Now this is funny - couldn't happen to a nicer bunch of people :)greenspun.com : LUSENET : Current News : One Thread |
There is a God, and he/she has a great sense of humor :)As I mentioned, I just got laid off, and screwed out of my last check, and while they haven't closed my e-mail box yet, I know they've been mirroring all my mail, so they won't loose any bid request, etc, that I get a lot of via e-mail this time of year.
Well, last night, I got a bid request from an odd looking e-mail addy, and the text was a bit strange...
"Hi! How are you? I send you this file in order to have your advice See you later. Thanks"
It had 2 attachments, one what appeared to be a bid doc and another a text file. So I replied back and asked who she was, just in case it was a referal from someone else. This morning, I got an undeliverable message back, which I expected, as the e-mail address looked strange anyway. I scanned the files, but the antivirus software didn't recognize it, so I forwarded the files over to Trendmicro.
Now the giveaway that the file is a virus, besides the bogus e-mail address, is the "bid" ends in .doc.pif
.pif files are just as bad as vbs, exe, and macro viruses. I don't know if it was just targeted at my company, or government contractors in general, to "backdoor" into government systems, or what.
One thing for sure, when those former employers of mine see "bid" they'll open it sure as shit, and I hope it has one hell of a payload :)
I love it... should I feel guilty for not warning them?
-- Anonymous, August 05, 2001
Welllll, not so guilty that it takes the fun out of it! hehe
-- Anonymous, August 05, 2001
$2000 worth of guilty, or whatever the cheque was?
-- Anonymous, August 05, 2001
hee hee hee
-- Anonymous, August 05, 2001
muwahahahaha...(insert Gary Cooper voice here) He sure do work in myster-i-ous ways...
-- Anonymous, August 05, 2001
It's definately an attack of some kind, I don't know the extent of it yet... just got another e-mail, same return addy, same text, but header changed from "Bid 11" to "Fax-Rick Vredenburg-7"... still two files, only this time the .pif file name was changed to match the header...I traced the dsl IP block to another 8(a) in California, Sea Pac Engineering. Both e-mails came about the same time, which suggests an overseas source has hacked the Sea Pac server, and using it to set up other gov contractors out of the SBA ProNet database...
Folks coming in tomorrow seeing back to back e-mails, bid request, then a "confirming" fax number, are very likely to open them.
This is a fairly sophisticated, targeted, attack. If the target is broader than my ex-company, this could be serious...
I sent a copy to trendmicro of the first, will forward this one to them too...
Think I should contact CERT too?
-- Anonymous, August 05, 2001
Let your concience be your guide.
-- Anonymous, August 06, 2001
That sounds like the SirCam virus or worm or whatever it was. I got about five of those on the same day and nuked all of them. I think that's the one where you reboot to get rid of it if you accidentally opened it.
-- Anonymous, August 06, 2001
Oh well, forwarded both to trendmicro, if it's serious, they'll be busy selling the patch tomorrow, not my problem.. :)
-- Anonymous, August 06, 2001
It's not a known virus, I updated and scanned and nada... .pif files load into memory, but they can also alter your registry, infect .com .exe files, modify and delete dll's etc... in other words, raise hell with your computer....My guess is, if it's more than a targeted attack at the company I worked for, we'll be hearing about it tomorrow :)
-- Anonymous, August 06, 2001
Carl, here's how my mind works on things like this. You are in a jam with your present job. Got cheated out of some back pay. And are looking for another job that will pay the bills and give you some pleasure. Then, along comes this email you suspect will create a virus in the system when it's opened. I think you're being "tested" here with a temptation. Not by your company but by the negative forces that love to create conflict and upset things.This is your chance to shine in a positive way. Do whatever you can to block further damage to that computer system. Do it because it's the right response if you wish to remain in the positive arena. If you participate in doing damage to others, either directly or indirectly, you are aligning yourself with the negative forces and you will reap negative rewards. Rise above your upset or anger now. That's my advice. As I said, you *will* get another job offer but it may not be what you want. Staying in the negative camp will virtually assure you of another job that drives you further down a negative path.
That's the way these things work, in my own experience. Remember, we are all on a soul journey here on earth, not one of persoanl gain, power, or control, unless we *choose* the negative way. It's a free- will cosmos. We can go about our journey any way we wish.
-- Anonymous, August 06, 2001
Also, if the co. suspects you did it deliberately, you won't get much of a reference from them if you need it. On the other hand, if oyu call them and say, hey, I think that might be a problem, you might get a better reference than otherwise.
-- Anonymous, August 06, 2001
laying on the guilt trip, are we? LOL
-- Anonymous, August 06, 2001
It's called pragmatism, sweat-breath. :)
-- Anonymous, August 06, 2001
Yeah, I started feeling guilty, so warned them, and the company who's ip was being used to spread it... I still got to relish the thought for a few hours anyway :)
-- Anonymous, August 06, 2001
Bt the way, it was the Sircam virus, but a new varient that Trendmicro couldn't detect.
-- Anonymous, August 06, 2001
Congratulations Carl. I told you before that I thought you had a good soul. And when we feel guilty about something it's just an indication we are struggling with a free-will choice. People who don't feel guilty are completely comfortable with their actions, whether that be a positive or negative deed that they do.
-- Anonymous, August 06, 2001