Hello All Listers, My cousin who is very visible online just sent me the below email concerning a new virus that she was warned concerning. Please note the file extensions mentioned in her email and do NOT open anything that comes to your email box with those extensions. She mentions that it will be on emails from people whose name you know. Just wanted to warn everyone of this new virus that is attaching to emails. Want all safe. See email below. Phyllis ----- Original Message ----- From: <Grantland@yahoogroups.com> To: <Grantland@yahoogroups.com> Sent: Thursday, July 26, 2001 2:25 AM Subject: [Grantland] Digest Number 31 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/FvNolB/TM ---------------------------------------------------------------------~-> Gathering Our Grantland Genealogy ------------------------------------------------------------------------ There is 1 message in this issue. Topics in this digest: 1. 1st time my ISP has sent a warning out From: "Peggy C. Wilson" <MawPeggy@ectisp.net> ________________________________________________________________________ ________________________________________________________________________ Message: 1 Date: Wed, 25 Jul 2001 19:00:30 -0500 From: "Peggy C. Wilson" <MawPeggy@ectisp.net> Subject: 1st time my ISP has sent a warning out PLEASE READ!!!!!! THIS IS VERY BAD VIRUS. The CERT® Coordination Center (CERT/CC) ( http://www.cert.org/ ) has issued a CERT Advisory. CERT Advisory CA-2001-22 W32/Sircam Malicious Code Original release date: July 25, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected * Microsoft Windows (all versions) Overview "W32/Sircam" is malicious code that spreads through email and potentially through unprotected network shares. Once the malicious code has been executed on a system, it may reveal or delete sensitive information. As of 10:00EST(GMT-4) Jul 25, 2001 the CERT/CC has received reports of W32/Sircam from over 300 individual sites. I. Description W32/Sircam can infect a machine in one of two ways: * When executed by opening an email attachment containing the malicious code * By copying itself into unprotected network shares Propagation Via Email The virus can appear in an email message written in either English or Spanish with a seemingly random subject line. All known versions of W32/Sircam use the following format in the body of the message: English Hi! How are you? [middle line] See you later. Thanks Spanish Hola como estas ? [middle line] Nos vemos pronto, gracias. Where [middle line] is one of the following: English I send you this file in order to have your advice I hope you like the file that I sendo you I hope you can help me with this file that I send This is the file with the information you ask for Spanish Te mando este archivo para que me des tu punto de vista Espero te guste este archivo que te mando Espero me puedas ayudar con el archivo que te mando Este es el archivo con la informacion que me pediste Users who receive copies of the malicious code through electronic mail might recognize the sender. We encourage users to avoid opening attachments received through electronic mail, regardless of the sender's name, without prior knowledge of the origin of the file or a valid digital signature. The email message will contain an attachment whose name matches the subject line and has a double file extension (e.g. subject.ZIP.BAT or subject.DOC.EXE). The CERT/CC has confirmed reports that the first extension may be .DOC, .XLS, or .ZIP. Anti-virus vendors have referred to additional extensions, including .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, and .PS. The second extension will be .EXE, .COM, .BAT, .PIF, or .LNK. The attached file contains both the malicious code and the contents of a file copied from an infected system. For more information please go to http://www.cert.org/ At Your Service Steven E. Greenwalt Jr. ECTISP -- Peggy <'}}}}>< Winton Family Homepage http://sites.netscape.net/mawpeggywilson/homepage Winton cemetery webpage http://www.geocities.com/mawpeggy1946/index.html ________________________________________________________________________ ________________________________________________________________________ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/