*
*
Home
Help
Login
Register
Welcome, Guest. Please login or register.
August 19, 2022, 09:36:11 PM

Login with username, password and session length
Forum changes: Editing of posts has been turned off until further notice.
Search:     Advanced search
275647 Posts in 27717 Topics by 4285 Members Latest Member: - Jason DAngelo Most online today: 83 - most online ever: 565 (October 17, 2020, 02:08:06 PM)
Pages: [1] 2
Print
Author Topic: War story (probably)  (Read 9110 times)
Ron Edwards
Global Moderator
Member
*
Posts: 16490


WWW
« on: July 24, 2001, 12:25:00 PM »

Yesterday I received a friendly message from someone, asking me for any "advice" on an attached file called ACPexe1_7.exe.  I wrote back asking for some context - who he was, what was the file, why talk to me, and so on.

I did not open/run the file. It ended with "exe" after all.

Today I received a "message returned" postmaster letter, stating that the alias (Bryan_Scott_Hefner) was unknown/illegal.

Ah ha, thinks I, and deleted the bejeezus out of the original letter.

The text of that letter was friendly, flattering, and entirely vague - it did not have any mention of RPGs or any other thing, it mentioned nothing about the purpose of the file, and it just oozed familiarity, as if the fellow and I had already exchanged a few letters.

Beware, everyone. The fuckers DO exist.

Best,
Ron
Logged
Jared A. Sorensen
Member

Posts: 1463

Darksided


WWW
« Reply #1 on: July 24, 2001, 12:36:00 PM »

Yup.  There are a slew of nasty viruses out there that have exactly that type of message, along with a payload of evil file-destroying content.  One of the newest is called "sircam.exe" and contains the message:

"Hi! How are you?
 
I send you this file in order to have your advice
 
See you later. Thanks"

This virus reproduces by using the the ol' "send to everyone in your address book" method.  Obviously, never run any weird .vbs or .exe file...or allow macros in any Word/etc. document.

And don't talk to strangers, even if they DO have the best candy.

Logged

jared a. sorensen / www.memento-mori.com
Ron Edwards
Global Moderator
Member
*
Posts: 16490


WWW
« Reply #2 on: July 24, 2001, 02:19:00 PM »

Hey Jared,

That was the EXACT text of the message, as it happens.

Best,
Ron
Logged
GreatWolf
Member

Posts: 1155

designer of Dirty Secrets


WWW
« Reply #3 on: July 24, 2001, 03:36:00 PM »

Hmm.  One wonders if a "cyber-Sorcerer" chronicle could be run, with viruses and other computer programs being the "demons".

(Seth scratches his head and thinks.)

Logged

Seth Ben-Ezra
Dark Omen Games
producing Legends of Alyria, Dirty Secrets, A Flower for Mara
coming soon: Showdown
Supplanter
Member

Posts: 258


WWW
« Reply #4 on: July 24, 2001, 05:33:00 PM »

That's the last thing we need is the FBI busting in on Ron's house and giving him the ol' Steve Jackson Treatment. :wink: Heck, for all I know, Ron may have a dog, and SWAT teams seem to be obsessed with shooting dogs.

Best,


Jim
Logged

Unqualified Offerings - Looking Sideways at Your World
20' x 20' Room - Because Roleplaying Games Are Interesting
Clay
Member

Posts: 550


WWW
« Reply #5 on: July 25, 2001, 03:58:00 PM »

About once every two months I get something like that too, but the text of the message looks like bad notes from a meeting.

Computer Viri as demons wouldn't be a bad idea.  It sounds a lot like the whole "Ghost In The Machine" idea.  The thing probably should be written by somebody with a computer security background though (Clinton, you listening).  I've got just enough of a security background that I can sniff out when an author is BSing the technical stuff, and it grates.  Best that a non-technical author shouldn't try to get technical.
Logged

Clay Dowling
RPG-Campaign.com - Online Campaign Planning and Management
Paul Czege
Acts of Evil Playtesters
Member

Posts: 2341


WWW
« Reply #6 on: July 25, 2001, 07:43:00 PM »

I just got this virus emailed to me. It came anonymously. The text of the email was exactly the same as Jared described. The attached file was named risus15.zip.pif, although the .pif extension was not visible within Windows Explorer. I think I need to have a conversation with S. John Ross.
Logged

My Life with Master knows codependence.
And if you're doing anything with your Acts of Evil ashcan license, of course I'm curious and would love to hear about your plans
Gordon C. Landis
Member

Posts: 1024

I am Custom-Built Games


WWW
« Reply #7 on: July 25, 2001, 08:46:00 PM »

If you want the details, take a look at:

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

The virus is apparently clever enough to name its' attachment after a file on the (unsuspecting) sender's computer.

Gordon C. Landis
Logged

www.snap-game.com (under construction)
Paul Czege
Acts of Evil Playtesters
Member

Posts: 2341


WWW
« Reply #8 on: July 25, 2001, 08:57:00 PM »

Hey Gordon,

Yeah, I was joking about taking my ire to S. John Ross. I doubt my email address is on his computer. However, with the virus supposedly getting its name from a random file on the sender's infected computer, it just so happens I got something I recognize. So I know from the Risus filename that it was some gamer I've corresponded with who must have sent it to me. It's disappointing actually. I wish I could blame it on my stepdad.

Paul
Logged

My Life with Master knows codependence.
And if you're doing anything with your Acts of Evil ashcan license, of course I'm curious and would love to hear about your plans
Gordon C. Landis
Member

Posts: 1024

I am Custom-Built Games


WWW
« Reply #9 on: July 25, 2001, 09:03:00 PM »

Quote

On 2001-07-26 00:57, Paul Czege wrote:
Yeah, I was joking about taking my ire to S. John Ross.


No, no, take your ire to him - I understand he's running out and needs more :wink:

Gordon C. Landis



Logged

www.snap-game.com (under construction)
joshua neff
Member

Posts: 949


WWW
« Reply #10 on: July 25, 2001, 09:47:00 PM »

I just got an email much like the one's you describe--here's a generic email with an attachment I won't describe for you to look at.
Riiiiiight. Delete. Bye bye, sucker.
Logged

--josh

"You can't ignore a rain of toads!"--Mike Holmes
Mytholder
Member

Posts: 205


WWW
« Reply #11 on: July 26, 2001, 01:14:00 AM »

Quote

So I know from the Risus filename that it was some gamer I've corresponded with who must have sent it to me. It's disappointing actually.

Whoever you got the virus from doesn't know they sent it to you. SirCam reads your outlook address book and sends a random file to people in the address book. The person using the computer doesn't know what's going on. They're innocent (apart from being stupid enough to open an infected file....)
Logged
greyorm
Member

Posts: 2233

My name is Raven.


WWW
« Reply #12 on: July 26, 2001, 01:55:00 PM »

Quote

On 2001-07-24 19:36, GreatWolf wrote:
Hmm.  One wonders if a "cyber-Sorcerer" chronicle could be run, with viruses and other computer programs being the "demons".

Wait a week!
Logged

Rev. Ravenscrye Grey Daegmorgan
Wild Hunt Studio
Clay
Member

Posts: 550


WWW
« Reply #13 on: July 27, 2001, 06:09:00 AM »

Quote

On 2001-07-25 23:43, Paul Czege wrote:
The attached file was named risus15.zip.pif, although the .pif extension was not visible within Windows Explorer. I think I need to have a conversation with S. John Ross.


I'm not sure what this virus does, but I can tell you that it was written with Delphi.  I'm also going to go out on a limb and suggest that it was targetted at members of this board, considering how many people here have received it, and the specificity of the message.

Yesterday was a banner day, with two separate viri arriving in my mainbox.

Logged

Clay Dowling
RPG-Campaign.com - Online Campaign Planning and Management
Jack Spencer Jr
Guest
« Reply #14 on: July 27, 2001, 07:31:00 AM »

shit.  this is all my fault.

Actually it isn't my fault, it's the fault of the guy who sent me the damn thing in the first place.  But I was stupid and opened it and now it spreads.

Damn damn damn

I wonder why the virus used "Risus15.zip" as a name and not "Elfs.zip"?  hm... descructive and biased...
Logged
Pages: [1] 2
Print
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Oxygen design by Bloc
Valid XHTML 1.0! Valid CSS!