bogus attachment

One contact occasionally gets my mail with an attachment. This attachment is
her MY Documents directory and it contains all her personal files. What
causes this?

My virus defs are updated and complete scans find nothing.

My updated spybot and several other spy apps find nothing.

I have updated Zone Alarm.

It must be at the other end, but I find nothing in web searches about this
threat. If I could find some info, then I could send it to her, Otherwise it
is just me saying "its not me". She has never gotten this form anyone else.

help.

tks,
Paul

Paul Mars

On Sun, 12 Dec 2004 13:15:59 -0500, "Paul Mars"
<> wrote:

>
>One contact occasionally gets my mail with an attachment. This attachment is
>her MY Documents directory and it contains all her personal files. What
>causes this?
>
>My virus defs are updated and complete scans find nothing.
>
>My updated spybot and several other spy apps find nothing.
>
>I have updated Zone Alarm.
>
>It must be at the other end, but I find nothing in web searches about this
>threat. If I could find some info, then I could send it to her, Otherwise it
>is just me saying "its not me". She has never gotten this form anyone else.
>
>help.
>
>tks,
>Paul
>
>
>
>
####################
I would think it's on her end too. Has she tried a different email
client? What client is she using now?
donnie.

donnie

On Sun, 12 Dec 2004 13:15:59 -0500, Paul Mars wrote:

> One contact occasionally gets my mail with an attachment. This attachment is
> her MY Documents directory and it contains all her personal files. What
> causes this?
>
> My virus defs are updated and complete scans find nothing.
>
> My updated spybot and several other spy apps find nothing.
>
> I have updated Zone Alarm.
>
> It must be at the other end, but I find nothing in web searches about this
> threat. If I could find some info, then I could send it to her, Otherwise it
> is just me saying "its not me". She has never gotten this form anyone else.

It doesn't have to be at either end. It could be a trick in the
attachment to link her to her own My Documents directory, without the files
having ever left her computer. Unless her personal files are very small
that would have to be one very large attachment to contain everything you
think it does. Take a look at the size of the attachment. I'd suggest
putting that thing on a disc and getting someone who knows what they're
doing to take a look at it. If your friend is going to open email
attachments she really needs to beef up her security.

TB

Technobarbarian

oops, I forget to mention she is accessing her mail on the web, using IE.
Juno account.

What do you mean: "trick in the attachment" ? I do relize that her files
may have never left her computer.

Yea, I told her last time that she needs much more security. Then 2 weeks go
by with her having no more "apperent" breaches, then it happens again with
incoming mail from me again.

I would think that it is occuring to others too.

Paul

Paul Mars

On Sun, 12 Dec 2004 20:44:42 -0500, Paul Mars wrote:

> oops, I forget to mention she is accessing her mail on the web, using IE.
> Juno account.
>
> What do you mean: "trick in the attachment" ? I do relize that her files
> may have never left her computer.
>
> Yea, I told her last time that she needs much more security. Then 2 weeks go
> by with her having no more "apperent" breaches, then it happens again with
> incoming mail from me again.
>
> I would think that it is occuring to others too.
>
> Paul

This just one example among many possibilities:
http://www3.ca.com/securityadvisor/v....aspx?id=13233

Here's what I mean by a trick:

"When choosing its attachment name, the worm looks in the "My Documents"
folder, which it finds by reading the following registry key:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell
Folders\Personal"

Unless I was amazingly lucky this probably isn't the worm involved, but
it's probably something similar to this. A good virus scan of the problem
attachment will likely yield more clues. A good virus scan of her machine
is extremely likely to produce more clues. Your friend's machine is likely
infected with one or more worms. Your machine could be infected. And/or
it's possible that someone is sending her email with spoofed headers and
infected attachments. If you read the above example you'll see that the
problem could be a LOT more serious than annoying attachments. Her privacy
could have been breached. I don't know how to say it more strongly--both
of you need to beef up your security.

Whatever security programs you use they are only as good as the person
with their finger on the mouse. No one in their right mind opens email
attachments unless they know *exactly* who it came from and *exactly* what
it is. Unless I'm _expecting_ it I don't open email attachments from
friends and sometimes not even then. I've done volunteer work that resulted
in dozens of infected attachments showing up at my address. When I tried to
track down the source I found out that the people whose addresses appeared
on the email had serious infections and resulting problems. I know of a
church that gets hundreds of infected attachments every month.

When and if you start doing some research: Norton System Works or
Anti-Virus, McAfee, Giant Anti-spyware, Pc-Cillin, Spy Sweeper and Ad-aware
are good starting points. There are many other good ones--everyone has
their own list. Many of the anti-spyware ads on Google right now are
crapware and at least one of them is as bad as the infections it claims to
cure.

TB

Technobarbarian

"both of you need to beef up your security."

How should I do this? As mentioned, I currently have:

Norton AV
Spybot
Zone Alarm Firewall
SpywareBlaster
Ad-Aware
Bazooka
CWShreder
HiJackThis
WinPatrol

And I check all for updates and run them weekly.

"Whatever security programs you use they are only as good as the person with
their finger on the mouse. "

I agree, I have read the complete help file with each app and have searched,
read, and posted to the related newsgroups.

btw, Both times the mail that she got from me was truly from me.

P


"Technobarbarian" <randomcanyon-> wrote in message
newsrzles5gp02q$.1pvi5bsnhzm2x$... .
> On Sun, 12 Dec 2004 20:44:42 -0500, Paul Mars wrote:
>
>> oops, I forget to mention she is accessing her mail on the web, using IE.
>> Juno account.
>>
>> What do you mean: "trick in the attachment" ? I do relize that her
>> files
>> may have never left her computer.
>>
>> Yea, I told her last time that she needs much more security. Then 2 weeks
>> go
>> by with her having no more "apperent" breaches, then it happens again
>> with
>> incoming mail from me again.
>>
>> I would think that it is occuring to others too.
>>
>> Paul
>
> This just one example among many possibilities:
> http://www3.ca.com/securityadvisor/v....aspx?id=13233
>
> Here's what I mean by a trick:
>
> "When choosing its attachment name, the worm looks in the "My Documents"
> folder, which it finds by reading the following registry key:
>
> HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shell
> Folders\Personal"
>
> Unless I was amazingly lucky this probably isn't the worm involved, but
> it's probably something similar to this. A good virus scan of the problem
> attachment will likely yield more clues. A good virus scan of her machine
> is extremely likely to produce more clues. Your friend's machine is likely
> infected with one or more worms. Your machine could be infected. And/or
> it's possible that someone is sending her email with spoofed headers and
> infected attachments. If you read the above example you'll see that the
> problem could be a LOT more serious than annoying attachments. Her privacy
> could have been breached. I don't know how to say it more strongly--both
> of you need to beef up your security.
>
> Whatever security programs you use they are only as good as the person
> with their finger on the mouse. No one in their right mind opens email
> attachments unless they know *exactly* who it came from and *exactly* what
> it is. Unless I'm _expecting_ it I don't open email attachments from
> friends and sometimes not even then. I've done volunteer work that
> resulted
> in dozens of infected attachments showing up at my address. When I tried
> to
> track down the source I found out that the people whose addresses appeared
> on the email had serious infections and resulting problems. I know of a
> church that gets hundreds of infected attachments every month.
>
> When and if you start doing some research: Norton System Works or
> Anti-Virus, McAfee, Giant Anti-spyware, Pc-Cillin, Spy Sweeper and
> Ad-aware
> are good starting points. There are many other good ones--everyone has
> their own list. Many of the anti-spyware ads on Google right now are
> crapware and at least one of them is as bad as the infections it claims to
> cure.
>
> TB

Paul Mars

Paul Mars wrote:
> One contact occasionally gets my mail with an attachment. This attachment is
> her MY Documents directory and it contains all her personal files. What
> causes this?
>
> My virus defs are updated and complete scans find nothing.
>
> My updated spybot and several other spy apps find nothing.
>
> I have updated Zone Alarm.
>
> It must be at the other end, but I find nothing in web searches about this
> threat. If I could find some info, then I could send it to her, Otherwise it
> is just me saying "its not me". She has never gotten this form anyone else.
>
> help.
>
> tks,
> Paul
>
>
>
>
>
Her mail client is most likely doing this. The mail client saves the
attachment as a temporary file on the hard drive (this is normally in
\windows\temp but can be other places) when the attachment is opened the
folder that the temporary file is in a assessed to open the
attachment--sometimes giving the user the ability to scan through all of
the files in that folder without actually going to that folder the
normal way. I have seen this many times with pictures, because when you
open a picture in Windows you have the option to scroll all pictures in
that directory therefore people think that the attachment had each of
those pictures. This problem is probably similar.

George

so what caused it and why only with my incoming mail?

Paul

"George" <> wrote in message
news:...
> Paul Mars wrote:
>> One contact occasionally gets my mail with an attachment. This attachment
>> is her MY Documents directory and it contains all her personal files.
>> What causes this?
>>
>> My virus defs are updated and complete scans find nothing.
>>
>> My updated spybot and several other spy apps find nothing.
>>
>> I have updated Zone Alarm.
>>
>> It must be at the other end, but I find nothing in web searches about
>> this threat. If I could find some info, then I could send it to her,
>> Otherwise it is just me saying "its not me". She has never gotten this
>> form anyone else.
>>
>> help.
>>
>> tks,
>> Paul
>>
>>
>>
>>
>>
> Her mail client is most likely doing this. The mail client saves the
> attachment as a temporary file on the hard drive (this is normally in
> \windows\temp but can be other places) when the attachment is opened the
> folder that the temporary file is in a assessed to open the
> attachment--sometimes giving the user the ability to scan through all of
> the files in that folder without actually going to that folder the normal
> way. I have seen this many times with pictures, because when you open a
> picture in Windows you have the option to scroll all pictures in that
> directory therefore people think that the attachment had each of those
> pictures. This problem is probably similar.

Paul Mars