I just checked my email. No kidding, I got a message on my email that was supposedly from "webmaster@mbcs.edu" which is Maryland Bible College and Seminary (GGWO'S) affiliated school.
Here is a paste from the email:

From: webmaster@mbcs.edu Add to Address Book Add Mobile Alert
Date: Fri, 02 Dec 2005 16:24:49 GMT
Subject: Your Password

Account and Password Information are attached!

Did anyone else get this email? The attachment has a virus on it! This is what my Yahoo virus scan alerted me to about what MBCS sent:<font color="ff0000"><font face="courier new,courier"><font size="+1">

Virus Scan Results


File name: reg_pass_data.zip
File size: 54kb
File type: application/octet-stream
Scan result: Virus "W32.Sober.X@mm,W32.Sober.X@mm!zip" found.
The file attached to this message was infected with a virus that we were unable to clean. You can not download this attachment.

Note: Not all viruses can be cleaned. Please contact the message sender and request that they send you a virus-free version of this attachment. </font></font><font color="000000">

SO... THIS IS HOW THEY THINK THEY WILL SILENCE US BY CRASHING OUR COMPUTERS?

FactNetters BEWARE and don't open ANY attachments such as: reg_pass_data.zip (54k) from anyone. How sick.

If anyone else is getting these, please post on this thread. Hopefully we can find out where these messages are coming from and report them to the "computer police" (if there is such a thing). Well, definitely we can report them to their ISP.

I got this message 2 times so far in my bulk email. Am I the only one?</font></font>

(Message edited by jayso on December 09, 2005)

No, Jayso, you aren't.

According to the experts with whom I have spoken, it is more likely that someone opened an email attachment containing the Sober worm and their address book was pirated.

I NEVER open attachments from unknown senders, so I didn't have any problems. Also, I was sent an alert regarding the Sober worm just prior to the incident, so I was especially vigilant.

All of the attachments sent to me were 75K. If I can find anymore info, I will post it.

Jayso,

According to the Symantec anti-virus website (http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.x@mm.html), this virus "is a mass-mailing worm that uses its own SMTP engine to spread and lowers security settings. It sends itself as an email attachment to addresses gathered from the compromised computer."

Google news reports (http://news.google.com/) indicate this virus is infecting computers world wide.

I don't think this is a concentrated effort on the part of anyone at MBCS to silence you.

John

Jayso, please do people a favor and disable the link to the virus address in your post. A space in the address will do it. Some people just can't not click on things.

Jayso,

You raised an excellent point when you advised, "don't open ANY attachments..." The way these self-propogating viruses work, it's not uncommon to get a virus attached to an email which appears to come from someone you know. Trusting the attachment because you recognize the email address is part of the deception.

A Google search will uncover many good lists of "safe computing tips" or "safe computing practices." Here's one (http://www.claymania.com/safe-hex.html) I just found from a web design firm in RI. It's not super technical, and contains a lot of very sound advice.

Back tracking virus emails to the original sender is often an exercise in futility even for computer professionals. The FBI has a Cyber Division (http://www.fbi.gov/page2/dec05/reigelbriefing120705.htm) which investigates all sorts of computer crimes, including this Sober virus. They were especially mad about this one -- the original virus outbreak emails appeared to come from the FBI!

John

<font color="000000"><font face="arial,helvetica"></font>
Here are some sites dealing with these issues;
www.worldstart.com (http://www.worldstart.com)
www.grisoft.com (http://www.grisoft.com)
www.zonelabs.com (http://www.zonelabs.com)
www.sygatechonline services.com

The last one might be a dot org but it allows you to scan your pc for anything unwanted.

Dave

</font>}

<font color="000000"><font face="arial,helvetica"></font>
Here is the last one.
http://scan.sygatetech.com/

Dave


</font>}

Don't worry about the "link" in my first message. It is not a link to any virus. The Factnet system thinks it's an email address. If you click on that link, it will only bring up your email program and put that link as a (mailto) address. The actual worm virus is not downloaded to my computer, thanks to the Yahoo email virus checker!

What has me baffled is that I have no idea why my email address would be on MCBS.EDU's mailing list. I have never written to them and never visited Baltimore. I left TBS while it was in Lenox... way before email was even thought of.

I know how viruses work. Email worms will send numerous messages to all recipients of one's address book in Outlook Express.

It is possible that someone who posts here who would have my email address in their address book is the culprit. Still, why would anyone have the email of the "WEBMASTER" at MBCS.EDU" in their address book if they do not have an interest in the MCBS WEB SITE?! A web master is the person who sets up and maintains the website; eg: http://www.mbcs.edu It doesn't seem plausible to me that someone who posts on factnet would be interested in the design or content of the MBCS website. I'd love to know where this thing came from.

I can't help but wonder of anyone else got this type of message from "webmaster at mbcs.edu".

While I see JC's point, I can't help but be suspicious. I certainly hope the sending of this virus isn't done deliberately. It is a good (bad)way to screw up people's computers for a while. We can't be sure of GGWO's innocence in this matter.

Also, there is a great FREE virus scanner and cleaner online at : http://housecall.trendmicro.com

Happy computing, Jay

(Message edited by jayso on December 09, 2005)

It's obvious to me the Brian Bowman has inadvertantly picked up this virus and has been unknowingly been spreading it to everyone. Poor Mac impaired Brian.

Fact: Some of the leadership at GGWO Baltimore were reading Factnet at one point.

Speculation: Perhaps they had someone gather email addresses that appeared on FN. I continue to be surprised that GGWO has not made a statement on FN or attempted to tell us its version of events. They may have email addys in preparation to emailing such a statement and in the end decided not to do so. Then when their system picked up a virus, it would forward itself to those on their list.

Hodeuon

I don't think FactNet is that kind of a threat to them at present Jayso...just my gut feeling...those virus things get around...that is why people design them regardless of whose system they infect.
I do not think we were targeted by ggwo as an entity.

You know all those spam mails you get from your friends where they include your address and 50 other people, many of whom you don't even know? Regardless of what you do with the email, your address ends up on 50 others' computers. If one of them forwards it to 50 others, and includes all the addresses, your address is now on 50 more computers. And on and on and on. So your address gets spread all over.

Many of these viruses not only mix and match addresses as the "to" and "from" addresses, they also make up official sounding addresses - such as "admin@" and "webmaster@" etc.

I have several dozen email addresses at as many domains. I commonly receive phony emails - even viruses - from addresses at one of the domains I own. I own the mail server, so I know the "from" address in the spam mail or virus sometimes doesn't even exist.

Did you visit the FBI page I linked to? It describes the FBI's efforts to track down the source of this specific virus. Really believe MBCS / GGWO created and are sending a virus world wide just to get at FN?

John

<font color="000000"><font face="arial,helvetica"></font>
Today I received warning from a news site I subscribe to called Worthy News.
They are warning of a virus sent out internationally to infect PC's.

At the present time,China is attempting to gain access to PC's all throughout the US in an attempt to use one or more to glean information by attacking government systems.

GGWO does not have the type of minds (GEEKS,LOL) it takes to perform such an elaborate scheme.
It's not from them.

Run some good antivirus program and use a firewall you can depend on.
There are other suggestions at
www.worldstart.com (http://www.worldstart.com)
Just check in the archives.


Dave

</font>}

Thanks for the informative replies. I am all too aware that email worms can be sent with anyone's address on the "FROM" line. I receive virus infected attachments all the time from people's email addresses that are totally unknown to me.

This particular email came from MBCS.EDU - it just threw me for a loop! Especially since I never had anything to do with them.

Hodeuon, your speculation may be correct. Hopefully when they clear their system of the virus, legitimate email will come from them. It will be interesting to see.

Thanks Dave Munson for the great links you provided. God bless y'all and have a nice weekend. Stay warm if possible!

I have been getting alot of messages from FBI and CIA (supposedly) telling me that I have been visiting illegal sites... makes you wonder? Illegal to who? and Who is sending these?

<font color="000000"><font face="arial,helvetica"></font>
BJ,
you need to run a virus check.The FBI/CIA doesn't send emails to people like that.
It's a hoax that might have virus' attached.
www.scambusters.org (http://www.scambusters.org)
is a good site as well as
www.hoaxbusters.org (http://www.hoaxbusters.org)

I have a few sites with a lot of information about these types of things.I just read about the FBI/CIA hoax a couple of days ago.

Never,ever open anything from someone you don't know anything about.Unless you have a program that scans any and all attachments along with the original email.

You can report these hacksers to this site,
www.ifccfbi.gov (http://www.ifccfbi.gov)

God bless ya sis,
Dave


</font>}