This is a multi-part message in MIME format. --part0_922669605_boundary Content-ID: <0_922669605@inet_out.mail.aol.com.1> Content-type: text/plain; charset=US-ASCII Please do read Ira's Advisory, and check your virus protection program to make sure it has Melissa listed! Anne --part0_922669605_boundary Content-ID: <0_922669605@inet_out.mail.aol.com.2> Content-type: message/rfc822 Content-transfer-encoding: 7bit Content-disposition: inline From: IraHelms@aol.com Return-path: <IraHelms@aol.com> To: jfultz19@idt.net Cc: GHelms8093@aol.com, ahmack@redshift.com, Mid101074@aol.com, hpolk@vopmail.x-press.net, S.M.Grimshaw <S.M.Grimshaw@btinternet.com>, WHELMS/0002086864@mcimail.com, ANNEMEDLIN@aol.com, kmcgee03@earthlink.net Subject: Re: advisory Date: Sun, 28 Mar 1999 19:06:21 EST Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit Hi Jeri, The important thing for you is that you have a large exposure to many addressees and in a list-type operation, you are especially vulnerable, because any of your addressees can bring the virus to you and you can send it out to everyone in those loops. Ok, so what do you do? You have to have a virus protection method which is updated frequently so as to pick up new things as they come along. This one is a family type thing so a specific wording or consequence is apt to change as it becomes ineffective (when most people are protected from it.) What virus protection do you use? Does your system scan each incoming message? Do you use Sendmail? If so apply the method listed in the Advisory. Do you use Microsoft Net? Microsoft WORD, Word 2000, or any other program with macros in it? In the Advisory, there is a Section III which has solutions for Melissa. There are addresses for the major Virus Scan programs listed in Sect. III. If you use one of those, contact them for their latest protection for Melissa. The broad direction is on page 3... which is : Encourage all of your users to disable macros in Microsoft Word (or any others) Notify all of your users of the problem and encourage them to disable the Word Macros., but also in any program which contains a macro language as this problem is not limited to Word users only. In WORD, you can automatically disable macro execution by: Click tools/Options/general, then, turn on the Macro Virus protection checkbox. In Word2000, macro execution is controlled by a security level variable similar to internet explorer by: click Tools/macro/security and chose High in the H M L options. High silently ignores the VBA code , Med. prompts in the same way that MS Word97 does to let you disable the VBA code, but Low runs it (the specific virus causing macro). WORD2000 supports Authenticode on the VB code. In the High option, you can specify sites that you trust and code from those will run. That sounds like a way to shut out sites (addresses) which are causing problems. I do not use any of those programs myself so I can't go beyond the ideas in the Advisory. I do have other programs which have macros, so I am still working on the problem. I don't know if there are parallel approaches to those outlined above for Word programs. I assume there are some in my Wordperfect program and maybe on others such as Word Pad, etc. I assume that if this type virus expands into those other programs that it will be necessary to do something specific about them. At the moment, I do not know exactly what effect disabling the Macros would have on the operation of those programs. I guess it would mean that a manual hot key would not work. Like for print, or something like that. I usually go to the trouble of clicking from level to level or step by step, rather than using shortcuts-most of which are probably macros. So, I don't think I would miss them. I just do not know for sure. Whenever something like this comes up, my approach is to take incremental, reversible steps, trying things as I go. Iike the High Med and Low approach as it is easily done and easily changed if it causes problems. See page 4 where there is a tutorial on this at: http://www.nai.com/services/support/vr/free.asp Regards, Ira To you other addressees: Jeri wrote to ask what she needed to do. This is my reply to her. Each of your situations is specific to you. The major thing is to see that you do not have to be using those specific WORD programs to be at risk. Even just having Microsoft Outlook, normally loaded with Windows-98, can get you, even if it is not active. Tose things are so interrelated that I do not know if you can safely just eliminate them. However, this sounds to me like the work of a disgruntled ex-microsoft employee. He/she seems to know where the weaknesses are. We are all on various lists which means exposure to a large number of people who are probably similarly situated, so we are all collectively at risk. I intend to be covered by a virus scanner which is updated for Melissa and is generally updated at least monthly; so, I hope that you will be able to consider my messages as ones you can trust. My latest virus scanner update was Mar 19; so, I need to do something right now, (whenever Norton is ready for it.) If you get specific direction from any of your programs or from your E-mail server, or Microsoft, I recommend that you do it. A final word is the old admonition to watch those downloads and attachments. Don't open any from unknown sources. The act of opening is the way the virus goes to hide and start to work, but sometimes later. Harold, You may be ahead of me in dealing with things like this; feel free to comment. I know you are packing to move so this may not reach you in days. In case you others don't know, Harold is moving to Arizona. Nancy and I had he and Marie to a farewell dinner last week. I will miss his help in many ways. --part0_922669605_boundary--