bogus attachment

Discussion in 'Computer Security' started by Paul Mars, Dec 12, 2004.

  1. Paul Mars

    Paul Mars Guest

    One contact occasionally gets my mail with an attachment. This attachment is
    her MY Documents directory and it contains all her personal files. What
    causes this?

    My virus defs are updated and complete scans find nothing.

    My updated spybot and several other spy apps find nothing.

    I have updated Zone Alarm.

    It must be at the other end, but I find nothing in web searches about this
    threat. If I could find some info, then I could send it to her, Otherwise it
    is just me saying "its not me". She has never gotten this form anyone else.

    help.

    tks,
    Paul
     
    Paul Mars, Dec 12, 2004
    #1
    1. Advertising

  2. Paul Mars

    donnie Guest

    On Sun, 12 Dec 2004 13:15:59 -0500, "Paul Mars"
    <> wrote:

    >
    >One contact occasionally gets my mail with an attachment. This attachment is
    >her MY Documents directory and it contains all her personal files. What
    >causes this?
    >
    >My virus defs are updated and complete scans find nothing.
    >
    >My updated spybot and several other spy apps find nothing.
    >
    >I have updated Zone Alarm.
    >
    >It must be at the other end, but I find nothing in web searches about this
    >threat. If I could find some info, then I could send it to her, Otherwise it
    >is just me saying "its not me". She has never gotten this form anyone else.
    >
    >help.
    >
    >tks,
    >Paul
    >
    >
    >
    >

    ####################
    I would think it's on her end too. Has she tried a different email
    client? What client is she using now?
    donnie.
     
    donnie, Dec 12, 2004
    #2
    1. Advertising

  3. On Sun, 12 Dec 2004 13:15:59 -0500, Paul Mars wrote:

    > One contact occasionally gets my mail with an attachment. This attachment is
    > her MY Documents directory and it contains all her personal files. What
    > causes this?
    >
    > My virus defs are updated and complete scans find nothing.
    >
    > My updated spybot and several other spy apps find nothing.
    >
    > I have updated Zone Alarm.
    >
    > It must be at the other end, but I find nothing in web searches about this
    > threat. If I could find some info, then I could send it to her, Otherwise it
    > is just me saying "its not me". She has never gotten this form anyone else.


    It doesn't have to be at either end. It could be a trick in the
    attachment to link her to her own My Documents directory, without the files
    having ever left her computer. Unless her personal files are very small
    that would have to be one very large attachment to contain everything you
    think it does. Take a look at the size of the attachment. I'd suggest
    putting that thing on a disc and getting someone who knows what they're
    doing to take a look at it. If your friend is going to open email
    attachments she really needs to beef up her security.

    TB
     
    Technobarbarian, Dec 13, 2004
    #3
  4. Paul Mars

    Paul Mars Guest

    oops, I forget to mention she is accessing her mail on the web, using IE.
    Juno account.

    What do you mean: "trick in the attachment" ? I do relize that her files
    may have never left her computer.

    Yea, I told her last time that she needs much more security. Then 2 weeks go
    by with her having no more "apperent" breaches, then it happens again with
    incoming mail from me again.

    I would think that it is occuring to others too.

    Paul
     
    Paul Mars, Dec 13, 2004
    #4
  5. On Sun, 12 Dec 2004 20:44:42 -0500, Paul Mars wrote:

    > oops, I forget to mention she is accessing her mail on the web, using IE.
    > Juno account.
    >
    > What do you mean: "trick in the attachment" ? I do relize that her files
    > may have never left her computer.
    >
    > Yea, I told her last time that she needs much more security. Then 2 weeks go
    > by with her having no more "apperent" breaches, then it happens again with
    > incoming mail from me again.
    >
    > I would think that it is occuring to others too.
    >
    > Paul


    This just one example among many possibilities:
    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=13233

    Here's what I mean by a trick:

    "When choosing its attachment name, the worm looks in the "My Documents"
    folder, which it finds by reading the following registry key:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
    Folders\Personal"

    Unless I was amazingly lucky this probably isn't the worm involved, but
    it's probably something similar to this. A good virus scan of the problem
    attachment will likely yield more clues. A good virus scan of her machine
    is extremely likely to produce more clues. Your friend's machine is likely
    infected with one or more worms. Your machine could be infected. And/or
    it's possible that someone is sending her email with spoofed headers and
    infected attachments. If you read the above example you'll see that the
    problem could be a LOT more serious than annoying attachments. Her privacy
    could have been breached. I don't know how to say it more strongly--both
    of you need to beef up your security.

    Whatever security programs you use they are only as good as the person
    with their finger on the mouse. No one in their right mind opens email
    attachments unless they know *exactly* who it came from and *exactly* what
    it is. Unless I'm _expecting_ it I don't open email attachments from
    friends and sometimes not even then. I've done volunteer work that resulted
    in dozens of infected attachments showing up at my address. When I tried to
    track down the source I found out that the people whose addresses appeared
    on the email had serious infections and resulting problems. I know of a
    church that gets hundreds of infected attachments every month.

    When and if you start doing some research: Norton System Works or
    Anti-Virus, McAfee, Giant Anti-spyware, Pc-Cillin, Spy Sweeper and Ad-aware
    are good starting points. There are many other good ones--everyone has
    their own list. Many of the anti-spyware ads on Google right now are
    crapware and at least one of them is as bad as the infections it claims to
    cure.

    TB
     
    Technobarbarian, Dec 13, 2004
    #5
  6. Paul Mars

    Paul Mars Guest

    "both of you need to beef up your security."

    How should I do this? As mentioned, I currently have:

    Norton AV
    Spybot
    Zone Alarm Firewall
    SpywareBlaster
    Ad-Aware
    Bazooka
    CWShreder
    HiJackThis
    WinPatrol

    And I check all for updates and run them weekly.

    "Whatever security programs you use they are only as good as the person with
    their finger on the mouse. "

    I agree, I have read the complete help file with each app and have searched,
    read, and posted to the related newsgroups.

    btw, Both times the mail that she got from me was truly from me.

    P


    "Technobarbarian" <> wrote in message
    news:przles5gp02q$.1pvi5bsnhzm2x$...
    > On Sun, 12 Dec 2004 20:44:42 -0500, Paul Mars wrote:
    >
    >> oops, I forget to mention she is accessing her mail on the web, using IE.
    >> Juno account.
    >>
    >> What do you mean: "trick in the attachment" ? I do relize that her
    >> files
    >> may have never left her computer.
    >>
    >> Yea, I told her last time that she needs much more security. Then 2 weeks
    >> go
    >> by with her having no more "apperent" breaches, then it happens again
    >> with
    >> incoming mail from me again.
    >>
    >> I would think that it is occuring to others too.
    >>
    >> Paul

    >
    > This just one example among many possibilities:
    > http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=13233
    >
    > Here's what I mean by a trick:
    >
    > "When choosing its attachment name, the worm looks in the "My Documents"
    > folder, which it finds by reading the following registry key:
    >
    > HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
    > Folders\Personal"
    >
    > Unless I was amazingly lucky this probably isn't the worm involved, but
    > it's probably something similar to this. A good virus scan of the problem
    > attachment will likely yield more clues. A good virus scan of her machine
    > is extremely likely to produce more clues. Your friend's machine is likely
    > infected with one or more worms. Your machine could be infected. And/or
    > it's possible that someone is sending her email with spoofed headers and
    > infected attachments. If you read the above example you'll see that the
    > problem could be a LOT more serious than annoying attachments. Her privacy
    > could have been breached. I don't know how to say it more strongly--both
    > of you need to beef up your security.
    >
    > Whatever security programs you use they are only as good as the person
    > with their finger on the mouse. No one in their right mind opens email
    > attachments unless they know *exactly* who it came from and *exactly* what
    > it is. Unless I'm _expecting_ it I don't open email attachments from
    > friends and sometimes not even then. I've done volunteer work that
    > resulted
    > in dozens of infected attachments showing up at my address. When I tried
    > to
    > track down the source I found out that the people whose addresses appeared
    > on the email had serious infections and resulting problems. I know of a
    > church that gets hundreds of infected attachments every month.
    >
    > When and if you start doing some research: Norton System Works or
    > Anti-Virus, McAfee, Giant Anti-spyware, Pc-Cillin, Spy Sweeper and
    > Ad-aware
    > are good starting points. There are many other good ones--everyone has
    > their own list. Many of the anti-spyware ads on Google right now are
    > crapware and at least one of them is as bad as the infections it claims to
    > cure.
    >
    > TB
     
    Paul Mars, Dec 14, 2004
    #6
  7. Paul Mars

    George Guest

    Paul Mars wrote:
    > One contact occasionally gets my mail with an attachment. This attachment is
    > her MY Documents directory and it contains all her personal files. What
    > causes this?
    >
    > My virus defs are updated and complete scans find nothing.
    >
    > My updated spybot and several other spy apps find nothing.
    >
    > I have updated Zone Alarm.
    >
    > It must be at the other end, but I find nothing in web searches about this
    > threat. If I could find some info, then I could send it to her, Otherwise it
    > is just me saying "its not me". She has never gotten this form anyone else.
    >
    > help.
    >
    > tks,
    > Paul
    >
    >
    >
    >
    >

    Her mail client is most likely doing this. The mail client saves the
    attachment as a temporary file on the hard drive (this is normally in
    \windows\temp but can be other places) when the attachment is opened the
    folder that the temporary file is in a assessed to open the
    attachment--sometimes giving the user the ability to scan through all of
    the files in that folder without actually going to that folder the
    normal way. I have seen this many times with pictures, because when you
    open a picture in Windows you have the option to scroll all pictures in
    that directory therefore people think that the attachment had each of
    those pictures. This problem is probably similar.
     
    George, Dec 14, 2004
    #7
  8. Paul Mars

    Paul Mars Guest

    so what caused it and why only with my incoming mail?

    Paul

    "George" <> wrote in message
    news:...
    > Paul Mars wrote:
    >> One contact occasionally gets my mail with an attachment. This attachment
    >> is her MY Documents directory and it contains all her personal files.
    >> What causes this?
    >>
    >> My virus defs are updated and complete scans find nothing.
    >>
    >> My updated spybot and several other spy apps find nothing.
    >>
    >> I have updated Zone Alarm.
    >>
    >> It must be at the other end, but I find nothing in web searches about
    >> this threat. If I could find some info, then I could send it to her,
    >> Otherwise it is just me saying "its not me". She has never gotten this
    >> form anyone else.
    >>
    >> help.
    >>
    >> tks,
    >> Paul
    >>
    >>
    >>
    >>
    >>

    > Her mail client is most likely doing this. The mail client saves the
    > attachment as a temporary file on the hard drive (this is normally in
    > \windows\temp but can be other places) when the attachment is opened the
    > folder that the temporary file is in a assessed to open the
    > attachment--sometimes giving the user the ability to scan through all of
    > the files in that folder without actually going to that folder the normal
    > way. I have seen this many times with pictures, because when you open a
    > picture in Windows you have the option to scroll all pictures in that
    > directory therefore people think that the attachment had each of those
    > pictures. This problem is probably similar.
     
    Paul Mars, Dec 16, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David

    Filtering bogus TCP packets

    David, Jun 3, 2004, in forum: Cisco
    Replies:
    5
    Views:
    1,631
    David
    Jun 3, 2004
  2. John Caruso
    Replies:
    5
    Views:
    4,285
    Phillip Remaker
    Nov 26, 2005
  3. Tina
    Replies:
    3
    Views:
    502
  4. Bill Schowengerdt

    Bogus MS security updates, patches, etc.

    Bill Schowengerdt, Sep 19, 2003, in forum: Computer Support
    Replies:
    12
    Views:
    587
    MaryL
    Sep 19, 2003
  5. Louis

    Bogus Email from "Microsoft?"

    Louis, Sep 20, 2003, in forum: Computer Support
    Replies:
    8
    Views:
    435
    Plato
    Sep 21, 2003
Loading...

Share This Page