Pesky virus

Scot L. Harris webid at cfl.rr.com
Fri Jul 23 15:24:03 UTC 2004 

On Fri, 2004-07-23 at 11:14, Michael Sullivan wrote:
> I've got a small problem.  Last week I received in my
> non-espersunited.com email account an email from someone I don't know
> with an .exe file as an attachment.  Naturally I assumed that this was a
> virus, and wrote back to the email address it was from informing them
> that they had a virus.  I've received several similar emails on through
> the week, most were unique but all followed the same format:  One line
> of text and then the attachment link, usually a .exe or a .zip file.  I
> haven't opened any of them, but in the past couple of days I've begun
> seeing them in my espersunited.com email accounts.  I wasn't too worried
> about it until this morning, when I received a message from another SMTP
> server saying that my mail was undeliverable to some person's email
> account.  I looked at the message sent and it was indeed from me, but
> the message body held the same one line and thesame EXE/ZIP file
> attachment as the ones I'd received from multiple sources.  I use
> evolution as my email client.  Could I be infected with this virus?  I
> didn't think Linux was susceptible to virii - only hostile shell
> scripts.  Is there a way I can test if I am infected, and if I am, is
> there a way to find the virus so that I can destroy it?

Most likely you do not have a virus, mainly because most viruses are
written for Windows platforms.  But there are virus (or more properly
trojan) like programs for linux, just not very many.  

It is common practice for virus and spam programs to forge the from
address on any messages sent out.  They will use legitimate addresses
and in some cases the systems receiving those messages will contact the
forged from address telling them they are infected etc.  

For the most part you can just ignore those messages.

Possibly because you wrote back to the sender they collected your email
address and have used it to send out forged emails to others.  They
collect email addresses in many different ways.

However, to check your system you can run the program chkrootkit.  This
program performs a number of tests on your system looking for known
rootkits and exploits.

You may also want to load tripwire on your system.  It won't let you
know if your system is currently compromised, but it will let you know
when critical files get changed on your system.  It is a little finicky
to setup the first time but once it is in place it will report when
config files get changed or libraries are modified or even when log
files get truncated.  

You may also want to look at spam filters such as spamassassin that can
identify such emails and isolate them so you don't get them in your
inbox.

  
-- 
Scot L. Harris
webid at cfl.rr.com

if it GLISTENS, gobble it!!

More information about the users mailing list