RootsWeb Mailing List Archives

RootsWeb.com Mailing Lists

Home

Results for list 'hodges'

Sender

Subject

Content

Total: 1/1

1. [HODGES-L] Fw: FW: E-mail virus/worm spreading rapidly at IU...from the lists ow ner
2. Diana Flynn
3. I am forwarding this from Larry Stephens who is the list master of several lists. He used to he the head master of Meiser (spelling?) before it crashed a few years ago and Rootsweb kindly took over most of the lists. Diana -----Original Message----- From: Stephens, Larry V <stephenl@INDIANA.EDU> To: GENEALOGY-L@LISTSERV.INDIANA.EDU <GENEALOGY-L@LISTSERV.INDIANA.EDU> Date: Sunday, March 28, 1999 5:09 PM Subject: FW: E-mail virus/worm spreading rapidly at IU...from the lists ow ner >1. This comes from a credible source - our main computer people. >2. This does NOT mean the lists are getting infected. >3. Before people get confused again, let me clarify their message. They say >the email message with the subject noted has an attached file. They say >don't even open the message, just delete it. > > Opening the email message WILL NOT spread the virus. Opening the >attached Word file WILL spread the virus. However, their advice to just >delete the email message itself is sound advice, because some people will >open the email, then be tempted to open the Word file just to see what >happens (sort of like the apple in the Garden of Eden). They are saying, >"don't tempt fate, delete the email message." Good advice. > >4. You'll see that CNet has information on this. That implies this is not >limited to IU's mail system (which is logical). > >-------- > >-----Original Message----- >From: IU Information Technology Security Office >Sent: Saturday, March 27, 1999 1:26 AM >Subject: E-mail virus/worm spreading rapidly at IU > > >If you receive an e-mail message with the subject: > > "Important Message From ..." > >Do NOT open it, and DELETE it immediately. The message contains a >Microsoft Word file attachment, which contains a dangerous macro >"worm" (similar to a virus). If you open this file, the macro >will send multiple copies of the file and worm to many other users, >hence causing it to spread extremely rapidly. It will also infect >your machine with a version of itself that will be present in any >new Microsoft Word documents you create. > >This is not a hoax. The Indiana University IT Security Office >and UITS have determined that the Microsoft Word macro "worm" is >loose on the IU-Bloomington and IUPUI campus. This worm is also >infecting other sites around the world. See the last section of >this message for further technical details. > >WHAT WE'RE DOING > > We have reconfigured the main IUB and IUPUI mail relay systems > to attempt to detect possible copies of the macro, and to return > the message to the sender rather than allowing it be delivered. > Although this may be limiting some legitimate mail, it has arrested > the propagation outside of the campus Microsoft Exchange systems, > which many faculty and staff use as their primary e-mail service. > > We disabled the Microsoft Exchange system for a period early > Friday evening in order to temporarily halt propagation of > the worm, and to allow time for a solution to be found to the > problem. The Microsoft Exchange system will be returning to > service shortly, although it may be necessary to configure it to > permit sending messages to only one recipient at a time. We hope > to have access to a better solution sometime over the weekend. > > Symantec (the company responsible for Norton AntiVirus) is working > on protection and "disinfectants" for this problem. Once this > update is available, we will send out another message to all IU > e-mail addresses notifying users of the steps they should take to > "disinfect" a machine that has been affected. In the mean time, > if you haven't already, you should download and install Norton > AntiVirus as soon as possible. It is available from SoftServe, > or from IUWare: > > (this applies only to IU people) > >FURTHER TECHNICAL DETAILS > > A worm replicates itself by trying to send multiple copies of > itself to other recipients, who, in turn, execute the worm and > do the same. > > This particular worm is in the form of a Microsoft Word macro. > An unsuspecting user receives a message with an attached Word > document that contains the macro. If the user opens the document > and allows the macro to execute (either by having disabled this > protection in MS Word, or by confirming on a dialog box), the > macro will execute and propagate itself. > > This macro also modifies your default document template to cause > all new documents that you write to contain the worm. If you > later send someone one of these documents, the recipient could > start the propagation again, using your document as the base. > >HOW TO FIND OUT MORE > > C/Net's news.com has a story on this virus/worm: > > http://www.news.com/News/Item/0,4,34334,00.html?st.ne.fd.gif.e > > Updates specific to the situation at Indiana University will be > provided at the following location: > > http://www.indiana.edu/~itiu/ >
03/28/1999 05:29:42