I usually don't do virus warning but I feel this one needs everyone's attention. Please DON'T respond to this email. 1a. Be Careful Out There. The Bugbear is no teddy bear. It is an e-mail worm containing backdoor components that can allow an infected system to be remotely compromised; it also includes the ability to kill antivirus and firewall software, leaving infected systems wide open to further attacks and lulling you into a false sense of security thinking your system is virus-free. Genealogists have much more interesting things to do than deal with an Internet worm with a Trojan horse, but such is life online. Bugbear, which hit Great Britain and Australia users first on Monday, September 30, according to news reports, is also known as Tanatos. It arrives via e-mail with no distinct characteristics except that the attached file is always 50,688 bytes long. The subject line and text are stolen from existing e-mail it finds on an infected machine. Many RootsWeb users are expressing concerns about this latest varmint because unless you pay extra-careful attention you might think an e-mail with the attached Bugbear worm is coming from a trusted genealogy friend, family member, or from your favorite Mailing List. RootsWeb's Mailing Lists do not allow any attachments, but that doesn't mean you won't receive something that will fool you into thinking the message is from a RootsWeb Mailing List. This is one clever worm. There are confirmed reports of Bugbear even forging some prepends commonly used on many of our Mailing Lists. If you receive e-mail with an attachment that appears to be from say [SURNAME-L] and you are not subscribed to that Mailing List, that is a good indication that it is a message with the Bugbear worm attached. Even if you are subscribed to a certain list and there is an attachment, do not open it. Many of us are still fighting off the Klez worm, which steals and forges our e-mail addresses and subject lines, and now along comes Bugbear and the Opaserv worms. The latter is a network worm that was discovered September 30 also. Are you at risk? You certainly are if you are a Windows user, and especially if you use Microsoft Internet Explorer 5.01 or 5.5 browsers and have not applied the patch found in MS01-020. [Note: Copy and paste carefully; this is a 2-line URL:] http://www.microsoft.com/technet/security/bulletin/ MS01-020.asp?frame=true According to CNET News.com, a flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an e-mail message execute (start) when the text of the message appears in Outlook or Outlook Express (popular e-mail applications). The software problem was patched by Microsoft almost 18 months ago, but it is obvious that many genealogists have not updated their computers. Don't know what version of Microsoft Internet Explorer you have? Launch the browser, click on the Help menu and select About Internet Explorer to find out. To prevent infection, Windows users be sure your system is current: http://windowsupdate.microsoft.com/default.htm and everyone should update their antivirus software and refrain from opening any attachment unless the sender confirms that he or she sent it to you. The major antivirus (AV) software companies have updated their files to include protection from Bugbear -- but you need to be sure your AV is up-to-date. Moreover, don't rely exclusively on your AV to protect you from every virus or worm that comes along. If you use Outlook or Outlook Express for your e-mail application, be sure to set your VIEW options to show attachments. In Outlook Express make sure that the Preview Pane option is off. In Outlook, under VIEW, turn off the Auto Review and the Preview Pane. Some e-mail clients treat Mailing List digests as separate attachments, but those will always have the Mailing List digest request address as the FROM address and they will have the digest volume and number in the subject line. However, be wary, if attachment is exactly 50,688 bytes, it probably is the Bugbear. For additional tips and links, please see: Virus, Trojans, Worms: http://helpdesk.rootsweb.com/announce.html#virus E-mail headers: http://helpdesk.rootsweb.com/listadmins/headersfull.html