Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'brooks-ne'

Total: 1/1
    1. [BNE] KLEZ worm warning -- long, but PLEASE READ!
    2. Christopher Brooks

    3. Good morning, As much as I dislike giving these matters space ... the KLEZ worm is now rampant. I've posted protection tips in the past against malware (viruses, trojans, worms). Basic preventative techniques include (1) keeping your antivirus software up to date (meaning daily recognition file updates at times like this), (2) virus-checking all incoming mail BEFORE opening it, (3) setting up your email software to turn OFF preview features (which can activate malicious code embedded in HTML messages), and (4) disabling VBS (Visual Basic Scripting), a Micro$oft "feature" that no one asked for which provides a gaping security hole for malware authors to exploit. ANYTHING which arrives with an attachment should be closely scrutinized before opening -- particularly if the attached file has an extension of .exe (indicating an executable program) or .scr (indicating a screensaver, but a frequent malware disguise for an executable). Since KLEZ and the newer generation of malware are quite smart and able to forge headers with ease, the fact that the incoming appears to come from me, Bill Gates, your Aunt Gladys, or from anyone else you may happen to trust, is irrelevant. If you have the slightest doubt, create a mailbox in your email software named Embargo, and store the suspect messages there (where you won't accidentally or absent-mindedly open them) while you email the identified sender to confirm that they've sent you an attachment. I habitually urge users of Micro$oft email programs -- Outlook and Outlook Express -- to switch to *any other* email software. The Outlook siblings not only have real security problems, but MS users are invariably the hacker's target -- understandably so, because of Micro$oft's commanding market share. The people who write this stuff are looking for the biggest destructive bang for their buck, and the galaxy of MS users is where they generally find it. Email alternatives to Outlook/Outlook Express: Eudora Light (adware version, free) http://www.eudora.com/ Pegasus Mail (free) http://www.pmail.com/downloads.htm PocoMail ($30 shareware [30-day free trial], full-featured, offers spam filtering, is not VBS-literate and therefore can't execute VBS scripts) http://www.pocomail.com/ Virus information sites to bookmark or consult about KLEZ: Symantec Security Response Center http://www.symantec.com/avcenter/ Trend Micro Virus Information Center http://www.antivirus.com/vinfo/ THE site to bookmark regarding computer hoaxes (the "tell all your friends" mode of malware): CIAC Hoaxbusters site http://hoaxbusters.ciac.org/ I'll paste below a message I sent to another list this morning with additional tips, techniques and resources. This begins with quotations from an actual KLEZ cover message. Note the fractured English and lack of proper inter-word spacing in the following quotes: ============================== :Klez.E is the most common world-wide spreading worm.It's very :dangerous by corrupting your files. :You only need to run this tool once,and then Klez will never come :into your PC. :NOTE: Because this tool acts as a fake Klez to fool the real :worm,some AV monitor maybe cry when you run it. Since the majority of malware authors seem to inhabit non-English speaking countries (which, after all, form the majority of the world's population), mangled English in an incoming message is usually an immediate and visible indicator that something's amiss. Unless, of course, our English-speaking correspondents habitually mangle the language on their own. :-) With reference to the 0000 address entry technique, it does no harm and is not altogether useless. It will combat some older malware like "Snow White" (which Symantec calls the W95.hybris worm) which relies upon the address book to generate a victim list. I still get Snow White every couple of weeks, even though it's a couple of years old now. (I laugh and wonder who is so "out of it" that they're allowing their machine to send out two-year-old worms.) New malware doesn't replace old malware -- they coexist together. The suggestion to employ a server-level email scrubber like MailWasher (http://www.mailwasher.net/) is right on the money. You can also get yourself an email program which has a "check the server" feature built in (like PocoMail), or run down one of the freeware standalone utilities written to do this. I kill anything that looks suspicious on my ISP's server before it can ever reach my machine. ============================== Finally, remember that you CANNOT get a malware infection through this list, or any other RootsWeb list. The RootsWeb servers automatically kill any messages with either an attachment or HTML. The danger comes from other users -- who have your email address in their address book, or, in the case of KLEZ, in their cache -- and from websites with contaminated HTML which your browser will cheerfully download to your machine as you view the site. Please understand that these precautions are needed every day, whether there's a panic on or not. This is our future, sadly, if we want to be able to continue to safely use the internet for genealogical collaboration. Your computer, no matter how new, expensive or bells-and-whistles-laden, cannot provide common sense or good judgement. That's up to each of us as individuals. Thanks, Chris Christopher Brooks, List Administrator: ========================================== BROOKS-NE (Brooks Families of New England) ========================================== [email protected]

    05/02/2002 05:13:53