Just as a note, I know a fair bit about virii and worms... I am a certified network / computer security specialist.
All of the worms that use the .eml files to carry a java or vbscript based payload can spread many ways...
Two of the most common is through peer to peer protocols, OR through holes in open ports in the OS you run...
If you are running a windows server, that is your problem right there... Windows (all windows OS) come with inherant holes in the windows file sharing system. Win2K and XP both come out of the box with an administration version of file sharing enabled (using null sessions) and such worms exploit this to be able to "deposit" their files on your hard drive. You don't need to run anything, it does not come from any program... Simply having a computer on a lan (or internet) that has windows will make you vulnerable...
Most low end router and firewall boxes block out the open ports... (also in XP you can turn on the internet connection firewall)
Also, update your OS to the latest patches using the automatic update wizard.
These .eml files will autorun whenever windows detects them in a folder that you open... and if they are not poorly written, the scripts will fire off without you even knowing it happened... This is one of the wonderous things about windows security (or lack there of)
Anyway, just to save the misconception... This virus DID NOT come from the eqemu files... (unless you may have downloaded them from an unreliable source other than this homepage)
It is spread through networking protocols, and the .eml files can only harm a windows machine... These worms are useless against a linux box (they can still eat up valuable bandwidth and cause network slowdown, they just can't "infect" a linux machine...)
I hope that clears things up a bit...
If you want to look into it more, get a firewall of some kind (hardware or software) and then go on the web and look up windows null sessions... and read about how to disable the related exploits...
Also disabling any file and printer sharing on your system helps as well... (or simply setting all shares to read only)
Anywhoo...
Hope that helps.
- Glasswalker
|