Author: Peter Skinner
Date: 10:34:24 04/28/04
Go up one level in this thread
On April 28, 2004 at 09:59:58, Zheng Zhixian wrote: >On April 27, 2004 at 16:41:50, Peter Skinner wrote: > >>On April 27, 2004 at 15:36:22, Christophe Theron wrote: >> >>>On April 27, 2004 at 13:04:14, Peter Skinner wrote: >>> >>>>On April 27, 2004 at 09:20:26, Günther Simon wrote: >>>> >>>>>"Return-Path: <icd@icdchess.com> >>>>>Received: from marek.org ([213.173.216.226]) by mailin06.sul.t-online.de" >>>>> >>>>>marek.org seems to be a strange site BTW... >>>>>http://www.marek.org/ >>>>> >>>>>Günther >>>> >>>>I have recieved the same. Someone on the board probably has ICD Chess in their >>>>address book, and it is sending to everyone in it. >>>> >>>>Just in case I ever do get a worm virus it isn't going anywhere. Just create a >>>>new contact in your address book with the name 0000, and no email address. It >>>>stops the virus from proceeding. >>>> >>>>Peter. >>> >>> >>> >>>I don't see why it would stop a virus from proceeding with the next entry in >>>your address book. >>> >>>Urban legend? Hoax? >>> >>> >>> >>> Christophe >> >>Most worm virii look for a "person" and an "address" in the address book. When >>the 0000 user is put in you will notice it tops the list in the book, and when >>the virii can not see both criteria it stops, thinking the book is empty. >> >>This is an "old school" trick from when the Melissa virus was circulating and >>still holds true today. There are exceptions to every rule, but for 99.9% of the >>email worms out there it is very effective. >> >>In McAfee version 4 I believe it used to create the 0000 user account >>automatically, but so many people though a virus had done it and McAfee didn't >>stop it, there was a huge decline in business. McAfee of course removed that >>"feature" with the 4.01 patch :) >> >>I will dig around the Symantec website for the actual artical explaining this in >>more detail and post it here. Hopefully I can still find it. >> >>I install the 0000 account on every single computer I work on with the clients I >>service. And the stats do not lie. While the computer maybe infected, there is >>no extra traffic leaving the workstations, thus limiting the damage the virii >>can do. >> >>Like I sad I will dig around and post an actual article that details it more. > > >Like these? > >http://antivirus.about.com/cs/hoaxes/p/000tip.htm >http://vil.nai.com/vil/content/v_99213.htm > >I agree with Christophe Theron, I would be worried if someone "knowledgable" >like yourself was providing security advice to me. There you see it as the !0000 account. Being a non-typical format for a name or even an email address, any worm would stick over it being that it is not valid. The 0000 trick in fact works. I have seen it work many times where I can not control infection, I can contain damage. Read my posts below and you will see what I mean. Peter
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.