Warning! Virus Attached (Maybe)

            The last message any of us want to see in our e-mail inbox is from someone else saying that we have a virus. In August I started receiving just such a message. Now my first reaction was that it just couldn’t be. After all, I use a firewall and keep Windows and Norton AntiVirus up-to-date. So I suspected that the e-mail informing me that I had a virus might itself be a virus. That is one technique to spread a virus. You tell people they have one and give them a link to download a program to remove it. Instead what you are really downloading is a virus. So, I just ignored the virus e-mail alert.

            Brother Craig the next day downloaded our e-mail and a whopping 216 messages came in first thing in the morning. Two hours later over 200 came in again. When I examined them I found most were returns to me from automated mail servers saying my e-mail was discovered to be virus infected, was then rejected and returned to me. These e-mails supposedly sent by me all said in the message field either “Please see attached file for details” or “See the attached file for details.” Subject lines and attachments varied according to the table below:

Subject Lines


Re: That movie movie0045.pif
Re: Wicked screensaver wicked_scr.scr
Re: Your application application.pif
Re: Approved document_9446.pif
Re: Re: My details details.pif
Re: Details your_details.pif
Your details thank_you.pif
Thank you! document_all.pif

Now I was beginning to worry! I looked at the “From” line in the e-mail header and sure enough, there was our address, monkadorer@catholic.org. So I did the next logical thing, I scanned my computer for viruses with Norton. I was actually hoping Norton would come up with something. But the computer received a clean bill of health. I was a bit stumped at this point. Was it possible that a new virus was developed that Norton couldn’t detect? If so, what could I do about it? I looked in the e-mail header for “what” had sent the e-mail. It said Outlook Express and gave the version number. I quickly checked all our computers. None of them had this version of that program. Perhaps we weren’t infected after all…

Then things took a turn for the worse. We were using a free e-mail service provided by Catholic online and downloading our e-mail from their service. This way our real e-mail address with our Internet provider remained hidden and if we changed Internet service providers our contact e-mail address could remain the same. However, like most free services, Catholic online has a limit as to how much space one could take up with their free e-mail account. Now as I said, we were getting on average 100 e-mails an hour, most with attachments. Unless we kept pulling the e-mails off Catholic online we would certainly go over quota, thereby freezing up our e-mail account. I tried downloading our e-mail periodically until one got “stuck,” our computer wouldn’t download it. Now if one e-mail gets stuck, even though you download all the other e-mails, none of them get deleted from the Catholic online account. So I decided to use Catholic online’s web-based e-mail handling system. I tried to delete the e-mails and they wouldn’t go away. So I knew that our e-mail account would be frozen in a matter of hours and sure enough it was.

My first break came when I examined the e-mails more closely I had already downloaded telling me I had a virus. One of them, thanks be to God, actually told me the name of the virus I supposedly had – W32/Sobig.F@mm. Now here was information I could do something with. I could look up this virus in the Norton virus database at securityresponse.symantec.com/avcenter/vinfodb.html. Here’s what I learned. W32.Sobig.F@mm uses a technique known as "spoofing," by which it randomly selects an e-mail address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine to other addresses in the infected computer. Now I’m sure several people have our e-mail address in their computer address books. One or more of these persons was now spreading this virus and it looked like it was coming from our us. I received a little consolation when I read that the virus would deactivate itself on September 10th. At least an end to the madness was in sight!

This latest virus threat I believe, has started a new malicious trend impossible to defend against. Even though our computers were protected, Sobig still shut down our e-mail address. Imagine if this virus decided to send people to adult sites in our name. How long would it take us to recover from that?

It is worthwhile to protect from these type of viruses by never using your primary e-mail address. Set up your contact e-mail address so that it isn’t the address assigned to you by your ISP. Then if the above happens to you, just cancel the e-mail address account. Getting your ISP to change your assigned primary e-mail address could be more of a hassle. A contact e-mail address can be set up with a free e-mail service provider like Catholic online at catholic.org. Or if your ISP enables you to set up more than one e-mail account, do so and never give out your primary one.

Here’s are three easy e-mail tips to keep you from getting and spreading viruses for those using Outlook or Outlook Express (AOL users go to keyword viruses for tips):

1)                           Make sure Tools>Options>Security Tab> “Do not allow attachments to be saved or opened that could potentially contain a virus” is checked. If you want to read an attachment, uncheck this box, save the attachment to your harddrive, scan it with your antivirus program, and only then open it. Then recheck the above once again.

2)                           Read all messages in plain text. Do this put a check next to Tools>Options>Read Tab> “Read all messages in plain text.” This will prevent e-mail from taking over through Internet Explorer. It will also suppress pornographic pictures, etc. from appearing in e-mail.

3)                           Put an invalid e-mail address at the top of your address book like 1111ihaveavirus@1111virus.com. This way if a virus tries to use your address book, you will get a message back telling you that this invalid address was used. Then you will know you are infected.

Monthly Web Pics

For this months picks we’ll look at the Eastern Catholic Church, as many in the West are not familiar with it.

A good place to start learning about Eastern Catholics is from the article entitled “Catholic Rites and Churches” found in the EWTN online library at ewtn.com/expert/answers/rites.htm.

Byzantines.net was started by an Eastern Catholic webmaster, Greg Bronson, who wanted to create a general interest site on Eastern Christianity. The “About Byzantine Catholics” link is a good place to begin here.

At St. Michael the Archangel Ukrainian Catholic Church in Baltimore, crosslink.net/~hrycak/Welcome-s.html, you can learn about the Ukrainian Church as well as this particular Catholic church. You may want to see their “Unofficial Directory of Eastern Catholic Churches in the U.S.” line to find and experience an Eastern church near you.

Another place to search for an Eastern Catholic church in your city is at Masstimes.org. Follow the “Mass Times by City” link and find your city. Then look for a parish with an Eastern Church designation after its name in brackets like (Maronite).

For more Eastern Church links see the Eastern topics in my online directory at monksofadoration.org/directory.html.

Brother John Raymond welcomes
e-mail at john@aplusconsultingnow.com.

He is author of Catholics on the Internet: 2000-2001,
Webmaster of www.monkofadoration.org