I've been getting a little flurry of emails, all of which say that they're publishing something about me somewhere (no mention of my name in the body of the email, of course), with a copy of the article and a photo supposedly attached for my approval. I also got one with a similar attachment indicating that it was a crime scene photo and they were looking for potential witnesses. No two alike yet, except for these features. I unzipped the attachment on a Linux machine, and it contains a *.exe file (presumably Windows executable). I've no idea what it does, but if you get one, too, my free advice is to not execute it.

Oh, wait. Now I see that Symantec has scrubbed one of them.

Here's the culprit. Backdoor.Naninf.E

It's a Trojan horse.

I never execute any file unless it's one I've sent myself from another email, or has been preceded by a known friend's email telling me they are sending me a certain file and telling me what it is. (And we have discussed emailing me the file beforehand.)

I've been seeing a new wave of highly advanced hybrid viruses that are half trojan downloader and worm. Whats particulary nasty is that these viruses use hook .dll's and rootkits to bury themselves down into the NTFS partition to hide from the windows explorer and most scan tools. These viruses have become highly adept at repairing themselves by replicating the damaged portions of the virus from other processes running in the background. These viruses have been around for a while but it seems that a new level of sophistication has been reached. Before in the past that trojan downloaders could be fixed by finding the weak link and breaking the worm. I've done this a lot by deny rights to the infected files acls. But it seems the worm has dug down into a different region of the O/S and a higher level of debugging has been reached by the virus to deal with protection against detection and removal.

Password protect all your accounts. Rename the built in administrators account on Win2k/WinXP to something other then 'Administrator'. Do not use any accounts with generic names called 'Admin' or 'User'. Check all the files shares on your system and make sure that none are delegated 'Everyone' permissions. I could go on and on but those are some obvious basics.