Attention!! Someone sending mysterious files to forum users.

[Drewus 0]

Around a month ago i recieved an e-mail from an anonymous person.

They sent me the following message:

=========================================================

*** Subject: Ting ***

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

==========================================================

The name of the attachment is Ting.doc.pif (157696 bytes)

At the time i thought better than to open it and deleted it straight away.

Then yesterday i recieved an e-mail from Bloodshot and he pointed out that someone had sent him an e-mail with the EXACT same content in it and the EXACT same file.

At the moment i'm not sure if this is a virus or someone asking for legitimate help but it seems like it is going around the official forum community so I thought i better let everyone know.

If the person who is sending this file is reading this, and is sending the file and really asking for help, can they atleast post a message here and let me know? It makes it a bit easier and reassuring to know who i am talking to and who is sending me mysterious files.

As for the persons e-mail address i'm keeping it secret, just in case this person is innocent and recieves flame mails from immature kids.

Thanx.

[SpaceAlex 0]

Man. This is a virus. A bad virus. I forget a name, but i know that it's very dangerous. I get this message too. I delete it, and i the virus was not able to do any harm to me. If you open this file, that mean, that virus is already on your computer.

I didn't get the file, these days. I get the file week or month ago.

[unholy chosen one 1]

i checked some virus databases and havent found anything on this one you should try to contact the sender or his isp to make sure its a legit user. if hes for real he probably would reply and hopefully explain it. but virus's come out more often than most people change their minds.

[Hasha 2]

I also received the file about 2 month ago and deleted it strainght away. The sender is trying to fool people to think that it is a doc file by the unique way of naming it.

Just do not open and suspicious files!

[MajHavoc 0]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote </td></tr><tr><td id="QUOTE">Quote: from Hasharajima on 1:52 am on Nov. 22, 2001

I also received the file about 2 month ago and deleted it strainght away. The sender is trying to fool people to think that it is a doc file by the unique way of naming it.

Just do not open and suspicious files!<span id='postcolor'>

I have Outlook delete attachments, PERIOD. If a friend wants to send me a file s/he knows how to get ahold of me.

/0

Maj

[ufo_hk 1]

Drewus - definity a virus and likely from some one on these forums, myself and a couple of others have received the same and only via email addresses we use here.

It's a very weak prank can that be easily IDed, since all the attachments have the double file extension.

[Mister Frag 0]

That's the SIRCAM virus. It carries its own SMTP engine and doesn't depend on a separate e-mail program to propagate.

The idiot who ran the program it comes in probably has no idea he/she has it. I doubt that this thing is targeting forum users, I has no way of extracting e-mail addresses from the user profiles.

[suchey 0]

This is the Sircam virus....the people that you are getting it from dont even know they have it in most cases...once the file is opened and the computer is infected...it sends itself to other in your address book...if you dont open the attachemnt, you wont get it...so best to just delete it straight away. Here is info:

http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360

[Aaron Kane 0]

CHRIST! I was receiving TONS of these up until a few days ago! And I mean TONS! I'd leave for school with an empty mailbox, and come back with up to 200 of the d*amn things!

Fortunatly, I never opened up, downloaded, looked at or messed with the e-mail once I saw a file attached and didnt know who the #### it was.

[Drewus 0]

Well, it looks like it is a virus. Like it is pointed out, DONT open it.

I have sent an email to the guy responsible but i didn't get a reply (that was over a month ago).

Everyone try to keep this message at the top of the forum just so others know about it.

[unholy chosen one 1]

that being the case you should definatley get a hold of the senders isp. it wont stop them but it can make life a little more difficult.

[Bloodshot 0]

Thanks Suchey for that link to

http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360

I just visited this site and under the heading "PAYLOAD - What can this virus do?" it says:

"The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder and attempts to send copies of these documents to email recipients found in the Windows Address Book and addresses found in cached files."

So this virus doesn't seem to damage your software, but is in fact a form of Spyware and gives outsiders access to your art or photo files!

Drewus you're to nice a fella! I have to disagree about defending the identity of this person! A case of being "Cruel to be Kind" here! If that person is innocent, then showing these details will let him know he has a virus. He still has the option of coming forward here to defend himself otherwise!

Here are the details I have of the sender:

hermitian at

hermitianho@yahoo.com.tw

Other properties of the Email were:

Received: from  matrix.seed.net.tw (matrix.seed.net.tw [192.72.81.219])

and

Received: from [211.74.134.144] (helo=hermitianho) by mail.seed.net.tw with smtp (SEEDNet Mail Server v2.316f) id 1664rw-000IK5-00

The "offending" file attachment is called:

Ting.doc.pif and is 157696 bytes in size!

With a source name that contains the words "MATRIX" and "SEED", it just sounds like trouble to me, and I doubt it was innocent!

[Devil 0]

This is a very known virus and it has different titles. If the message says:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

Then delete it. When you download it, it sends out the file to random addresses.

Those stupid morons download an EXE file and run it!

LoL!

[suchey 0]

I have heard reports that the Hybris virus is also traveling via this delivery method...the best method of action is to contact the users ISP...the ISP will probably be running UNIX mail servers which are imune to this type of item...so they may request a copy of the mail...in any case, provide the ISP with as much info as possible...in most cases, they will take action which will require the user to remove the virus. The people you are receiving this mail from most likley dont know they have it...but most will not admit it if you call them on it as the only way they will get it is if they were trying to see the implied porn which was supposedly attached. So if nothing else, its funny to laugh at them for trying to look at the naked snow white stuff

[Drewus 0]

Bloodshot, i was just covering up their e-mail address just in case they were innocent. Now it seems they are infact sending out a virus so by all means, share the persons details

[WebDog 0]

It's a SirCam virus..pretty nasty....you didn't open it...right?

[Drewus 0]

BUMP!

[Albert Schweitzer 10]

Oh I love it. I got an old independant Pentium 200 standing in the corner of our cellar. Whenever I get such thing I save it on a disk or burn it on a CD, go down into the cellar and open it on my old s**tty computer. I can tell you this old machine is having a hard time, it is already infected with some realy bad bad ones and it is fun to watch it Uploading. But it is still doing a good job. I need some more heavy viruses to make the screen apear black.

I know it is not fair to treat it that way since it served me for many years.

I dont open any attachement on my new computer.

[Maldita Vecindad 1]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote </td></tr><tr><td id="QUOTE">Quote: from Albert Schweizer on 6:09 pm on Nov. 23, 2001

Oh I love it. I got an old independant Pentium 200 standing in the corner of our cellar. Whenever I get such thing I save it on a disk or burn it on a CD, go down into the cellar and open it on my old s**tty computer. I can tell you this old machine is having a hard time, it is already infected with some realy bad bad ones and it is fun to watch it Uploading. But it is still doing a good job. I need some more heavy viruses to make the screen apear black.

I know it is not fair to treat it that way since it served me for many years.

I dont open any attachement on my new computer.<span id='postcolor'>

please man... let her die... she has serve you well....

stop the torture of old pcs!!!!!!

[Albert Schweitzer 10]

You know, the people that send the viruses should do that too. They finally would get the sick satisfaction to hurt somebody without anoying us. And it is realy very anoying, viruses have killed so many of my very nice old letters. I even found one that corrupts *.sav files (game-saves). Now that is anoying.

[Guest]

To the original poster: This is a highly "lethal" virus. I had about 4 of those messages in my in box yesterday, they all had different names, but it contained the same text (I need help with this file ...blabla...) I deleted all of them. Again, it's one of the most lethal viruses around.

[Albert Schweitzer 10]

What does it do, I mean it must have a target. Which files does it look for, which programs does it use.....?

[Guest]

It spreads files all over your hard-disk. Once you've d/l'ed the file, the computer freezes, if you press ctrl-alt-del you'll loose your hard-disk, if you press reset, you wont be able to restart again.

[Guest]

Oh, and it also sends the file to every person in your adress list.

[Albert Schweitzer 10]

Ops

How rude!

(Edited by Albert Schweizer at 6:49 pm on Nov. 23, 2001)