View Full Version : virus warning

jean sterling
September 9th, 2002, 02:11 PM
My anti-virus software just intercepted a virus from "breastroker". This may be a result of my particpation here, or it could be the result of my looking in on rec.sport.swimming on occasion. Whatever, I felt I should post this warning.

September 9th, 2002, 03:11 PM
Yes, the W32/KLEZ virus variants are still running rampant in the swimming community. I get about 40 infected emails a day (16 so far today and counting). Many of the infected emails being sent out appear to come from my email address or webmaster alias or from Tracy Grilli (usms email address). They are NOT from us. If you receive an unexpected message that appears to be from one of us, DON'T open the attachment, especially if the subject of the email doesn't make sense. This virus sends itself out from infected computers and fills in the FROM and TO fields in the outgoing messages using random email addresses gathered from the address book and from recently visited web pages. Since our email addresses appear at the bottom of most usms.org web pages, many virus-infected emails are being sent from infected computers that have visited the USMS web site. The FROM address in these emails is frequently spoofed to look like it came from one of us.

Anyone interested in trying to figure out where an infected email came from can examine the full mail headers of the message to try to determine it's origin. There are instructions on how to view the full mail headers using a number of popular email programs at http://ncfs.ucf.edu/Viewing%20Email%20Headers%20Instructions.pdf . When examining the headers, usually the LAST Received: line in the header (which is the first one chronologically) will identify what mail server the message was originally sent through. The Return-Path line in the headers is also sometimes reliable for identifying the originating account, although it seems that this line can not be trusted from any mail originating from an AOL server, among others. While the Received: lines in the header can be spoofed also, they are not spoofed as often as others. Do not trust the FROM field - it is very easily spoofed.

Jean, if the infected mail came to your usms.org email address, that probably means that the infected computer recently visited our on line member directory. We are looking into ways to help prevent the spread of viruses and email spam as a result of these listings. Congratulations on having up-to-date virus protection to help stop the spread.

Here are some things that EVERYONE can and should do to help control the spread of viruses:

1) Install an effective anti virus program and keep it up-to-date. Personally I use McAfee VirusScan with the automatic update notifications. Works like a charm.

2) NEVER open an attachment to an email unless it comes from a trusted party and you are sure that they meant to send it (ask them or just delete the message if you're not sure).

3) On Windows machines, make sure that you have all the updates installed for Windows and for your email program. Go to Windows Update in the start menu to find these updates. Microsoft has fixed a number of security holes in Windows, Outlook, and Outlook Express over the years. They make updates available to download for free via the Windows Update system.