RootsWeb.com Mailing Lists
Home

Results for list 'cook'

Total: 1/1
    1. [COOK-L] [Fwd: [GENEALOGY-L] FW: E-mail virus/worm spreading rapidly at IU...from the lists ow ner]
    2. LCleversey

    3. This is a multi-part message in MIME format. --------------4D1620DF2D8D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi List members, I'm forwarding this letter from Larry Stephens so you can be on the look out. Many of you know who Larry is, for those of you who don't Larry was the owner of the MAISER Genealogy Mailing lists who got shut down when the main computer got hit HARD with Spam mail. This is when ROOTSWEB picked us up and gave us space with them. Please read his warnings. Thanks Lisa Cleversey --------------4D1620DF2D8D Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: from mail3.bellsouth.net (mail3.bellsouth.net [205.152.32.6]) by mail.mco.bellsouth.net (8.8.8-spamdog/8.8.5) with ESMTP id RAA01630 for <lclevers@mco.bellsouth.net>; Sun, 28 Mar 1999 17:09:59 -0500 (EST) Received: from listserv.indiana.edu (piano.ucs.indiana.edu [129.79.5.189]) by mail3.bellsouth.net (8.8.8-spamdog/8.8.5) with ESMTP id RAA23664; Sun, 28 Mar 1999 17:09:55 -0500 (EST) Received: from piano (129.79.5.189) by listserv.indiana.edu (LSMTP for Windows NT v1.1a) with SMTP id <0.C683E090@listserv.indiana.edu>; 28 Mar 1999 17:09:44 -0500 Received: from LISTSERV.INDIANA.EDU by LISTSERV.INDIANA.EDU (LISTSERV-TCP/IP release 1.8c) with spool id 18002580 for GENEALOGY-L@LISTSERV.INDIANA.EDU; Sun, 28 Mar 1999 17:09:37 -0500 Received: from snorkel.uits.indiana.edu by listserv.indiana.edu (LSMTP for Windows NT v1.1a) with SMTP id <0.C2084380@listserv.indiana.edu>; 28 Mar 1999 17:09:36 -0500 Received: from maryland.exchange.indiana.edu (maryland.exchange.indiana.edu [129.79.6.163]) by snorkel.uits.indiana.edu (8.9.1a/8.9.1/1.1IUPO) with ESMTP id RAA17250 for <genealogy-l@listserv.indiana.edu>; Sun, 28 Mar 1999 17:09:36 -0500 (EST) Received: by maryland.exchange.indiana.edu with Internet Mail Service (5.5.2448.0) id <HY73XPFP>; Sun, 28 Mar 1999 17:09:36 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Message-ID: <4F1C26C2EB4CD211BD2300805F657B5C0173B2B3@newjersey.exchange.indiana.edu> Date: Sun, 28 Mar 1999 17:09:36 -0500 Reply-To: "Stephens, Larry V" <stephenl@INDIANA.EDU> Sender: SuperList of Genealogy Lists <GENEALOGY-L@LISTSERV.INDIANA.EDU> From: "Stephens, Larry V" <stephenl@INDIANA.EDU> Subject: [GENEALOGY-L] FW: E-mail virus/worm spreading rapidly at IU...from the lists ow ner To: GENEALOGY-L@LISTSERV.INDIANA.EDU 1. This comes from a credible source - our main computer people. 2. This does NOT mean the lists are getting infected. 3. Before people get confused again, let me clarify their message. They say the email message with the subject noted has an attached file. They say don't even open the message, just delete it. Opening the email message WILL NOT spread the virus. Opening the attached Word file WILL spread the virus. However, their advice to just delete the email message itself is sound advice, because some people will open the email, then be tempted to open the Word file just to see what happens (sort of like the apple in the Garden of Eden). They are saying, "don't tempt fate, delete the email message." Good advice. 4. You'll see that CNet has information on this. That implies this is not limited to IU's mail system (which is logical). -------- -----Original Message----- From: IU Information Technology Security Office Sent: Saturday, March 27, 1999 1:26 AM Subject: E-mail virus/worm spreading rapidly at IU If you receive an e-mail message with the subject: "Important Message From ..." Do NOT open it, and DELETE it immediately. The message contains a Microsoft Word file attachment, which contains a dangerous macro "worm" (similar to a virus). If you open this file, the macro will send multiple copies of the file and worm to many other users, hence causing it to spread extremely rapidly. It will also infect your machine with a version of itself that will be present in any new Microsoft Word documents you create. This is not a hoax. The Indiana University IT Security Office and UITS have determined that the Microsoft Word macro "worm" is loose on the IU-Bloomington and IUPUI campus. This worm is also infecting other sites around the world. See the last section of this message for further technical details. WHAT WE'RE DOING We have reconfigured the main IUB and IUPUI mail relay systems to attempt to detect possible copies of the macro, and to return the message to the sender rather than allowing it be delivered. Although this may be limiting some legitimate mail, it has arrested the propagation outside of the campus Microsoft Exchange systems, which many faculty and staff use as their primary e-mail service. We disabled the Microsoft Exchange system for a period early Friday evening in order to temporarily halt propagation of the worm, and to allow time for a solution to be found to the problem. The Microsoft Exchange system will be returning to service shortly, although it may be necessary to configure it to permit sending messages to only one recipient at a time. We hope to have access to a better solution sometime over the weekend. Symantec (the company responsible for Norton AntiVirus) is working on protection and "disinfectants" for this problem. Once this update is available, we will send out another message to all IU e-mail addresses notifying users of the steps they should take to "disinfect" a machine that has been affected. In the mean time, if you haven't already, you should download and install Norton AntiVirus as soon as possible. It is available from SoftServe, or from IUWare: (this applies only to IU people) FURTHER TECHNICAL DETAILS A worm replicates itself by trying to send multiple copies of itself to other recipients, who, in turn, execute the worm and do the same. This particular worm is in the form of a Microsoft Word macro. An unsuspecting user receives a message with an attached Word document that contains the macro. If the user opens the document and allows the macro to execute (either by having disabled this protection in MS Word, or by confirming on a dialog box), the macro will execute and propagate itself. This macro also modifies your default document template to cause all new documents that you write to contain the worm. If you later send someone one of these documents, the recipient could start the propagation again, using your document as the base. HOW TO FIND OUT MORE C/Net's news.com has a story on this virus/worm: http://www.news.com/News/Item/0,4,34334,00.html?st.ne.fd.gif.e Updates specific to the situation at Indiana University will be provided at the following location: http://www.indiana.edu/~itiu/ --------------4D1620DF2D8D--

    03/29/1999 12:24:22