Dear All: Generally speaking a roll call does not do much for the genealogy of our list. However, once a year seems to be an appropriate timing to dust off those brick walls and see where things stand. I know from the various emails that I receive that many of you have made great strides this year due to new databases on line and new web sites etc. So what I propose is as follows: A: Post the brick wall ancestor and other ancestors that seem to have been created to give you a a hard time. Some ancestors of mine have covered their tracks so well, it must have been deliberate :-) Please use the standard format in the subject line for everyone's benefit. This standard has been used and was created in order to allow many people to skim the subject lines and then determine if there is any interest or should the delete key be used. So one ancestor per message. The format is : SURNAME > location > time Note the surname is in Caps. The new search engines here in Rootsweb are coming on line and are working well. Then give the pertinent details in the message body. B: No signatures lines over 4 lines. The VLF will automatically put anybody on moderate that can't seem to get their sig line down. Large sig lines clog up the search engine and the archives. VLF is a patented system from Piglet (the Listowners admin) and she rents it out for a royalty fee per use. VLF = Very Large Flyswatter to keep posters in line :-) C: Also post any great web sites that you've found that really helped. I may put some of these in the taglines for future reference. Lets Go! Best Regards John A Hansen jahansen@qwest.net List Admin

Dear All: This is a one-time heads up notice. Please don't start numerous threads on this subject. The new virus Gokar is out "in the wild" today. All the AV software companies have updated their databases. Get it now! See the following AV web pages describing Gokar: http://www3.ca.com/Virus/Virus.asp?ID=10606 http://vil.nai.com/vil/virusSummary.asp?virus_k=99282 http://www.sarc.com/avcenter/venc/data/w32.gokar.a@mm.html http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_GOKAR.A Best Regards John A Hansen List Admin.

Dear All: There is a new virus announced as being out as of 7.30 am this morning Dec 4th. The general announcement from www.sarc.com is below. It is not a really serious virus except for it's wide distribution already this morning. A couple of significant points. A: get your virus definitions updated as of today B: It's purely an attachment virus ( so simpler to handle) Let's get ahead of this one and avoid the mess we had two weeks ago :-) Best Regards John A Hansen jahansen@qwest.net W32.Goner.A@mm Discovered on: December 4, 2001 Last Updated on: December 4, 2001 at 11:21:17 AM PST W32.Goner.A@mm is a mass-mailing worm that is written in Visual Basic. The worm has been compressed using a known Portable Executable (PE)* file compressor. The worm can spread its infection using the ICQ network as well as by email using Microsoft Outlook. If IRC is installed, this worm can also insert mIRC scripts that will enable the computer to be used in Denial of Service (DOS) attacks. Type: Worm Infection Length: 38,912 bytes Virus Definitions: December 4, 2001

Dear All: The message below is from Sue on the TSL list and she states the situation quite clearly. The difficulty is that the attachment may not show or there is a false extension. It appears to have xxx.doc or xx.txt but the real extension ( .scr.or .exe) is 59 spaces to the right. So even if you get a email from a trusted source ( me or others) and there is no message etc, be very careful. It will also show about 29 or 30k as the size of the message. So that is a dead giveaway in that there is 30 k of message and it doesn't show up anyway . I have also received a mumber of these and have advised some of you of the problem. We will correspond to make sure your computer is clean before resubscribing. If anyone receives one of these virus transmissions from a member: A: advise the list of the name B: send me the name and email address and mail list. Best Regards John A Hansen jahansen@qwest.net List Admin Forwarded message Many of you will remember the "badtrans" virus last August. People seemed to wise-up about that one, but now there is another _strain_ of the badtrans virus called W32.Badtrans.B@mm and I have received quite a few of them ... some from current list members. I am Bcc'ing those list members whose computers are infected, so if you receive a copy of this message without the [TSL] prepend, please quickly go to the link below to learn how to clean the virus out of your computer. You will NEVER receive a virus through the list, but if listmembers get infected, their computer may send you the virus, which _may_ have a list subject line. My Norton "anti-virus" program is doing a very good job of detecting, but Norton doesn't seem to have a complete write-up about this one. They do mention the file extensions etc., but they don't mention how the email will appear or whether there is a message or not. My experience has been that only one has arrived with a subject line from a list post, the others simply have a "Re:" in the subject line. I have seen no message (but maybe Norton is deleting that too) Most of those I have received have come from Australian or New Zealand email addresses, so they must have gotten it first. Also, I don't know whether my Norton is doing this (the write-up doesn't say) but the email addresses of the sending computers is altered by having an underline character preceeding the address, such as <_emailaddress@optusnet.com.au> PLEASE remember to make sure you have up-to-date Anti Virus software, AND remember to update the Virus definitions regularly. There are a lot of good Anti Virus programs out there (I use Norton) but they aren't any good unless you update them. You can read about this virus and how to remove it from your system on the Norton Symantec site ... http://www.symantec.com/avcenter/ http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html Sue --

Dear All: Some volunteers from the society of the Daughters of the American Revolution ( DAR) have established a wonderful new program for users of Rootsweb. These volunteers will do lookups in their database and records if you think one of your ancestors served in some capacity during the American Revolution. These volunteers have more databases that are available to them than the ones commonly used by the search engines. The process is fairly simple : Go to the DAR message board: There are two ways to do that: > www.rootsweb.com > message boards > topics > organizations and societies > DAR Or if you want the easy way :-) http://boards.ancestry.com/mbexec?htx=board&r=rw&p=topics.organizations.dar Address your message as follows: subject : DAR Lookup > surname> location > dates In the body of the message put the information regarding the person, Be sure to fill out the surnames box at the bottom since the new search engine will be keying on that item. Leave the email response box checked and you will be notified when the DAR volunteers respond . Give them a week or so to get to your request. We really appreciate their efforts. This info can be key for: a: joining these prestigious organizations ( DAR & SAR) b: sending a request for the copies of the files that were submitted and the information they have available. Many thanks to: Glenda Thompson DAR VIS Volunteer Vice Chrm. Patriot Lookup for organizing this effort and all the many volunteers that are donating their time and effort to us instead of pursuing their own ancestors, Best Regards John A Hansen DAR board admin. BTW: Please forward this message to other lists and boards that each of you are involved in. A word of thanks to each volunteer that does this work and especially the one that responds to your post would probably be highly appreciated.

Dear All: This is the next step in Virus activity as previously described. Note that this virus infects even the user who does NOT open the attachment, but merely opens the basic email in a preview pane or otherwise even tries to read the basic email itself. So those that depend on their virus protection as being "don't open attachments" are going to get caught here. Also recognize that this virus is far worse that SirCam etc etc. I've also seen warning of the next mutant of this being a really dangerous payload. It was also self mutate. Best Regards John A Hansen jahansen@qwest.net List Admin -----Original Message----- From: Peter Mueller [mailto:pmueller@sidestep.com] Sent: Tuesday, September 18, 2001 1:42 PM To: Incidents List Cc: Vuln Dev Subject: RE: New "concept" virus/worm? http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp <exerp from securityfocus> Experts are tracking a fast-spreading virus that propagates both by sending itself as an email attachment, and by hacking into vulnerable web servers. The W32.Nimda.A@mm worm infects IIS servers by exploiting the 'MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability' -- the same hole exploited by the recent Code Blue worm. The worm also attacks Microsoft Outlook users, arriving as an apparently blank message with an attachment called 'readme.exe.' As with other viruses, opening the attachment will infect the machine. But unlike most so-called mass mailers, Nimda can also infect Outlook and Outlook Express users who know better than to open strange attachments. By exploiting a bug in Internet Explorer discovered last March, the worm is able to infect victim computers when the email is read, or even displayed in Outlook's preview pane. A patch for the 'Microsoft IE MIME Header Attachment Execution Vulnerability' is available from Microsoft's web site. Once it has infected a machine, Nimda exposes local hard drives to the network, and spreads further through already-open file shares. Cyber security mailing lists began buzzing with word of the W32.Nimda.A@mm worm Tuesday morning, after network administrators noticed a massive increase in probes for unpatched Microsoft's IIS web server software. No destructive payload was immediately identified in the worm, but network administrators report that the worm consumes massive amounts of bandwidth in its feverish search for vulnerable servers. The virus comes at a time of heightened sensitivity to Internet attack. On Monday the U.S. National Infrastructure Protection Center (NIPC) issued an advisory warning that a group of vigilante hackers called 'The Dispatchers' have threatened to launch distributed denial of service attacks against unnamed Internet hosts, in response to the September 11th terrorist attacks on the United States. "The Dispatchers claim to have over 1,000 machines under their control for the attacks," the advisory reads. "It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Dear All: There is a nasty worm making the rounds today. Details at http://www.sarc.com/avcenter/venc/data/w32.nimda.a@mm.html W32.Nimda.A@mm Discovered on: September 18, 2001 Last Updated on: September 18, 2001 at 12:38:50 PM PDT Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4. Please update your AV software ASAP. I subscribe to numerous virus and security email lists and will try to keep you advised of Class 4 virus threats after I verify that it is not a hoax. Best Regards John A Hansen jahansen@qwest.net List Admin

Dear All: As many of you have noticed, there is a new influx of postings from the Affiliated message board. These posting are now always identified as coming from the Message board The posts on the message boards and posts to the mailing lists are somewhat different. On the Message boards the initial inquiry comes in ,usually with some detail. The follow on threads then are brief and to the point. Sometimes only a cryptic sentence or two. Since the full thread is easily visible, there is no need to repeat all the details, dates, locations, etc. Each post on the the mailing lists is very complete with dates, locations, names etc. This allows each post to stand on it's own for understanding the content. The new top header was a compromise to satisfy a group that was protesting that it wasn't obvious that these other messages were, in fact, coming over from the message boards. So Rootsweb came up with that format and suddenly there it was. I think most list admins all thought it was the answer to the previous protests over the lack of identity of gatewayed messages. There are also numerous suggestions and many recommendations on the various lists about getting the "gateway" message size reduced and less intrusive. Like so many times in life we go from one extreme to the other; so we went from no notice of a gatewayed message to one taking up 50% of the message body :-) However, a couple of suggestions and options for those of you that don't like the board postings. The messages from the gateway always have the "from" address gc-gateway@rootsweb.com Merely add the above address to the filters in your email program. Then ALL messages from ALL message boards will be taken out...right now! Hope this helps clarify the situation and provides some relief. BTW: Some will see this message coming from the gateway, since I'm posting it there as well. Best Regards John A Hansen jahansen@qwest.net List Admin

Dear ALL: A short introduction and a update on the issue of virus and security. My name is John A. Hansen and the new mailing List Adm. I'm retired ( mostly) with a Scottish wife, 4 grown children and 7 grandchildren. We live in Issaquah Wa ( near Seattle) and tracing a bunch of ancestors. Did you notice that your number of "dead ends" grows exponentially with the number of generations you try to go back :-). The virus issue is on everyone's mind today and will be even more so in coming months. The current famous one is Code Red , but that is serious mostly for people running servers for web pages and larger networks etc. However, there are a couple of baddies out there right now. One is Sir Cam and the other is Bad Trans. You can get the details on these by going to www.sarc.com and looking at their level 4 alerts. However, there is also more serious virii ( plural) coming and the gloves are off. There are now at least several groups of offshore professionals thieves that have discovered that using viruses is a easy way to get new fraud victims. The scam works like this. These professionals are getting victims easily and cheaply by using virus to plant Trojans, "cuckoo eggs" and other programs ( called malware) to forward "info" to a site, called a "drop". The specific info they want is credit card numbers, SSN, bank account numbers, passwords etc. They use that info for identity theft and just to ding your account or credit card for a few bucks. While the general warning to never ever ever open an attachment is good, there are other ways for them to get in. Attachments can be single extensions ( PDF, jpg, zip etc) and any email message with the standard html format can easily have embedded scripts ( you don't even have to open it , they will do all the work for you ! So get and maintain a set of Antivirus software ....now! I've included a nicely written overall summary by BJ Hamilton of the virus and Firewall situation. I use ZoneAlarm pro as my firewall because I have a home network and I like to mess around with this stuff:-) But their freeware program is also good. I do consistently get pings and probes so I know it's happening. A freeware version of the Program is available at www.zonelabs.com. It's a bit of a pain to run because you keep getting alerts, but that's better than not knowing. I also use the programs mentioned below to test my security on a regular basis ( once a month) . There is also the program at www.pcpitstop.com that does free online testing of your computer status and security. Some references for Anti virus software are as follows and freeware and shareware products are available at www.tucows.com. There is also a nice site at www.webattack.com/freeware with good programs. If you have any further questions about viruses, please consult your anti-virus software vendor or visit one of these sites: http://www.mcafee.com/anti-virus/default.asp? http://antivirus.about.com/compute/antivirus/ http://www.symantec.com/avcenter/ http://www.claws-and-paws.com/virus/ http://www.eicar.com/ http://www.av-test.org/ http://helpvirus.com/ My candidates for review ( from my own favorites file) http://www.securityportal.com/articles/malware20010129.html http://securityportal.com/virus/ http://www.antivirus.com/vinfo/vprimer.htm http://www.sarc.com/avcenter/security/ ( see article on email worms) http://www.sarc.com/ ( nice summary of current active "level 4" virus threats http://www.sarc.com/avcenter/security/Content/2000_05_26_a.html ( good article on embedded scripting and the countermeasures) Some Newsgroups: alt.comp.virus alt.comp.anti-virus alt.comp.source.code symantec.support.**** ( specific version of OS) There is also a good mailing list here at Rootsweb. The name is virus-discussion-L@rootsweb.com. The list adm is George Elting. subscribe by sending email to: virus-discussion-L-request@rootsweb.com My strong recommendation for your protection is to: A: Get Anti virus Software of some kind. B: Update it once a week C: Install a firewall ( software version) D: Use passwords on access to your computer E: Do a security check with an Internet site once a month. It's easy and free F: Do Not open any message with attachments. Remember attachments now can be single extensions, including .pdf etc In case you receive a message with a virus or attachments the Virus procedure is simply as follows. Remember attachments now can be single extensions, including .pdf etc A: Send the name of the person to me with copy to the list for a heads up. B: Delete the message I will then remove the infected user. There are some options if you are unfortunate and get infected some way. These options include using the digest mode and posting to the message boards since many of these lists are gatewayed from the message boards as well. If we all work together, we can keep this mailing list clean. Best Regards John A Hansen jahansen@qwest.net List Adm -----Original Message----- From: bounce-ftmtech-l-9376775@lyris.genealogy.com [mailto:bounce-ftmtech-l-9376775@lyris.genealogy.com]On Behalf Of BJ Hamilton Sent: Monday, August 06, 2001 9:26 PM To: Family Tree Maker Discussion List Subject: Re: virus is getting bad.... I had it, too... reprinted with permission from BJ Hamilton JAH Dear All: There is quite a bit of emotional rhetoric regarding viruses and network security. So this is a brief explanation of terms and then a web address that has outstanding advice as well as explanations and some diagnostic tools to help you determine how vulnerable your system is. I heartily recommend you run both his Shields and Probe applications. Definitions: 1. Firewall - this is normally a computer which protects a local area network (LAN) by restricting who may access the LAN from the internet as well as restricting who on the LAN may access the internet and what areas may be accessed. They may be very sophisticated and expensive running on a separate computer or they can simply be a utility, which runs on your personal computer protecting you from the Internet. Consequently they can be very expensive or on the other hand they can be rather inexpensive. Some of the personal firewalls will cost around $30-$50. BlackGuard, Symantic and McAfee (I think) all offer personal firewalls. One firewall that has received a lot of praise is ZoneAlarm (found at: http://www.zonelabs.com). It is free for personal use although they also offer a version, ZoneAlarm Pro, for about $40 which checks your email for viruses. I use the free version. 2. Routers and Gateways - These may be computers but tend to be dedicated machines which sit between networks and forward (or route) all packets (traffic) to other networks (The internet is just like a big series of networks and all traffic is forwarded by routers using the TCP/IP addresses.) Again these can be very expensive devices but within the past year or two, D-Link, Linksys and SMC have been developed inexpensive devices for home and small office use. These tend to cost about $130 - $200. They are rather simple to install and operate. I simply installed mine, provided it with my ISP ID and Password and did nothing else. It is always on - protecting all of my computers from external probes because it answers the Internet address and then routes the packets to the appropriate internal network addresses. The gateways and routers have no files or programs, which can be accessed so they act as a protection against anyone attempting to access my computer. Normally they do not stop your machine from accessing the Internet. They also allow multiple users/computers to access the Internet simultaneously using a single ISP address. Because no one can get your internal computer address, it acts as a sort of firewall also. For maximum protection, I use both a gateway and a personal firewall. I use the firewall because it allows me to control what programs or utilities on my computer can access the network. I have a list of applications that I have granted access to the network. If another program attempts to access the network, ZoneAlarm intercepts the attempt, opens a dialog window and I can either prohibit the access or allow the access (on a once only basis or continuous basis). For those who want more details about security in general, I suggest the following web site: https://grc.com/x/ne.dll?bh0bkyd2 ( Note by JAH) : This site does a full online security check on your computer as well. Run both the "shields up" and "probes" ! This site is provided by Steve Gibson. This web site provides extensive information in an easy reading manner for the non-technophile. Explore to your heart's content. I'm going to have to go back and revisit it because he has done considerable upgrading since I last looked at the site. Let me know if I haven't answered your question or if you don't understand my explanations. BJ Hamilton