Completely off topic

This is from my fantasy/6mm persona - don't ask... <grin>

Okay, I vaguely remember this 'warning' is hoax based but I am not sure (even
more then normal) and my 'virus expert' at work is not available at
home this week-end.  This  [Early_American_Wars]  list is one of "my
lists" and I would like a knowledgable answer if anyone has expertise or
experience with this file -  SULFNBK.EXE - so please respond off list to
save band width and help me make a correct response to my EAW list people.

I found the wording of the original message (bottom of the long forward,
apologies), to sound 'hoax like' and I really thought I had encountered this
on a list before and it was ID'ed as a hoax... But I am not so sure so I
ask...

And, yes, I only sent it to this list because I *know* there will be
people here who are knowledgable to the hilt in this (and probably /any/
) subject. If they put the knowledge of this list in a computer it would be a
base for HAL, only better. <VBG>

Gracias,
Glenn/Triphibious@juno.com
This is my Science Fiction Alter Ego E-mail address.
Historical - Warbeads@juno.com
Fantasy and 6mm - dwarf_warrior@juno.com
--------- Begin forwarded message ----------
From: Glenn M Wilson <warbeads@juno.com>
To: triphibious@juno.com
Subject: philorej@aol.com: [Early_American_Wars] Fwd: Fw: READ - DO NOT
DELETE
Date: Fri, 12 Apr 2002 23:26:05 EDT
Message-ID: <20020413.203537.9263.1.warbeads@juno.com>

--------- Begin forwarded message ----------
From: philorej@aol.com
To: rmbraun@optonline.net, cralow@comcast.net,
SkiMass18@cs.com,Sofiya420@aol.com, Tonysunbug@aol.com,
War7YGamer@aol.com,mm74@garden.net, cafunay@hotmail.com,
cattail@nu-z.net,Loulu27@hotmail.com,
harkins@mpks.net,awi_thru_acw@yahoogroups.com,rcurran@indianvalley.com,n
rdas@hotmail.com,Early_American_Wars@yahoogroups.com,LaceWars@yahoogroup
s.com,jonneely@att.com,ScandanavianWars@egroups.com,rodger@culturefilms.
u-net.com,
vincelucc@comcast.net
Subject: [Early_American_Wars] Fwd: Fw: READ - DO NOT DELETE
Date: Fri, 12 Apr 2002 18:44:24 EDT
Message-ID: <11d.f66902d.29e8bd48@aol.com>

--part1_11d.f66902d.29e8bd48_boundary
Content-Type: multipart/alternative;
 boundary="part1_11d.f66902d.29e8bd48_alt_boundary"

--part1_11d.f66902d.29e8bd48_alt_boundary
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

Please, Follow the instructions below. In the meantime I thought you'd like
to read about SULFNBK.EXE_Warning at the following URL:>
http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html

Bob Johnson Shenandoah Valley, VA "Ask a question and you're a fool for three
minutes; do not ask a question
and you're a fool for the rest of your life." --Chinese Proverb

--part1_11d.f66902d.29e8bd48_alt_boundary
Content-Type: text/html; charset=US-ASCII
Content-Transfer-Encoding: 7bit

<HTML>

<FONT FACE=arial,helvetica><FONT SIZE=2>Please, Follow the instructions below.
&nbsp;In the meantime I thought you'd like to read about
SULFNBK.EXE_Warning at the following URL:&gt;
http://www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html
<BR>
<BR>
<BR>Bob Johnson <BR>Shenandoah Valley, VA <BR>"Ask a question and you're a
fool for three minutes; do not ask a
question and you're a fool for the rest of your life." --Chinese Proverb
<BR></FONT>
<br>

<!-- |**|begin egp html banner|**| -->

<table border=0 cellspacing=0 cellpadding=2> <tr bgcolor=#FFFFCC>
<td align=center><font size="-1" color=#003399><b>Yahoo! Groups
Sponsor</b></font></td>
</tr>
<tr bgcolor=#FFFFFF> <td align=center width=470><a
href="http://rd.yahoo.com/M=214508.1858224.3361270.1501205/D=egroupweb/S
=1705053832:HM/A=949165/R=0/*http://content.search.shopping.yahoo.com/se
arch/tmpl?tmpl=psshowcase2001.html&query=tag:PSshowcase2001+%23cversion%
3A%7Bimage_PSshowcase2001+url_PSshowcase2001+desc_PSshowcase2001+title_P
Sshowcase2001+morehtml_PSshowcase2001%7D&q=PSshowcase2001"
target="_top"><img
src="http://us.a1.yimg.com/us.yimg.com/a/pl/playstation/468x60_vf4.jpg"
height="60" width="468"></a></td>
</tr>
<tr><td><img alt="" width=1 height=1
src="http://us.adserver.yahoo.com/l?M=214508.1858224.3361270.1501205/D=e
groupmail/S=1705053832:HM/A=949165/rand=939965611"></td></tr>
</table>

<!-- |**|end egp html banner|**| -->

<br>
<tt>
Community email addresses:<BR>
&nbsp; Post message: Early_American_Wars@onelist.com<BR>
&nbsp; Subscribe:&nbsp;&nbsp;&nbsp;
Early_American_Wars-subscribe@onelist.com<BR>
&nbsp; Unsubscribe:&nbsp;
Early_American_Wars-unsubscribe@onelist.com<BR>
&nbsp; List owner:&nbsp;&nbsp; Early_American_Wars-owner@onelist.com<BR>
<BR>
Shortcut URL to this page:<BR> &nbsp; <a
href="http://www.onelist.com/community/Early_American_Wars">http://www.o
nelist.com/community/Early_American_Wars</a></tt>
<br>

<br>
<tt>Your use of Yahoo! Groups is subject to the <a
href="http://docs.yahoo.com/info/terms/">Yahoo! Terms of
Service</a>.</tt>
</br>

</HTML>

--part1_11d.f66902d.29e8bd48_alt_boundary--

--part1_11d.f66902d.29e8bd48_boundary
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <breweng@attbi.com>
Received: from  rly-xb04.mx.aol.com (rly-xb04.mail.aol.com
[172.20.105.105]) by air-xb01.mail.aol.com (v84.10) with ESMTP id
MAILINXB14-0412112113; Fri, 12 Apr 2002 11:21:13 -0400
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com
[204.127.198.38]) by rly-xb04.mx.aol.com (v84.10) with ESMTP id
MAILRELAYINXB47-0412112051; Fri, 12 Apr 2002 11:20:51 -0400
Received: from computer ([12.248.169.243]) by rwcrmhc51.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
id <20020412152048.DZTL1143.rwcrmhc51.attbi.com@computer>;
          Fri, 12 Apr 2002 15:20:48 +0000
Message-ID: <006a01c1e235$ac8c3b60$f3a9f80c@attbi.com>
From: "John Schofield" <breweng@attbi.com>
To: <Undisclosed-Recipient:;;>
Subject: Fw: READ - DO NOT DELETE
Date: Fri, 12 Apr 2002 10:21:06 -0500
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Subject: READ - DO NOT DELETE

> Sorry, I just received this and the infected file was on my computer.
I
> suggest everyone give your C drive a quick look.

--part1_11d.f66902d.29e8bd48_boundary--

--------- End forwarded message ----------
--------- End forwarded message ----------

> On Sat, Apr 13, 2002 at 12:56:37AM -0400, Glenn M Wilson wrote:

> (even more then normal) and my 'virus expert' at work is not available

I'm responding on list because I think the information may be useful to others
here.

There are two separate SULFNBK.EXE viruses. The far more common one is a human
virus, in that following the instructions given will damage your system. When
it was realised that this was the case, a real virus was written to take
advantage of the fact, but this is extremely rare (I've never seen it in the
field). See
http://www.vmyths.com/hoax.cfm?id=257&page=3 for more information.

In essence, if you are still using a platform prone to viral infection
(only Windows, these days), obtain and use good anti-virus software. If
you get a virus alert or think your machine may be infected, please
check vmyths.com (or an anti-virus software vendor's site, if you
prefer) before forwarding it.

Cheers,

> [quoted text omitted]

Another good site, and nice if you're as bad as my dad at remembering odd
urls, is www.urbanlegends.com
It's the alt.folklore.urbanlegends FAQ/Site/etc.  It carries most every
internet hoax you can find.

Rand.
Senior Sysadmin, WebFarm, CNN Interactive, AOL/Time-Warner.

> In essence, if you are still using a platform prone to viral infection
If
> you get a virus alert or think your machine may be infected, please

And another note... 90+% of all viruses in the wild propagate via MS
Outlook. Use a different email client (and uninstall Outlook or Outlook
Express) and you'll be fine. I'm using Mozilla (mozilla.org) as a POP3 client,
and it's great. We use it at work as an IMAP client. Some viruses can still
mess you if you launch them, but it can't spread.

> Glenn M Wilson wrote:

> This is from my fantasy/6mm persona - don't ask... <grin>

> (even more then normal) and my 'virus expert' at work is not available
Early_American_Wars-unsubscribe@onelist.com<BR>
> &nbsp; List owner:&nbsp;&nbsp;
Early_American_Wars-owner@onelist.com<BR>
> <BR>
onelist.com/community/Early_American_Wars</a></tt>
> <br>

From: Roger Burton West
Sent: 13 April 2002 09:07
Subject: Re: Completely off topic

> When it was realised that [sulfnbk.exe was a hoax], a real virus

I obtained my "zoo" copy of Magistr-A from an infected sulfnbk.exe
file. I've also removed one of the Magistr variants from a co-
worker's (Randall, place that last hyphen where you will) system after it
arrived by the same means. I think this method of propagation may have enjoyed
more success in continental Europe; I hadn't seen a real case of the hoax
until now.

======== Background You Can Skip Unless You're Worried ========

W32/Magistr is a combined e-mail worm and program file infector;
it can spread between program files on your computer, and will also ransack
your address book and send copies of itself (possibly
along with other files) by e-mail to people you have corresponded
with.

For a more in-depth description, see:
 http://vil.nai.com/vil/content/v_99040.htm
(NAI are Network Associates, aka the corporate face of McAfee)

If someone sends you an attached file you weren't expecting, be extremely
cautious. If they send you an executable file (.COM,.EXE and.VBS are the most
frequent carriers) then don't touch
them without the benefit of an up-to-date anti-virus program.

Going back to Glen's original inclusion, there are two or three distinctive
phrases that scream hoax:

1. Name dropping
> "This virus is not detectable by McAfee or Norton"

2. Gratuitous use of capitals and multiple exclamation marks
> "PLEASE READ AND THEN ACT PROMPTLY!!"

3. Requests to redistribute the message*
> "...send this e-mail to everyone listed in your address book."

Don't take these three rules as gospel. I've mentioned McAfee and Glen's
original message mentioned Symantec; these outfits and others maintain alert
lists for live viruses, and hoax lists to help you spot the fakes. Have a look
around and find a source of information you're happy with, then bookmark it
for emergencies. Beware that when there's a real electronic pandemic on, these
sites can slow right down or go off the net completely.

* cleverly qualified in this case.

Two other excellent email programs are:

TheBat! www.ritlabs.com (costs money though)

Pegasus Mail www.pmail.com (free, but complex. It's extremely powerful, so you
guys who get lots of mail ought to check it out for it's filtering
capabilities, distribution lists, download options. etc...)

Both of those are good programs. But they don't replace your browser, and
Internet Explorer is also a security risk.

Other alternative browsers are Opera, and iCab and OmniWeb for the Mac.

AOL will be switching to the Mozilla page rendering engine (Gecko), and
that means sites will have to accomodate 35 million Netscape/Mozilla
users (Netscape 6.x is ok, but laden with commercial bits - mozilla is a

little rougher, but more stable.

> Flak Magnet wrote:

> Two other excellent email programs are:

I agree. I have some commentary about the "All In One" nature of multifunction
programs, but lets avoid contributing further to the OT noise on the list.

--Flak

> On Sat, 2002-04-13 at 13:35, Michael Llaneza wrote:

Sigh, would you believe my agency *requires* me to use Outlook?

Don't ask. Stupid is a way of life.

Gracias,
Glenn/Triphibious@juno.com
This is my Science Fiction Alter Ego E-mail address.
Historical - Warbeads@juno.com
Fantasy and 6mm - dwarf_warrior@juno.com

On Sat, 13 Apr 2002 09:47:08 -0700 Michael Llaneza
> <maserati@earthlink.net> writes:

Quoting Glenn M Wilson <triphibious@juno.com>:

> This is from my fantasy/6mm persona - don't ask... <grin>

> > > > > > 3. In the 'look in' make sure you are searching Drive C.

I don't have a drive C... None of my computers have a drive C..

Quoting Glenn M Wilson <triphibious@juno.com>:

> Sigh, would you believe my agency *requires* me to use Outlook?

Heh. I particularly like the companies I've worked for (several of) that won't
use open source software "because it might not be secure" and then mandate
Outlook as an email client...

On Mon, 15 Apr 2002 08:36:07 +0100 (BST) Katie Lauren Lucas
> <katie@fysh.org> writes:

LOL, I don't think we have done that *yet*!

Although security is our life blood electronically... Or ought to be.

Gracias,