Preliminary report:


There is an extremely dangerous virus spreading called WORM_MIMAIL.A

This spreads via email with a subject that reads:

Subject: your account

The body of the email reads:

Hello there, I would like to inform you about important

information regarding your e-mail address.

This email address will be expiring. Please read attachment for details.

Best regards,

Administrator

Attachment: "message.zip"

The standard warning: NEVER open an email or attachment from someone you do
not know or trust.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Michael Solomon (MS-MVP Windows Shell/User)" >
wrote in message ...

> Preliminary report:
>
>
> There is an extremely dangerous virus spreading called
WORM_MIMAIL.A
>
> This spreads via email with a subject that reads:
>
> Subject: your account
>
> The body of the email reads:
>
> Hello there, I would like to inform you about important
>
> information regarding your e-mail address.
>
> This email address will be expiring. Please read attachment for
details.
>
> Best regards,
>
> Administrator
>
> Attachment: "message.zip"
>
> The standard warning: NEVER open an email or attachment from
someone you do
> not know or trust.


Sorry, but I think that's extremely dangerous advice. It implies
that the opposite is true--that it's safe to open an E-mail or
attachment from someone you know or trust.

In fact, almost the exact opposite is true. Many modern viruses
and worms spread by sending themsleves to everyone in the
infected party's address book. That means it's *more* likely, not
less likely, that a message from somneone you know and trust is
likely to be infected.

My advice is to open attachments only it's something you are
expecting; even if you get it from a close family member, it's
wise to check with them first before opening.

My own personal practice is even more stringent. I almost never
open attachments at all; I make an occasional exception, but only
for an extremely trusted source, who I am confident applies
safeguards as good as my own.

--
Ken Blake
Please reply to the newsgroup

Ken Blake wrote:
> "Michael Solomon (MS-MVP Windows Shell/User)" >
> wrote in message ...
>
>> Preliminary report:
>>
>>
>> There is an extremely dangerous virus spreading called WORM_MIMAIL.A
>>
>> This spreads via email with a subject that reads:
>>
>> Subject: your account
>>
>> The body of the email reads:
>>
>> Hello there, I would like to inform you about important
>>
>> information regarding your e-mail address.
>>
>> This email address will be expiring. Please read attachment for
>> details.
>>
>> Best regards,
>>
>> Administrator
>>
>> Attachment: "message.zip"
>>
>> The standard warning: NEVER open an email or attachment from someone
>> you do not know or trust.
>
>
> Sorry, but I think that's extremely dangerous advice. It implies
> that the opposite is true--that it's safe to open an E-mail or
> attachment from someone you know or trust.
>
> In fact, almost the exact opposite is true. Many modern viruses
> and worms spread by sending themsleves to everyone in the
> infected party's address book. That means it's *more* likely, not
> less likely, that a message from somneone you know and trust is
> likely to be infected.
>
> My advice is to open attachments only it's something you are
> expecting; even if you get it from a close family member, it's
> wise to check with them first before opening.
>
> My own personal practice is even more stringent. I almost never
> open attachments at all; I make an occasional exception, but only
> for an extremely trusted source, who I am confident applies
> safeguards as good as my own.
Agreed, I copied and pasted the notice. You should scan all attachments
before opening regardless of who they are from, known and unknown. Viruses
are largely propegated by e-mails to friends who unwittingly think it is all
right because they know the person.
--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Ken Blake" > wrote in message
...
> "Michael Solomon (MS-MVP Windows Shell/User)" >
> wrote in message ...
>
> > Preliminary report:
> >
> >
> > There is an extremely dangerous virus spreading called
> WORM_MIMAIL.A
> >
> > This spreads via email with a subject that reads:
> >
> > Subject: your account
> >
> > The body of the email reads:
> >
> > Hello there, I would like to inform you about important
> >
> > information regarding your e-mail address.
> >
> > This email address will be expiring. Please read attachment for
> details.
> >
> > Best regards,
> >
> > Administrator
> >
> > Attachment: "message.zip"
> >
> > The standard warning: NEVER open an email or attachment from
> someone you do
> > not know or trust.
>
>
> Sorry, but I think that's extremely dangerous advice. It implies
> that the opposite is true--that it's safe to open an E-mail or
> attachment from someone you know or trust.
>
> In fact, almost the exact opposite is true. Many modern viruses
> and worms spread by sending themsleves to everyone in the
> infected party's address book. That means it's *more* likely, not
> less likely, that a message from somneone you know and trust is
> likely to be infected.
>
> My advice is to open attachments only it's something you are
> expecting; even if you get it from a close family member, it's
> wise to check with them first before opening.
>
> My own personal practice is even more stringent. I almost never
> open attachments at all; I make an occasional exception, but only
> for an extremely trusted source, who I am confident applies
> safeguards as good as my own.
>
> --
> Ken Blake
> Please reply to the newsgroup
>
"> My own personal practice is even more stringent. I almost never
> open attachments at all; I make an occasional exception, but only
> for an extremely trusted source, who I am confident applies
> safeguards as good as my own."

Isn't this rather draconian ? Getting a message with text as quoted above
about my account from a friend who has nothing to do with or knowledge of it
would raise my suspicions that it was not them but rather a virus. There
are going to be a lot of unhappy senders when they learn that their
attachments aren't being open. We all need a good use of good old common
sense here.

Malv

Malvern wrote:
> "Ken Blake" > wrote in message
> ...
>> "Michael Solomon (MS-MVP Windows Shell/User)" >
>> wrote in message ...
>>
>>> Preliminary report:
>>>
>>>
>>> There is an extremely dangerous virus spreading called
>> WORM_MIMAIL.A
>>>
>>> This spreads via email with a subject that reads:
>>>
>>> Subject: your account
>>>
>>> The body of the email reads:
>>>
>>> Hello there, I would like to inform you about important
>>>
>>> information regarding your e-mail address.
>>>
>>> This email address will be expiring. Please read attachment for
>> details.
>>>
>>> Best regards,
>>>
>>> Administrator
>>>
>>> Attachment: "message.zip"
>>>
>>> The standard warning: NEVER open an email or attachment from
>> someone you do
>>> not know or trust.
>>
>>
>> Sorry, but I think that's extremely dangerous advice. It implies
>> that the opposite is true--that it's safe to open an E-mail or
>> attachment from someone you know or trust.
>>
>> In fact, almost the exact opposite is true. Many modern viruses
>> and worms spread by sending themsleves to everyone in the
>> infected party's address book. That means it's *more* likely, not
>> less likely, that a message from somneone you know and trust is
>> likely to be infected.
>>
>> My advice is to open attachments only it's something you are
>> expecting; even if you get it from a close family member, it's
>> wise to check with them first before opening.
>>
>> My own personal practice is even more stringent. I almost never
>> open attachments at all; I make an occasional exception, but only
>> for an extremely trusted source, who I am confident applies
>> safeguards as good as my own.
>>
>> --
>> Ken Blake
>> Please reply to the newsgroup
>>
> "> My own personal practice is even more stringent. I almost never
>> open attachments at all; I make an occasional exception, but only
>> for an extremely trusted source, who I am confident applies
>> safeguards as good as my own."
>
> Isn't this rather draconian ? Getting a message with text as quoted
> above about my account from a friend who has nothing to do with or
> knowledge of it would raise my suspicions that it was not them but
> rather a virus. There are going to be a lot of unhappy senders when
> they learn that their attachments aren't being open. We all need a
> good use of good old common sense here.
>
> Malv
It just means you should use caution. From my own point of view, scan every
attachment before opening and look at the text of the message as well
becayse the sender may not even have intended an attachment be sent as it
can be automatic once a virus takes hold. I've had this happen, wherein I
scanned the attachement sent by a friend, found it to be a virus and I
responded to them informing them they have a virust and they need to get
their system cleaned before sending anything eles and if they are using an
always on connection to disconnect from the Internet until they are certain
the virus has been removed.
--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Michael Solomon (MS-MVP Windows Shell/User)" > wrote in
message ...
> Malvern wrote:
> > "Ken Blake" > wrote in message
> > ...
> >> "Michael Solomon (MS-MVP Windows Shell/User)" >
> >> wrote in message ...
> >>
> >>> Preliminary report:
> >>>
> >>>
> >>> There is an extremely dangerous virus spreading called
> >> WORM_MIMAIL.A
> >>>
> >>> This spreads via email with a subject that reads:
> >>>
> >>> Subject: your account
> >>>
> >>> The body of the email reads:
> >>>
> >>> Hello there, I would like to inform you about important
> >>>
> >>> information regarding your e-mail address.
> >>>
> >>> This email address will be expiring. Please read attachment for
> >> details.
> >>>
> >>> Best regards,
> >>>
> >>> Administrator
> >>>
> >>> Attachment: "message.zip"
> >>>
> >>> The standard warning: NEVER open an email or attachment from
> >> someone you do
> >>> not know or trust.
> >>
> >>
> >> Sorry, but I think that's extremely dangerous advice. It implies
> >> that the opposite is true--that it's safe to open an E-mail or
> >> attachment from someone you know or trust.
> >>
> >> In fact, almost the exact opposite is true. Many modern viruses
> >> and worms spread by sending themsleves to everyone in the
> >> infected party's address book. That means it's *more* likely, not
> >> less likely, that a message from somneone you know and trust is
> >> likely to be infected.
> >>
> >> My advice is to open attachments only it's something you are
> >> expecting; even if you get it from a close family member, it's
> >> wise to check with them first before opening.
> >>
> >> My own personal practice is even more stringent. I almost never
> >> open attachments at all; I make an occasional exception, but only
> >> for an extremely trusted source, who I am confident applies
> >> safeguards as good as my own.
> >>
> >> --
> >> Ken Blake
> >> Please reply to the newsgroup
> >>
> > "> My own personal practice is even more stringent. I almost never
> >> open attachments at all; I make an occasional exception, but only
> >> for an extremely trusted source, who I am confident applies
> >> safeguards as good as my own."
> >
> > Isn't this rather draconian ? Getting a message with text as quoted
> > above about my account from a friend who has nothing to do with or
> > knowledge of it would raise my suspicions that it was not them but
> > rather a virus. There are going to be a lot of unhappy senders when
> > they learn that their attachments aren't being open. We all need a
> > good use of good old common sense here.
> >
> > Malv
> It just means you should use caution. From my own point of view, scan
every
> attachment before opening and look at the text of the message as well
> becayse the sender may not even have intended an attachment be sent as it
> can be automatic once a virus takes hold. I've had this happen, wherein I
> scanned the attachement sent by a friend, found it to be a virus and I
> responded to them informing them they have a virust and they need to get
> their system cleaned before sending anything eles and if they are using an
> always on connection to disconnect from the Internet until they are
certain
> the virus has been removed.
> --
> Michael Solomon MS-MVP
> Windows Shell/User
> Backup is a PC User's Best Friend
> DTS-L.Org: http://www.dts-l.org/
>

We started getting this virus in around 10:00AM EST
and by 5 PM had over 60 copies of it into our mail server.
Not a single copy got through (gotta love Trends ant-virus and eManager).
This perticular worm comes in from the administrator from your domain, not a
friends address.
I can almost gurantee that there are plenty of people out there, a good
portion of my users included,
who would run the attachemnt if it came from . Especially
with
the contents telling them thier was a problem with thier e-mail and to run
the attachement.
Would a corporate user be wrong to distrust an e-mail from thier
administrator?
unfortunetly the answer is no with some of the new viruses going around.


>

Spinner wrote:
>>
>
> We started getting this virus in around 10:00AM EST
> and by 5 PM had over 60 copies of it into our mail server.
> Not a single copy got through (gotta love Trends ant-virus and
> eManager). This perticular worm comes in from the administrator from
> your domain, not a friends address.
> I can almost gurantee that there are plenty of people out there, a
> good portion of my users included,
> who would run the attachemnt if it came from .
> Especially with
> the contents telling them thier was a problem with thier e-mail and
> to run the attachement.
> Would a corporate user be wrong to distrust an e-mail from thier
> administrator?
> unfortunetly the answer is no with some of the new viruses going
> around.
Standard rule of thumb when it comes to viruses and virus protection. Trust
no one. What you mention is why this one is so dangerous, not to mention a
bit ingenious but it points up why viruses propegate so quickly even in or
perhaps especially in a corporate environment.
--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

OR get some program like Spamkiller who looks at mail and allows deleting
prior to downloading from the server.





"Michael Solomon (MS-MVP Windows Shell/User)" > wrote in
message ...
> Preliminary report:
>
>
> There is an extremely dangerous virus spreading called WORM_MIMAIL.A
>
> This spreads via email with a subject that reads:
>
> Subject: your account
>
> The body of the email reads:
>
> Hello there, I would like to inform you about important
>
> information regarding your e-mail address.
>
> This email address will be expiring. Please read attachment for details.
>
> Best regards,
>
> Administrator
>
> Attachment: "message.zip"
>
> The standard warning: NEVER open an email or attachment from someone you
do
> not know or trust.
>
> --
> Michael Solomon MS-MVP
> Windows Shell/User
> Backup is a PC User's Best Friend
> DTS-L.Org: http://www.dts-l.org/
>
>
>

"Malvern" > wrote in message
...
>
> "Ken Blake" > wrote in message
> ...

> > My own personal practice is even more stringent. I almost
never
> > open attachments at all; I make an occasional exception, but
only
> > for an extremely trusted source, who I am confident applies
> > safeguards as good as my own.

> Isn't this rather draconian ? Getting a message with text as
quoted above
> about my account from a friend who has nothing to do with or
knowledge of it
> would raise my suspicions that it was not them but rather a
virus. There
> are going to be a lot of unhappy senders when they learn that
their
> attachments aren't being open. We all need a good use of good
old common
> sense here.


My advice wasn't meant to pertain only to messages about account
status, but to attachments in general.

No, I don't think it's draconian at all; I think it's just
prudent. Everybody with whom I communicate knows that I won't
open attachments because I've told them so; whether or not they
agree with me and follow the same practice, they understand and
respect my reasons for not opening them, and adhere to my wishes
by not sending me attachments.

--
Ken Blake
Please reply to the newsgroup

"Spinner" > wrote in message
news:4yFWa.7743$5f.2422@lakeread05...

> We started getting this virus in around 10:00AM EST
> and by 5 PM had over 60 copies of it into our mail server.
> Not a single copy got through (gotta love Trends ant-virus and
eManager).


I wanted to add another word of caution here. It's fine to use an
anti-virus program; I do so myself. But it's not fine to assume
that you are therefore protected from all viruses. Anti-virus
programs decrease the risk substantially, but they can never
eliminate it entirely, no matter how frequently the company
updates their virus definitions, and no matter how diligent you
are at downloading them promptly.

Whenever a new virus definition is added, it's because that virus
is already out there, and some people have already gotten
infected. If we are lucky it's short, but there is always some
period between the introduction of a virus and its inclusion in
your virus definitions when you are at risk.

Use a good virus checker and keep your definition up-to-date. But
also be prudent in what you open.

--
Ken Blake
Please reply to the newsgroup

www.mailwasher.net , performs the same function and it's free.

--
Curt.
-------------------------------------------------------------------
"Donald Link" > wrote in message
nk.net...
> OR get some program like Spamkiller who looks at mail and allows deleting
> prior to downloading from the server.
>

Ken Blake wrote:
> "Spinner" > wrote in message
> news:4yFWa.7743$5f.2422@lakeread05...
>
>> We started getting this virus in around 10:00AM EST
>> and by 5 PM had over 60 copies of it into our mail server.
>> Not a single copy got through (gotta love Trends ant-virus and
>> eManager).
>
>
> I wanted to add another word of caution here. It's fine to use an
> anti-virus program; I do so myself. But it's not fine to assume
> that you are therefore protected from all viruses. Anti-virus
> programs decrease the risk substantially, but they can never
> eliminate it entirely, no matter how frequently the company
> updates their virus definitions, and no matter how diligent you
> are at downloading them promptly.
>
> Whenever a new virus definition is added, it's because that virus
> is already out there, and some people have already gotten
> infected. If we are lucky it's short, but there is always some
> period between the introduction of a virus and its inclusion in
> your virus definitions when you are at risk.
>
> Use a good virus checker and keep your definition up-to-date. But
> also be prudent in what you open.
Good point and just to add because this has come up a few times, you need to
scan. Simply having an up to date antivirus application is only part of the
protection it offers.

If you don't scan your system regularly and simply let the antivirus sofware
"monitor" your setup you leave yourself open to things that can slip in
before updated definitions were added to your system.

Antivirus protection is not a passive process, it must be active and users
must be proactive.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

Curt wrote:
> www.mailwasher.net , performs the same function and it's free.
>
>> OR get some program like Spamkiller who looks at mail and allows
>> deleting prior to downloading from the server.
Again, neither "Mailwasher" which I use nor spam killer are perfect. They
are additional tools, neither should be used instead of antivirus software
and both require user's active involvement.
--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Michael Solomon (MS-MVP Windows Shell/User)" > wrote in
message ...
> Ken Blake wrote:
> > "Spinner" > wrote in message
> > news:4yFWa.7743$5f.2422@lakeread05...
> >
> >> We started getting this virus in around 10:00AM EST
> >> and by 5 PM had over 60 copies of it into our mail server.
> >> Not a single copy got through (gotta love Trends ant-virus and
> >> eManager).
> >
> >
> > I wanted to add another word of caution here. It's fine to use an
> > anti-virus program; I do so myself. But it's not fine to assume
> > that you are therefore protected from all viruses. Anti-virus
> > programs decrease the risk substantially, but they can never
> > eliminate it entirely, no matter how frequently the company
> > updates their virus definitions, and no matter how diligent you
> > are at downloading them promptly.
> >
> > Whenever a new virus definition is added, it's because that virus
> > is already out there, and some people have already gotten
> > infected. If we are lucky it's short, but there is always some
> > period between the introduction of a virus and its inclusion in
> > your virus definitions when you are at risk.
> >
> > Use a good virus checker and keep your definition up-to-date. But
> > also be prudent in what you open.
> Good point and just to add because this has come up a few times, you need
to
> scan. Simply having an up to date antivirus application is only part of
the
> protection it offers.
>
> If you don't scan your system regularly and simply let the antivirus
sofware
> "monitor" your setup you leave yourself open to things that can slip in
> before updated definitions were added to your system.
>
> Antivirus protection is not a passive process, it must be active and users
> must be proactive.
>
> --
> Michael Solomon MS-MVP
> Windows Shell/User
> Backup is a PC User's Best Friend
> DTS-L.Org: http://www.dts-l.org/
>

I have an active desktop item that is a virus advisory from Trends.
When a new virus is discovered or a new definatiuon is released I useally
know withing the hour.
The first thing I do is have the new defination downloaded and remotly
distributed to our workstations and servers,
which takes under 20 minutes. have all workstations and servers run a full
scan nightly as all are left on 24/7.
This may seem overkill to some, but due to our business model we recieve
hundreds of attachments daily.
Since I have started handeling it this way we have not had a single
infection. I know sooner or later
we WILL get hit as it is just a matter of time, but that will not stop me
from trying to deley it as long as possible.

Spinner wrote:
>> Good point and just to add because this has come up a few times, you
>> need to scan. Simply having an up to date antivirus application is
>> only part of the protection it offers.
>>
>> If you don't scan your system regularly and simply let the antivirus
>> sofware "monitor" your setup you leave yourself open to things that
>> can slip in before updated definitions were added to your system.
>>
>> Antivirus protection is not a passive process, it must be active and
>> users must be proactive.
>>
>> --
>> Michael Solomon MS-MVP
>> Windows Shell/User
>> Backup is a PC User's Best Friend
>> DTS-L.Org: http://www.dts-l.org/
>>
>
> I have an active desktop item that is a virus advisory from Trends.
> When a new virus is discovered or a new definatiuon is released I
> useally know withing the hour.
> The first thing I do is have the new defination downloaded and remotly
> distributed to our workstations and servers,
> which takes under 20 minutes. have all workstations and servers run
> a full scan nightly as all are left on 24/7.
> This may seem overkill to some, but due to our business model we
> recieve hundreds of attachments daily.
> Since I have started handeling it this way we have not had a single
> infection. I know sooner or later
> we WILL get hit as it is just a matter of time, but that will not
> stop me from trying to deley it as long as possible.
It's not overkill at all, it's prudent.
--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

>
> Isn't this rather draconian ? Getting a message with text as quoted
> above about my account from a friend who has nothing to do with or
> knowledge of it would raise my suspicions that it was not them but
> rather a virus. There are going to be a lot of unhappy senders when
> they learn that their attachments aren't being open. We all need a
> good use of good old common sense here.
>
> Malv
>
>

I make sure all my friends and family know that if I'm not expecting the
attachment. I will not open. Or, At least until I've contacted them to make
sure that they actually meant to send it. Then, I scan it with my A/V and
cross my fingers if I open it.

David

"Spinner" > wrote in message =
news:nXTWa.7906$5f.4722@lakeread05...

> I have an active desktop item that is a virus advisory from Trends.
> When a new virus is discovered or a new definatiuon is released I =
useally
> know withing the hour.
> The first thing I do is have the new defination downloaded and remotly
> distributed to our workstations and servers,
> which takes under 20 minutes. have all workstations and servers run a =
full
> scan nightly as all are left on 24/7.
> This may seem overkill to some,


I don't think it's overkill at all.


> but due to our business model we recieve
> hundreds of attachments daily.
> Since I have started handeling it this way we have not had a single
> infection. I know sooner or later
> we WILL get hit as it is just a matter of time, but that will not stop =
me
> from trying to deley it as long as possible.


Absolutely. You are about as careful as possible, but you also recognize =
that there's no such thing as perfection.

--=20
Ken Blake
Please reply to the newsgroup

"Michael Solomon (MS-MVP Windows Shell/User)" > wrote in
message ...
> Again, neither "Mailwasher" which I use nor spam killer are perfect. They
> are additional tools, neither should be used instead of antivirus software
> and both require user's active involvement.
> --
> Michael Solomon MS-MVP
> Windows Shell/User
> Backup is a PC User's Best Friend
> DTS-L.Org: http://www.dts-l.org/
-----------------------------------------------------------------------
Michael,
I agree, no spam shield/killer should ever be the only defense. My post was
not to imply otherwise. A two or three tiered approach is what I would
suggest to everyone.
--
Curt.

No problem, Curt. I just wanted to clarify for others.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Curt" > wrote in message
...
> "Michael Solomon (MS-MVP Windows Shell/User)" > wrote in
> message ...
> > Again, neither "Mailwasher" which I use nor spam killer are perfect.
They
> > are additional tools, neither should be used instead of antivirus
software
> > and both require user's active involvement.
> > --
> > Michael Solomon MS-MVP
> > Windows Shell/User
> > Backup is a PC User's Best Friend
> > DTS-L.Org: http://www.dts-l.org/
> -----------------------------------------------------------------------
> Michael,
> I agree, no spam shield/killer should ever be the only defense. My post
was
> not to imply otherwise. A two or three tiered approach is what I would
> suggest to everyone.
> --
> Curt.
>
>