Computer Help forum

General discussion

Security problem

by grandpaw7 / March 11, 2004 2:42 AM PST

Two emails showed up in my Hotmail inbox this morning that I don't understand and don't know how to deal with.

One was from the postmaster advising that delivery of "my" email to herron@paradiglmtech.com failed. But I never sent any email to that address. The email showed the following as the email in question:

"From :
<grandpaw7@hotmail.com>

To :
herron@paradigmtech.com

Subject :
Re: Your archive

Sent :
Thursday, March 11, 2004 9:42 AM

Attachment : DELETED0.TXT (160 bytes)
Your document is attached."

When I tried to open the attachlment, I got this:

"File attachment: your_archive.pif
The file attached to this email was removed
because the file name is not allowed."

The second was from P2SPAM_GW@p2es.com to lmy email address, grandpaw7@hotmail.com. It said:

"Content violation found in email message.

From: grandpaw7@hotmail.com
To: herron@paradigmtech.com

File(s): your_archive.pif

Matching filename: *.pif"

I have no idea what this is all about. I feel like I should report this to someone but I don't find a way to contact hotmail about it. (Maybe all I need to do is to change my password.)

Anyone have any thoughts about what I should do? Thanks, Jerry

Discussion is locked
You are posting a reply to: Security problem
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Security problem
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Do nothing. Just delete the message.
by Kees Bakker / March 11, 2004 2:53 AM PST
In reply to: Security problem

Modern viruses and worms (and they florish at the moment) when sending themselves by e-mail to others from some computer take any email-address found on that computer and fake that that address is the sender of the message. In these case some virus picked your address.

The receiver (or the receivers ISP) sees the message contains a virus and and is kind enough to notify the assumed 'sender'.

That's all that is. There's nothing you can do about it and it isn't your fault at all.

Kees

Collapse -
Re:Security problem
by Grif Thomas Forum moderator / March 11, 2004 3:54 AM PST
In reply to: Security problem

Jerry,

Kees is exactly correct. Delete the messages as they had "spoofed" sender lines and were viruses sent from another computer that had your e-mail address on it. The response on both was an indication that the ISP of the receiver blocked the infected message.

My main concern here is this..WHY DID YOU try to open the attachment? You didn't know who this was from....You had concerns about it being a problem....Delete it without question. Most of the new viruses, including (Look at the attachment names in Netsky.D) and Bagle/Beagle viruses may have double file extensions that look like text files but aren't. The .pif file extension is one of those used by viruses to immediately execute the infection.

If you just felt adventurous, OK, but you are taking a chance that the machine will get infected. Your choice.

Hope this helps.

Grif

Collapse -
A few remarks.
by Kees Bakker / March 11, 2004 4:57 AM PST
In reply to: Security problem

1. I thought hotmail is doing a virus check on mails? They are supposed to have more recent virus definitions than most hotmail-users, so I should feel reasonaly safe to trust them.

2. I've set Explorer to show all file extensions, so a wicked attachment name shows up in Outlook express as filename.txt.pif. I prefer seeing it this way in Explorer (I'm from MS-DOS times), but I find this a definite advantage. I've never checked in hotmail (my children won't give me their password!), but I think they send the whole page, including filenames of attachments, as html-text to the browser. I would be rather stupid if they don't use the full filename (like filename.txt.pif).

3. And, of course, error messages from postmaster and the like, always are something like 'ATT0001.DAT', telling me the username doesn't exist or any other reason to refuse my mail. I've never thought it dangerous to open such a file of a few 100 bytes at most. Is that a wrong thought?


Kees

Collapse -
Re:A few remarks.
by Grif Thomas Forum moderator / March 11, 2004 8:51 AM PST
In reply to: A few remarks.

Kees,

Just some thoughts on your remarks...LOL...

1. On the McAfee forums, when the Netsky virus first came out, both Yahoo and Hotmail had a "few" of the infected zip files sneak by. The .zip file extension was previously "allowed" and it took them a while to figure out what they wanted to do with it. Most viruses are very similar. It's a game of 'catch up'. So, although Hotmail and other webmail sites that have antivirus scanners are usually a good bet, it's never a sure thing.

2. Like you, I also set the computer to "Show all File Extensions". It's much safer and gives the user a lot more information to work with. Unfortunately, not all users have their computer set in such a manner. It's the very reason that many of the viruses are engineered with double file extensions.

3. IF you know exactly what you are looking for, and are extremely familiar with the attributes of files and how virus messages are constructed, you can usually figure out which text files are "real" and which ones aren't. Once again, not all users have the ability to decide. I work with infected attachments quite a bit, and I still make sure to scan the file before opening it. There are a number of viruses which use the "Postmaster" return trick to lure the user into opening the message or the attachment which will infect the computer. (Klez is a big one that comes to mind.) You've been doing this long enough that you may have enough knowledge to safely open a small text file. I'm not sure most have that same knowledge.

Hope this helps and thanks for your comments.

Grif

Collapse -
MY THANKS TO GRIF AND KEYS
by grandpaw7 / March 11, 2004 10:48 AM PST
In reply to: Security problem

Grif, when Hotmail said there was no virus in the attachment, I figured it was safe to open it and perhaps get a better idea of what was going on. It wasn't till I opened the attachment that Hotmail told me the attachment was deleted. Also, I just wasn't as well informed as I now am. I was wondering if somehow someone had gotten the ability to use my Hotmail account. Much thanks, gentlemen.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.