We have been receiving a number of viruses at the @pocketpcthoughts.com aliases and I have to assume at least some of those are coming from our readership that have us in their contact databases. We've even received one from that purported to be from a reputable Windows CE software company. These are the ones from the <a href="http://vil.nai.com/vil/content/v_100429.htm">W32/Sobig</a> family and generally have a .PIF or .ZIP attachment with any number of subjects.<br /><br />• Movie<br />• Remember last night when...? :roll:<br />• Please see the attached zip file for details.<br /><br />These viruses generally require you to open and execute them, but even if you did, your AV software company has had detection files available for months now.<br /><br />So please, if you receive a file from a friend that you weren't expecting, contact them. Chances are, they will have no idea what you are talking about. If you just can't resist the urge to run the attachment, please make sure your anti-virus software is up to date.

There is one complication to contacting your friends, though: some variants of the Sobig worm forge the "From" address by picking another random address from your addressbook. So, just to be sure, contact all your friends to make sure their antivirus definitions are up-to-date. :)

--janak

Outbreak is probably the #1 virus vector.

I hate it I hate it I hate it.

But I have no other choice for a desktop repository for my iPaq, or do I? I would infinitely prefer to use even Palm desktop... that isn't possible, is it?

Exactly! That's what makes these viruses to hard to squash - when I get one from someone I know, it could be their computer that is infected, or just someone who has them in their address book - there's no way to tell. 8O

Outbreak is probably the #1 virus vector.
Outlook has had its own share of vulnerabilities, but this worm can affect anyone. It's a ZIP attachment that you must open and run the contents of to get infected. You'd be surprised at the number of people who do that. Moreover, patched versions of Outlook 2000 (i.e., SP3) and Outlook 2002 (i.e. SP2) are quite safe. Go to http://office.microsoft.com and run the Product Updates wizard (make sure you have your CD handy) if you haven't already.

But what does this have to do with desktop syncing? You aren't forced to use Outlook for email if all you want to do is sync with your Pocket PC (unless you want ActiveSync-based email syncing as well).

--janak

Next thing you know, you guys will be reminding us to do backups. Heaven knows we all do that regularly also. I mean, does basic computer maintenance still need to be explained? :lol:

[/Sarcasm off]

Next thing you know, you guys will be reminding us to do backups. Heaven knows we all do that regularly also. I mean, does basic computer maintenance still need to be explained? :lol:
We have reminded people to do backups! :lol: Check out this (http://www.pocketpcthoughts.com/forums/viewtopic.php?t=11840) or this (http://www.pocketpcthoughts.com/forums/viewtopic.php?t=9461).

We're here to take care of ya... ;)

--janak

The older Sobig.C had caught us a bit off-guard w/ our lax routines http://www.emailaddresses.com/forum/showthread.php?s=&threadid=13543 :oops:

And now this http://www.emailaddresses.com/forum/showthread.php?s=&threadid=14122

It's a ZIP attachment that you must open and run the contents of to get infected. You'd be surprised at the number of people who do that.
That is what gets me about this round of emails. This is pure stupidity launching these things. Not one shred of common sense. Sorry if that offends someone, but tough. I never run .EXEs I get in emails. Ever. Do you know how easy it is to write a program that does one thing - just delete a few dozen DLLs in your %system% and %systemroot% folders? No virus scanner will catch that because that isn't a virus anymore than the format.com is a virus, yet it can be very destructive.

Unless I am expecting an updated file from a software vendor, executable email attachments get taken to file 13 real quick, virus or no.

That is what gets me about this round of emails. This is pure stupidity launching these things. Not one shred of common sense. Sorry if that offends someone, but tough. I never run .EXEs I get in emails. Ever.

You know what's even more maddening Ed? There's nothing you can do about it from a sysadmin point of view. Blocking exe's is one thing, but blocking zips? Unrealistic. Blocking attachments altogether? Even worse.

Something annoying praying on people's stupidity (I completely agree with that) that cannot be stopped because people refuse to learn. :evil:

Not for nothing, but even though the "virus" is relatively simple, the people who thought of it really are pretty clever. They exploited the greatest security vulnerability in existence: Human Stupidity. :iamwithstupid:

Stupidity is knowing and not doing, of course there are some out there like that. There are some who are ignorant which is not knowing so of course wouldnt do. That is in fairenss to all. A newbie probably wouldnt think about it. Janek has a good point about looking out for all of us in this ppc community. Just like in back ups, this thread is good for viruses. After reading this thread, everyone should remember, or at least use some sense whether common or not, to think about opening a file in their email.

That is what gets me about this round of emails. This is pure stupidity launching these things. Not one shred of common sense.
Agreed.. unfortunately, I've seen why people do this at customers' sites -- they get neat Flash-like animations wrapped up in a Win32 executable, and have come to trade these frequently. I get rather irate when I receive these, and yet people insist, "don't worry! it's not a bad program!" :roll:

Do you know how easy it is to write a program that does one thing - just delete a few dozen DLLs in your %system% and %systemroot% folders?
Well, the ideal thing to do is to make sure your brilliant users don't have administrative rights on their boxes. Unfortunately, home users want to install applications. Maybe some form of privilege elevation as in UNIX or the Windows RunAs command, done more easily, would help... nahhh.

No virus scanner will catch that because that isn't a virus anymore than the format.com is a virus, yet it can be very destructive.
Sadly, virus companies are forced to keep signatures of these programs nowadays.

--janak

Outbreak is probably the #1 virus vector.
Outlook has had its own share of vulnerabilities, but this worm can affect anyone. It's a ZIP attachment that you must open and run the contents of to get infected. You'd be surprised at the number of people who do that. Moreover, patched versions of Outlook 2000 (i.e., SP3) and Outlook 2002 (i.e. SP2) are quite safe. Go to http://office.microsoft.com and run the Product Updates wizard (make sure you have your CD handy) if you haven't already.

But what does this have to do with desktop syncing? You aren't forced to use Outlook for email if all you want to do is sync with your Pocket PC (unless you want ActiveSync-based email syncing as well).

--janak

What happens when you run the .Zip file?? It gets e-mail addresses out of the phone book? And did *you* get Outlook 2000 with your PPC? I think I got 98 or something like that. There's no way I'm gonna pay for that kinda thing. (I have to use the one at work, don't expect me to like it though!!)

So when you sync without Outlook, where does it go? It won't sync Calendar, Contacts, Tasks and Notes without Outlook as the container. Unless I'm missing something... &lt;sigh>

What happens when you run the .Zip file?? It gets e-mail addresses out of the phone book?
First off, you have to run the Zip file and run the contents within it to get infected. And, actually, I believe Sobig does a scan of your hard drive and harvests addresses. Even if it were to use an Outlook address book API, recent versions (read: updated/patched versions) will notify you a third-party program is trying to access your address book, and will let you confirm or deny that access. Besides, it's only a matter of time before worms will start reading Palm address books as well...

But anyway -- if you've gotten that far, you're going to get hit no matter what! Don't you have antivirus software?

And did *you* get Outlook 2000 with your PPC? I think I got 98 or something like that.
All Pocket PC 2002 units came with either Outlook 2000 or Outlook XP. Pocket PC 2003 units come with Outlook XP. The only units that could have remotely possibly come with Outlook 98 were the original Pocket PC 2000 units.

So when you sync without Outlook, where does it go? It won't sync Calendar, Contacts, Tasks and Notes without Outlook as the container. Unless I'm missing something... &lt;sigh>
If you still don't want to use Outlook, you can buy third-party sync software (Puma's IntelliSync, for example), which supports other platforms.

--janak

That is what gets me about this round of emails. This is pure stupidity launching these things. Not one shred of common sense. Sorry if that offends someone, but tough. I never run .EXEs I get in emails. Ever. Do you know how easy it is to write a program that does one thing - just delete a few dozen DLLs in your %system% and %systemroot% folders? No virus scanner will catch that because that isn't a virus anymore than the format.com is a virus, yet it can be very destructive.
The problem is when it looks like it comes from someone you "trust". But when you open an email from them, you're really opening an email from everyone they've ever emailed with... :D

Part of the problem is also that by default Windows has "hide file extensions of known types". Even seeing that the document is a .pif file should be a clue to people. Not that everyone should know what .pif is, but they should know it ISN'T a file type they're used to... Whenever my parents or in-laws or anyone like that gets a new computer, I always go in and change it so they can see the file extensions.

Most of the new viruses a) spoof the FROM address with an address found on the hard drive of the infected (and offending) machine (and not the machine's user FROM address), and b) send to addresses found on the system (either contact list, or e-mail messages scavenged from the hard drive).

So just because it LOOKS like that bug came from a contact of the site.... ,)

Most of the new viruses a) spoof the FROM address with an address found on the hard drive of the infected (and offending) machine (and not the machine's user FROM address), and b) send to addresses found on the system (either contact list, or e-mail messages scavenged from the hard drive).

So just because it LOOKS like that bug came from a contact of the site.... ,)
Well, if it was taken from a computer that frequents this site and has it in an address book... :)