Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'ivester'

Total: 1/1
    1. [IVESTER] Virus Information

    3. Normally sending virus warnings is discouraged on the various RootsWeb mail lists and other lists as well. However, I guess "list moms" can take advantage of the situation... :) Actually, this one has been going a bit wild all day and is playing havoc with a lot of the RootsWeb lists. And because of this I did feel that an exception should be made and some sort of notice sent to the list. Below is a copy of a message received on the listowners mail list that explains the concerns with this virus. The important thing to remember is... DO NOT OPEN ANY ATTACHMENTS. This is usually good advise in the best of times. It is especially important for now. Now.. what happens if you receive a message from someone you know that has an attachment. Well.. don't open it until you contact that person and ask them if they really did sent you a message with an attachment... at least that seems to be the safe thing to do at this point in time. Hopefully this too will pass.. soon we hope.. In the meantime, take care and read the message below ..... and... WATCH THOSE ATTACHMENTS... Emma As many Rootsweb mail list subscribers know, it is impossible to receive an attachment born virus from Rootsweb because the list servers at Rootsweb remove all attachments before sending a posting onto a list. Nonetheless, some of the larger Rootsweb lists are currently having problems due a new virus called W32 Bad Trans, which is spread subscriber to subscriber in a new and novel way. This virus and its variants are of special concern to list subscribers. This virus targets users of Outlook email programs, and rather than send a copy of the virus to all the email addresses in the address book as in past, it sends a virus to all the email addresses that are in unopened email in the Inbox. For example, if subscriber A posts to a list and subscriber B has an infected computer, subscriber A will get a virus induced response from subscriber B that will contain a virus in the attachment. More worrisome, is that subscriber A anticipating a response may eagerly open the attachment only to find a virus that now infects their machine and the process of a widening infection continues. I know some subscribers are on many lists and it is a special hazard for them. Needless to say you will want to make doubly sure your virus protection software is updated and be especially careful when opening attachments. I may temporarily unsubscribe infected machines to prevent further spread if necessary. McAfee has issued the following information on this virus. McAfee - AVERT Profile Virus Name Risk Assessment W32/[email protected] Low Virus Characteristics This mass mailing worm attempts to send itself using Microsoft Outlook by replying to unread email messages. It also drops a remote access trojan (detected as Backdoor-NK.svr with the 4134 DATs; detected heuristically as New Backdoor prior to the 4134 DAT release). When run, the worm displays a message box entitled, "Install error" which reads, "File data corrupt: probably due to a bad data transmission or bad disk access." A copy is saved into the WINDOWS directory as INETD.EXE and an entry is entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a valid keylogger DLL) are written to the WINDOWS SYSTEM directory, and a registry entry is created to load the trojan upon system startup. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunOnce\kernel32=kern32.exe Once running, the trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords. The next time Windows is loaded, the worm attempts to email itself by replying to unread messages in Microsoft Outlook folders. The worm will be attached to these messages using one of the following filenames (note that some of these filenames are also associated with other threats, such as W95/[email protected]): Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif The message body may contain the text: Take a look to the attachment. AVERT first received an intended version of this worm (10,623 bytes) on April 11 from a company in New Zealand. The file size of that sample is (c) 2001, Network Associates, Inc. and its affiliated Companies. All Rights Reserved.

    04/19/2001 06:46:40