Goner Virus -- email virus wreaking havoc on web

www.mcafee.com ^ | December 4, 2001 | Christopher M. Hoss

[topher]

http://vil.mcafee.com/dispVirus.asp?virus_k=99272&

The above web link describes the GONER VIRUS/WORM and the potential damage.

The good news is that YOU MUST OPEN THE SCREENSAVER ATTACHMENT TO BE INFECTED.

Evidence that your PC is infected is the presence of the file GONE.SCR

The McAfee Web Server is overloaded by people trying to get into the site.

Here is a CLICKABLE link to the McAfee web site:

Goner Virus Info from McAfee (12/04/2001)

This virus has appeared on the Internet just today (Tuesday, December 4, 2001).

I can email people information about the virus, but I have it in Microsoft Doc/RTF format currently because it had pictures and graphics about what appears on the PC.

[FourPeas]

I feel your pain (I know, I know, but I REALLY do). My deepest sympathy. The ability of users to do the stupidest things never ceases to amaze me.

FP

[okie_tech]

And any tech worth his name knows for a fact that a brand new virus can't be scanned for on the server since the scanner doesn't have it in it's virus def files yet. It's ultimately up to your users not to be hair brained idiots

[CDHart]

"that's why they pay us geeks the big bucks. right."

Right. I can tell you that we need you computer geeks a whole lot worse than you need us!

Carolyn

[jboot]

Would you hire a person who can't type to be a typist? Or would you hire a person who can't drive to be a driver? No? Neither should you hire the computer-illiterate to use computers. I cannot imagine that an employee who opens virus-laden attachments is a profitable employee.

[George Smiley]

You'll like these stories if you don't already know of them.

BOFH

[LincolnLover]

"I contend that the vast majority of idiots who open attachements like this are chicks..."

Wow, I hope you're wearing the asbestos body suit today--FLAME ON.

I'm a guy and I send my buddies attachments of Anna Kournikova pics all day long...lol (j/k).

[Le-Roy]

Search for 'gone.scr' - not 'goner.scr'.

[The Chid]

They probably meant "InoculateIT".

Here is the link.

[Ol' Sox]

Yassah, boss. We's jus' shovelin' de coal down heah in IT. No need to fire anybody, boss. We's be good.

We use Lotus Notes. Superior email. Superior groupware. No viruses piggybacking the mail - we catch it and innoculate it at the firewall.

The only way viruses get in is via the users who deem themselves too good to follow standards and install the horrible Outlook on their laptops. I've missed many a meal over the years to run to the aid of these "revenue producers". Seriously, how can you send these people out in public when they can't even be trusted to follow simple instructions? Its like not knowing how to loosen the vice that one's testicles are clamped in. And you enable it.

[Diddle E. Squat]

Same search results for gone.scr and goner.scr, no files or folders but found in text search in Users Windows DAT file. So would that be the virus, or perhaps a warning issued today(but I haven't opened any e-mail since before my broadband went out Saturday and was switched Sunday.

[damnlimey]

InnoculateIT PE,I've used it for a couple of years with no complaints but it is now no longer available except for updates for existing users.
This is the link for the company that took them over,it is however no longer freeware.

[toupsie]

Funny! Its a personal thing with me. I do not feel that my fellow employees need to be computer experts -- thats not why we hire them. IT staff must get off their high horses and understand that not everyone knows their dot com from a hole in a wall. Being abusive or rude does not improve users attitudes. A good IT department tries to prevent problems before they have to solve them. An employee that loses their ability to use their computer is like taking a match to the profit margin.

[glock rocks]

Right. I can tell you that we need you computer geeks a whole lot worse than you need us!
Carolyn

that's really kind of you. thanks, Carolyn.

it's funny... finance just gets knotted up having to pay 50K to start an entry level
geek and 80K to keep the experiences ones...
so they make it up by making tiny cubicles in the basement and sending down
used furniture and limiting training to a couple workplace violence seminars per year.

personnel hates us because we're usually introverted technophiles who have no
true concern with the current "teamwork is everything" drive and
just want to do the job we were hired to do.

management hates us because we cost too much, can never deliver their fantasy land
requests in the dreamland timeframe they pull out of their rears...

and everybody else hates us because we know how the computer works,
and they perceive that we don't want to share that information,
while we know fully well they wouldn't follow simple procedures if
we hired professional writers to put it down in a guidebook
...yup, which we do... and they don't read.

that said, i manage a software engineering group and love it... and i'm just
as much a computer "user" as all the other employees... and we have an award winning
help desk, God bless 'em.

now, you wanted that system delivered when?

blessed be the user, for the user does provide our paychecks.

[Mrs. P]

I contend that the vast majority of idiots who open attachements like this are chicks. They all send themselves so many stupid emails all day long that they could not possibly identify which are real and which aren't.

I have yet to meet a guy who refers to women as 'chicks' that can spell and uses fairly correct grammar.

Oh, and Rodney Dear, we prefer to be called 'babes' (and even better yet - 'really hot babes') - try to remember that if you can.

[Outraged At FLA]

There has been a rash of these worms going around. What really sucks is, those of us who know better on how to keep these things off our system are the ones whos addresses are on all those users computers systems who don't. That means, when they get the worm, their outlook express emails it to us. Even though we know better than to download it, if you have a lot of moronic friends out there, you get inundated by worm mails.

Just last week I got slammed with a ton of email from retarded friends of mine who downloaded one worm or another and that worm found me in their address book and emailed me over and over. It prompted me to send out this email. I wish everyone in the world received this email. If it was understood and followed, worms would really be a thing of the past:

Here is the most serious virus report you will most likely ever hear in your lifetime!

The most powerful innoculant to these virii is INFORMATION.

The naive populace thinks one of three things:

1. I will never get a virus.
2. My Anti-virus software will protect me.
3. It cannot be a virus if my friend sends it to me.

"I will never get a virus":

Well, first of all, if you are running a computer, your chances of catching a virus are probably 100 times greater than catching the common cold. EVERYONE, whether you are connected to the Internet or not, is vulnerable. To think you will never get a virus is the same as thinking that you will never die. It is inevitable. Even software manufacturers have been known to unknowingly include virii in their software distributions. It can happen, very easily. You may think you don't have one now, chances are you do, you just don't know it. Many virii are quiet, and only use your machines to do the dirty work the hacker doesn't want seen coming from THEIR computer (called backdoors, technically not a virus).

"My Anti-virus software will protect me."

Most of the time, the virus is already been on the loose long before any Anti-virus software has been programmed to deal with it. Even so, for those who never update their Anti-virus software, you might as well be battling cancer with aspirin; it is useless. If you have Anti-virus software, update it DAILY! Read your software's documentation on how to set up auto-updates. Many Anti-virus software will run using your Windows scheduler. If you cannot schedule it automatically, then remind yourself to do it EVERYDAY! For example, as soon as you finish reading your email, update your Anti-virus software.

Virii contain different signatures that your Anti-virus software is programmed to recognize. As virii emerge, their signatures change, your software must update to recognize these changes! If your Anti-virus software is one week old, it is too old, in fact, it is probably quite useless. Most ISP's (your Internet provider) identify older virii in their mail spools before you ever get them. The threat is the new virii.

UPDATE YOUR ANTI-VIRUS SOFTWARE DAILY!

"It cannot be a virus if my friend sends it to me."

I hear this in almost every conversation I have ever had with a naive computer user. Most worms and virii do one thing before they ruin your data: Open your mail program, find your address list, mail the virus/worm to everyone on your address list OR reply to all of your mail that you have, with the virus/worm. In fact, attachments from your "friends" are more dangerous than attachments coming from strangers!

Virii are files, files have extensions, the ONLY safe extension for you to download is: .gif .jpg .jpeg .mp3 .txt .mpeg .mpg. Many virii will be named like this:

myvirus.gif.pif OR myvirus.jpg.exe

THESE ARE NOT SAFE! The extension is the LAST characters after the LAST period in the file. myvirus.jpg.exe is an executable file (it can be activated) and is therefore a threat! DOUBLE TRIPLE CHECK THE FILENAME BEFORE YOU DOWNLOAD IT! .zip files are NOT SAFE either. Virii can easily be contained in a .zip file. He who downloads the least, will be the safest!

Some people also think that if they execute the file from its location without choosing to save it is a safe way to handle files.. Wrong.. It is still being saved to your machine, in your temporary directories. From there, it can do the same damage.

Another side note, many times you receive in your email warnings about this virus and that virus. THEY ARE ALL HOAXES! No company sends out virus warnings - NONE! Many times, these are just people getting their kicks on scaring old people but sometimes these emails have another purpose. They wait until the email gets back to them and guess what? They now have the email address of everyone who was forwarded that bogus hoax! Now everyone knows what SPAM is, this is one way to get YOUR address so they can send you JUNK email.

If everyone on the Net kept the above in mind, 75-95 percent of all virii would never see the light of day!

I BEG you, please keep the above in mind during your travels on the Net, and if there is one virus warning in the world that should be forwarded to everyone on your address list, this would be the one. Hopefully, the last one!

[Le-Roy]

"C:\Windows\User.DAT"??

That is the 'user' portion of your registry, and likely the only entries you found in there were the ones that keep track of items that you have searched for. As far as the virus, I don't think you have a problem.

Your ISP is another matter...;^)

[copycat]

Thanks guys. Hoped I could download it tonight.

Any freeware anti-virus programs anyone can recommend? I feel naked...

[FastCoyote]

"Just curious, how do the "idiot" users rate their IT support?"

My one client calls me slow, stupid, and always on the verge of a disaster. He pays me half of what I bill as a consultant. Three idiots over there just opened the goner.scr virus. I am at the edge of revolt, IT people are always overworked (by far), under paid and rarely respected. I'm so stupid, I'm the only one who can make their network function.

[Outraged At FLA]

As far as free Anti-Virus software, you get what you pay for. I recommend BUYING one. Norton AntiVirus is a good one. It autoupdates itself too!

[toupsie]

And any tech worth his name knows for a fact that a brand new virus can't be scanned for on the server since the scanner doesn't have it in it's virus def files yet. It's ultimately up to your users not to be hair brained idiots

Wrong! If you utlize a decent SMTP server, such as Postfix, you can prevent executable files from being received by a user. There is no real legitimate reason to have executable files passed through e-mail. Its a waste of time to scan for viruses on executables on the server level. However, I can understand scanning for Office based Macro viruses as these sort of documents are legitimate for passing between users.