You’ve Got Virus

Jun 27th, 2004 | Filed under Ranting

I didn’t expect it for at least a week, but I received a virus in my new Gmail account.

Gmail Virus

I didn’t realize it was a virus at first, so I clicked on the part that says "Message.rar". Now, before you email me telling me "That was stupid." let me explain my actions. I was a bit concerned since my signature used to read "Google is watching you. If you’re worried about privacy, use my other email address – x@hotmail.com", and I didn’t want to lose my account after only having it for less than a week. Still, I admit it was a pretty stupid thing to do, especially since there are several glaring clues. I think it’s because I’m used to Hotmail; despite the perceived "evil" of Hotmail, they have a pretty decent policy of blocking one’s ability to download viruses. Gmail does scan email for viruses, the attachment still made it onto my computer – maybe they can’t scan .rar files?

Fortunately, Norton AntiVirus saved my @$$ and caught the virus, W32.Beagle@mm!rar, before it could do anything. You don’t have to worry about me adding to the problem of infected computers on the net. My friends will probably slap me around just on principle – I deserve that at least.

As a curious utensil, I wanted to know my enemy. There’s an option at the top of the email message called "More options" (Duh!). I clicked on that and the header expanded as you can see below.

More Options from Gmail

I shouldn’t have expected to see my enemy unmasked at this point, but I was given the option to "Show original".

Delivered-To: xxxxxxxxxx@gmail.com
Received: by 10.38.97.3 with SMTP id u3cs10795rnb;
   Sat, 26 Jun 2004 09:50:35 -0700 (PDT)
Received: by 10.11.120.80 with SMTP id s80mr149297cwc;
   Sat, 26 Jun 2004 09:50:34 -0700 (PDT)
Return-Path:
Received: from 24.25.253.252 (HELO mkbrwufzf6vr5nx.com)
   by mx.gmail.com with SMTP id p77si195873cwc;
Sat, 26 Jun 2004 09:50:33 -0700 (PDT)
Date: Sat, 26 Jun 2004 06:50:35 -1000
To: xxxxxxxxxx@gmail.com
Subject: Account notify
From: staff@gmail.com
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary=”——–spfbdvelbpwamfsylmjm”

I pasted the text instead of posting an image so people can read the content of the header directly. Tricky bastard. I’m no expert on forged headers, but I’m pretty sure that this message isn’t from the staff at Gmail. It may come as a surprise that someone who’s worried about privacy would click on an attachment and not question its origin, but I’d like to think that I’m not the only one susceptible to lapses in judgment. I’ll be more cautious from now on, but I hope Gmail fixes that security hole.

And, just in case, I changed my signature to "If you’re worried about privacy, reply to this address – x@hotmail.com"

Tags:
Comments are closed.