Re: [gardeners] virus heads-up

George Shirley (
Thu, 21 Aug 2003 14:52:00 -0500

And, as I was answering Margaret's question, those are file extensions
and she had said she had only seen ISP extensions before. The virus
cannot find addresses in those files with those extensions unless they
exist there but the virus can mimic such files to entice you to open them.

See Jeanne's message for more clarification.


Janni wrote:
> No, George, the virus FINDS addresses in those files with those 
> extensions. Those aren't the extensions that get attached to email. The 
> most common ones that get attached are: pif, scr, exe, bin.
> Janni
> At 10:46 AM 8/21/03 -0500, you wrote:
>> Actually all those extensions look more like file extensions than 
>> address extensions, at least to me.
>> Margaret, you need to update your AV at least weekly, normally only 
>> takes a minute or less with your high speed connection, and is well 
>> worth the effort. I do it myself, every Friday at 0800, just to be 
>> sure it is done. Run the AV before updating, do scandisk, check all 
>> the files, and, so far, have never had a virus. Of course I run Zone 
>> Alarm as my firewall all the time, with MailWasher to catch the spam 
>> which is deleted, bounced, and blacklisted.
>> If your computer is always connected you absolutely must have a good 
>> firewall and good AV protection.
>> George
>> Margaret Lauterbach wrote:
>>> Thanks, Terry, but this is part of what is so confusing about 
>>> computers to me.  I've never encountered any e-mail addresses with 
>>> those kinds of extensions.  The only e-mail addresses I've seen have 
>>> extensions of .com, .net, or .country abbreviation.  Or does this 
>>> worm hit e-mail addresses of people who visit or open URLs with those 
>>> extensions?
>>> Frankly, I've been baffled because my carrier (DirecWay) sent me an 
>>> alarm, telling me to go to Microsoft, etc., and I went there and 
>>> there's nothing about worms or viruses or threatening clouds.  I 
>>> tried to go to home users part, but that was taking longer than I 
>>> wanted to sit. I went back to Microsoft later, and all I could see 
>>> was that they were offering upgrades of Messenger, something like 
>>> Direct 9 or something like that, music and video upgrades.  I'm not 
>>> interested in any of that, so I got out. I scanned my system, and 
>>> Norton says it's clean.  I went back to Norton and asked if there 
>>> were any downloads I should have, and they said 4, showed 3, and I 
>>> downloaded those.  Everything is off, just a little.  Grrr.  I think 
>>> fall's coming early this year. What do you think?  Margaret L
>>>> Nope, it's a totally different one.  Here is a little of what 
>>>> Symantec says
>>>> about it:
>>>> W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends 
>>>> itself to
>>>> all the email addresses it finds in the files that have the following
>>>> extensions:
>>>> .dbx
>>>> .eml
>>>> .hlp
>>>> .htm
>>>> .html
>>>> .mht
>>>> .wab
>>>> .txt....
>>>> To read more about it you can go to:
>>>> It was upgrade to a class 3 threat and it can also steal secure 
>>>> information
>>>> including passwords.
>>>> Terry