who has access to the Internet.

What about the people that don't? Should we leave them subject to an unknown danger, that could - for all we know - be passed diskette-to-diskette (or site-to-site, mail-to-mail, mouth-to-mouth, head-to-ass, etc)?

Hoax mistake number two: assume every virus solely propagates across the Internet.

Quote
You may receive an apparently harmless email with a Power Point
 presentation "Life is beautiful."

I don't know about you, but I don't have many people sending me crap like that, so I'd tend to be suspicious and check for a VBS extension at the end anyway. Oh, what's that? That's right:

Hoax mistake number three: play on people's fears of faked (doubled, tripled, etc) extensions BY NOT INCLUDING *ANY* in the description.

Quote
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and
 delete
 it immediately. If you open this file, a message will appear on your
 screen
 saying: "It is too late now, your life is no longer beautiful."

Wow. A PowerPoint file, showing a message... on a SCREEN. I can never get mine past that first BSOD, but I guess someone must have.

Quote
Subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent
 it to you will gain access to your name, e-mail and password.

This is why I DON'T OPEN VBS FILES.  If it were a REAL PowerPoint Slideshow as the extension in the original variant of this hogwash seems to indicate, how would it do this? Drop the /con/con bomb? Oh, I know, MAYBE IT'LL EGGDROP SOME SHELLCODE INTO EXPLORER AND CAUSE A BUFFER OVERFLOW! That'll give them my NAME, EMAIL, and PASSWORD FOR SURE! If they can get past, the whole, y'know... COMPUTER NOT WORKING BIT.

Hoax mistake number four: assuming a computer can self-heal BSODs, since we ALL run Crystal Palace technology at home.

Incidentally - NORAD uses UNIX-based, not Windows.

 
Quote
This is a new virus which started to circulate on Saturday afternoon.
 AOL has already confirmed the severity, and the antivirus software's are
 not capable of destroying it.

I don't know about the UK, but here we have a Computer Emergency Readiness Team that grades these things, NOT AOHELL.  

Hoax mistake number five: assume AOL will be around forever, then grant them government agency status.
 

God knows enough idi... um... newbies implicitly trust them. To date, the only "virus" that antivirus applications can't destroy? That's right: Sony's rootkit, and that's simple enough to remove once you know the way it infects your system. Hell, people are making BATCHFILES to combat it, so it's technically not a big enough threat to warrant antivirus attentions. Now, if it polymorphed, THAT would be a problem.

Quote
The virus has been created by a hacker who
 calls himself "life owner."
 PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask them to
 PASS IT ON IMMEDIATELY

Hoax mistake number six: rather than realising that any decent anti-virus company has their own distribution system, convince the masses that they MUST forward your message.

After all, how else can it survive from a spoofed address?
 
Quote
Regards,
 
 
 Steven J Brady
 Managing Director
 Lakeland Communications Limited
 Blackhall Yard
 Kendal
 Cumbria
 LA9 4LU
 
 t:   0870 990 7973
 f:   0871 433 1456
 m: 0797 344 8245
 e: steve AT wanafone DOT com
 w: www.lakeland-communications.co.uk
 

Seriously, leave this poor guy alone, it's probably some disgruntled worker's ex-boss that they just want to drive insane. Otherwise, emails will bounce, and calls to the mobile will likely be answered by someone other than the landline - check out that areacode.

Oh, and hoax mistake number seven, for the game?  Check out that postal code.  Check that contact page for Lakeland.  Yep, that's right: the postal code is off.

Hopefully, the response detailed here will help you notice crap like this in the future. Share it with your sister! In fact, here are the checks, presented in the order of the hoax mistakes (some of which were not enumerated, but significant in their own right):



[list=1]
  • Check that the domain fits the intent.  A phone shopping site is NOT a reliable source for virus information.
  • Check that the "notice" acknowledges non-Internet propagation.
  • Check that the "notice" contains the three-letter extension.  Double-check the extension through filext.com or a similar site. Anything described as belonging to "Visual" anything, "Builder" anything, or "Lab" anything should be approached with EXTREME CAUTION unless YOU made the file yourself. Even then, treat it like a grenade - it may not be live, but the wrong touch may still screw something up.
  • Check the validity of what the "notice" is saying. Can people get your NAME from you merely logging into a BBS? If you were honest with the signup form (who here is), then possibly. Can people get your home address over a wireless connection to a Q-39 Illudium Explosive Space Modulator stashed away deep within your PC, EVEN WHEN IT'S TURNED OFF, THE POWER REMOVED, AND THE CMOS BATTERY HURLED INTO THE WHITE-HOT FIRES OF THE SUN? Probably not.
  • Check that the "notice" acknowledges REAL antivirus companies (McAfee, Norton/Symantec, AntiVir) not ISPs (Microsoft [MSN], AOL, Earthlink, and so on).
  • If the email came from a third-party site, DON'T TRUST IT and DON'T TOUCH THE ATTACHMENTS. You're staring down a container of ebola, and until you open those files, nothing really bad (at least through that email) can happen. If you have auto-open attachments enabled, FOR GOD'S SAKE TURN IT OFF. Remember that anti-virus companies offer updates through their own - SECURE - updating tool, not through as easily manipulated a medium as IMAP emails.
  • Finally, check that the "contact" in the "notice" exists through the website. If you notice typos in the address, discard it, unless the other factors (such as style of subject, etc) warrant keeping the message.
« Last Edit: 27 November 2005, 05:32 by Orethrius »

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

Jack2000

  • Guest
Re: Is this virus warning for real?
« Reply #7 on: 27 November 2005, 06:54 »
this is one of those stupid Chain-mail things
i have dumped about a dozen of those and even more paper typed too :)
muahuahuahahu i should have turned into a black cat by now if i believed
in that kind of crap

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Re: Is this virus warning for real?
« Reply #8 on: 27 November 2005, 09:55 »
Quote from: Orethrius

Really long post about email hoax

Bored much? :p
« Last Edit: 27 November 2005, 21:11 by WMD »
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Is this virus warning for real?
« Reply #9 on: 27 November 2005, 13:07 »
Thanks Orethrius - I'll send her and her friend a coppy of your post - hopefully it'll work its way back up the chain back to the source. :D
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
Re: Is this virus warning for real?
« Reply #10 on: 28 November 2005, 01:10 »
But, if you don't forward the message, you won't recieve your $1000 from Microsoft for beta-testing their new email system!!!!!!

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Is this virus warning for real?
« Reply #11 on: 28 November 2005, 01:53 »
I thought it was still in alpha-testing? If it was a beta that means it's finished.
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
Re: Is this virus warning for real?
« Reply #12 on: 2 December 2005, 10:17 »
Quote from: Dark_Me
I thought it was still in alpha-testing? If it was a beta that means it's finished.

Alpha means experimental and "dont fucking bother asking us for support", Beta means "were nearly done tell us what you think". Stable means well, "were finished, poke holes in it and laugh at us"

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Is this virus warning for real?
« Reply #13 on: 2 December 2005, 10:48 »
I know that. I was poking fun at the finished state of Microsoft products.
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
Re: Is this virus warning for real?
« Reply #14 on: 2 December 2005, 10:56 »
Ah nevermind then.

72 hours of no sleep and counting.