RootsWeb.com Mailing Lists
Home

Results for list 'arnewton'

Total: 1/1
    1. [ARNEWTON-L] Sorry folks one more warning: Fwd: E-mail virus/worm spreading rapidly at

    3. This is a multi-part message in MIME format. --part0_922679342_boundary Content-ID: <0_922679342@inet_out.mail.aol.com.1> Content-type: text/plain; charset=US-ASCII Have had this running thru all my help lines and felt maybe I should warn you on this one. Kathy --part0_922679342_boundary Content-ID: <0_922679342@inet_out.mail.INDIANA.EDU.2> Content-type: message/rfc822 Content-transfer-encoding: 7bit Content-disposition: inline Return-Path: <owner-genealogy-l@LISTSERV.INDIANA.EDU> Received: from rly-za02.mx.aol.com (rly-za02.mail.aol.com [172.31.36.98]) by air-za02.mail.aol.com (v58.16) with SMTP; Sun, 28 Mar 1999 17:10:26 -0500 Received: from LIME.EASE.LSOFT.COM (lime.ease.lsoft.com [209.119.1.41]) by rly-za02.mx.aol.com (8.8.8/8.8.5/AOL-4.0.0) with ESMTP id RAA24663; Sun, 28 Mar 1999 17:10:11 -0500 (EST) Received: from PEAR.EASE.LSOFT.COM (209.119.0.19) by LIME.EASE.LSOFT.COM (LSMTP for Digital Unix v1.1b) with SMTP id <16.000D7191@LIME.EASE.LSOFT.COM>; 28 Mar 1999 17:08:42 -0500 Received: from LISTSERV.INDIANA.EDU by LISTSERV.INDIANA.EDU (LISTSERV-TCP/IP release 1.8c) with spool id 18002580 for GENEALOGY-L@LISTSERV.INDIANA.EDU; Sun, 28 Mar 1999 17:09:37 -0500 Received: from snorkel.uits.indiana.edu by listserv.indiana.edu (LSMTP for Windows NT v1.1a) with SMTP id <0.C2084380@listserv.indiana.edu>; 28 Mar 1999 17:09:36 -0500 Received: from maryland.exchange.indiana.edu (maryland.exchange.indiana.edu [129.79.6.163]) by snorkel.uits.indiana.edu (8.9.1a/8.9.1/1.1IUPO) with ESMTP id RAA17250 for <genealogy-l@listserv.indiana.edu>; Sun, 28 Mar 1999 17:09:36 -0500 (EST) Received: by maryland.exchange.indiana.edu with Internet Mail Service (5.5.2448.0) id <HY73XPFP>; Sun, 28 Mar 1999 17:09:36 -0500 X-Mailer: Internet Mail Service (5.5.2448.0) Message-ID: <4F1C26C2EB4CD211BD2300805F657B5C0173B2B3@newjersey.exchange.indiana.edu> Date: Sun, 28 Mar 1999 17:09:36 -0500 Reply-To: "Stephens, Larry V" <stephenl@INDIANA.EDU> Sender: SuperList of Genealogy Lists <GENEALOGY-L@LISTSERV.INDIANA.EDU> From: "Stephens, Larry V" <stephenl@INDIANA.EDU> Subject: [GENEALOGY-L] FW: E-mail virus/worm spreading rapidly at IU...from the lists ow ner To: GENEALOGY-L@LISTSERV.INDIANA.EDU Mime-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: quoted-printable 1. This comes from a credible source - our main computer people. 2. This does NOT mean the lists are getting infected. 3. Before people get confused again, let me clarify their message. They sa= y the email message with the subject noted has an attached file. They say don't even open the message, just delete it. Opening the email message WILL NOT spread the virus. Opening the attached Word file WILL spread the virus. However, their advice to just delete the email message itself is sound advice, because some people will open the email, then be tempted to open the Word file just to see what happens (sort of like the apple in the Garden of Eden). They are saying, "don't tempt fate, delete the email message." Good advice. 4. You'll see that CNet has information on this. That implies this is not limited to IU's mail system (which is logical). -------- -----Original Message----- From: IU Information Technology Security Office Sent: Saturday, March 27, 1999 1:26 AM Subject: E-mail virus/worm spreading rapidly at IU If you receive an e-mail message with the subject: "Important Message From ..." Do NOT open it, and DELETE it immediately. The message contains a Microsoft Word file attachment, which contains a dangerous macro "worm" (similar to a virus). If you open this file, the macro will send multiple copies of the file and worm to many other users, hence causing it to spread extremely rapidly. It will also infect your machine with a version of itself that will be present in any new Microsoft Word documents you create. This is not a hoax. The Indiana University IT Security Office and UITS have determined that the Microsoft Word macro "worm" is loose on the IU-Bloomington and IUPUI campus. This worm is also infecting other sites around the world. See the last section of this message for further technical details. WHAT WE'RE DOING We have reconfigured the main IUB and IUPUI mail relay systems to attempt to detect possible copies of the macro, and to return the message to the sender rather than allowing it be delivered. Although this may be limiting some legitimate mail, it has arrested the propagation outside of the campus Microsoft Exchange systems, which many faculty and staff use as their primary e-mail service. We disabled the Microsoft Exchange system for a period early Friday evening in order to temporarily halt propagation of the worm, and to allow time for a solution to be found to the problem. The Microsoft Exchange system will be returning to service shortly, although it may be necessary to configure it to permit sending messages to only one recipient at a time. We hope to have access to a better solution sometime over the weekend. Symantec (the company responsible for Norton AntiVirus) is working on protection and "disinfectants" for this problem. Once this update is available, we will send out another message to all IU e-mail addresses notifying users of the steps they should take to "disinfect" a machine that has been affected. In the mean time, if you haven't already, you should download and install Norton AntiVirus as soon as possible. It is available from SoftServe, or from IUWare: (this applies only to IU people) FURTHER TECHNICAL DETAILS A worm replicates itself by trying to send multiple copies of itself to other recipients, who, in turn, execute the worm and do the same. This particular worm is in the form of a Microsoft Word macro. An unsuspecting user receives a message with an attached Word document that contains the macro. If the user opens the document and allows the macro to execute (either by having disabled this protection in MS Word, or by confirming on a dialog box), the macro will execute and propagate itself. This macro also modifies your default document template to cause all new documents that you write to contain the worm. If you later send someone one of these documents, the recipient could start the propagation again, using your document as the base. HOW TO FIND OUT MORE C/Net's news.com has a story on this virus/worm: http://www.news.com/News/Item/0,4,34334,00.html?st.ne.fd.gif.e Updates specific to the situation at Indiana University will be provided at the following location: http://www.indiana.edu/~itiu/ --part0_922679342_boundary--

    03/28/1999 03:49:01