We all had trouble with SIRCam. So pardon me if I pass this along. Cheryl United Press Int'l • Health News • Health Worm, e-mail virus attacking Internet By SCOTT BURNELL, UPI Internet Writer WASHINGTON, Sept. 18 (UPI) -- Private companies and a national computer security organization said Tuesday morning a new e-mail virus could be behind a "massive increase" in attempts to infect Internet servers worldwide. The first reports of both the virus and the increased malicious scanning attempts surfaced at about 9 a.m. EDT Tuesday, said Ken Van Wyk, president of Para-Protect, a computer security company in Centreville, Va. Although the source of the activity hasn't yet been traced, it started at almost exactly the same day and time at which the terrorist attacks began last week. Van Wyk told UPI it took only minutes for the e-mails and scanning behavior to show up across the company's client base, as well as at the home computers of its employees. The CERT Coordination Center, an organization at Carnegie Mellon University in Pittsburgh that studies computer vulnerabilities and acts as an information clearinghouse, also issued a warning Tuesday about the e-mail and "a massive increase in scanning activity directed at (a common computer Internet) port." An attachment in Microsoft Outlook e-mails appears to be the source of all the activity, Van Wyk said, although the company hasn't yet had a chance to analyze a copy of the e-mail. Opening the attachment, named "readme.exe," apparently forces the computer to run a program searching for 16 known security holes in Microsoft Internet Information Server software, he said. IIS was the program targeted by the "Code Red" and "Code Red II" worms earlier this summer, although it only runs on Windows NT and 2000 servers. The "readme.exe" virus, on the other hand, affects any Windows-based personal computer running Outlook, Van Wyk said. The "Code Red" occurrences prompted most companies to install fixes to IIS, so infection rates on Web servers appear to be low, he said. But far more seriously, this attack affects home computer users. Van Wyk said the scanning attempts come from computer addresses all over the Internet, including the digital subscriber line and cable modem connections associated with residential use. In order to minimize the attack's impact, PC users should avoid opening unfamiliar e-mail attachments, Van Wyk said. And for the time being, DSL or cable modem users should consider severing their Internet connection if that won't hurt an ongoing business or other important activity, he said. Antivirus software makers will distribute solutions for this attack as soon as they're available, Van Wyk said. -- Copyright 2001 by United Press International. All rights reserved.

This is a place you can go to get information about the virus: ----- http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html ----- From: "Cheryl Layton" <buckwus@bellatlantic.net> To: <OHLORAIN-L@rootsweb.com> Sent: Tuesday, September 18, 2001 9:06 PM Subject: [OHLORAIN] oof subject We all had trouble with SIRCam. So pardon me if I pass this along. Cheryl United Press Int'l . Health News . Health Worm, e-mail virus attacking Internet By SCOTT BURNELL, UPI Internet Writer WASHINGTON, Sept. 18 (UPI) -- Private companies and a national computer security organization said Tuesday morning a new e-mail virus could be behind a "massive increase" in attempts to infect Internet servers worldwide. The first reports of both the virus and the increased malicious scanning attempts surfaced at about 9 a.m. EDT Tuesday, said Ken Van Wyk, president of Para-Protect, a computer security company in Centreville, Va. Although the source of the activity hasn't yet been traced, it started at almost exactly the same day and time at which the terrorist attacks began last week. Van Wyk told UPI it took only minutes for the e-mails and scanning behavior to show up across the company's client base, as well as at the home computers of its employees. The CERT Coordination Center, an organization at Carnegie Mellon University in Pittsburgh that studies computer vulnerabilities and acts as an information clearinghouse, also issued a warning Tuesday about the e-mail and "a massive increase in scanning activity directed at (a common computer Internet) port." An attachment in Microsoft Outlook e-mails appears to be the source of all the activity, Van Wyk said, although the company hasn't yet had a chance to analyze a copy of the e-mail. Opening the attachment, named "readme.exe," apparently forces the computer to run a program searching for 16 known security holes in Microsoft Internet Information Server software, he said. IIS was the program targeted by the "Code Red" and "Code Red II" worms earlier this summer, although it only runs on Windows NT and 2000 servers. The "readme.exe" virus, on the other hand, affects any Windows-based personal computer running Outlook, Van Wyk said. The "Code Red" occurrences prompted most companies to install fixes to IIS, so infection rates on Web servers appear to be low, he said. But far more seriously, this attack affects home computer users. Van Wyk said the scanning attempts come from computer addresses all over the Internet, including the digital subscriber line and cable modem connections associated with residential use. In order to minimize the attack's impact, PC users should avoid opening unfamiliar e-mail attachments, Van Wyk said. And for the time being, DSL or cable modem users should consider severing their Internet connection if that won't hurt an ongoing business or other important activity, he said. Antivirus software makers will distribute solutions for this attack as soon as they're available, Van Wyk said. -- Copyright 2001 by United Press International. All rights reserved. ==== OHLORAIN Mailing List ==== Visit the Lorain County Genealogy page http://www.centurytel.net/lorgen