Cousins, I don't ordinarily send out messages of this nature, and I don't intend to permit this to become a general topic for discussion, Nonetheless, the situation among e-mail correspondents just now is such that I felt it was best to inform you of a potentially serious problem. In the last few days, I have received two e-mail messages which contained the latest "worm" or virus making the rounds. I only mention it here because they came as attachments in e-mail which appeared to be coming from someone on a Mailing List, and had a Subject Line that I was familiar with. Here is what I have learned: First, while our Mailing Lists have a "RootsWeb" ISP, and this worm seems to be clogging some of the RootsWeb List subscribers' mailboxes, it is NOT being transmitted directly on the Lists (RootsWeb doesn't permit attachments of any kind). Thus, you DO NOT NEED TO WORRY regarding the messages that you receive ON THIS LIST. Second, although the message names a web-based service (MessageMates), that company is entirely innocent. In fact, they have provided an informational bulletin, parts of which I am quoting. The message will be brief, and may look something like this: - -------------------------------------------------------------------------- http://stuart.messagemates.com/index.html Hypercool Happy New Year 2000 funny programs and animations... We attached our recent animation from this site in our mail ! Check it out ! [and then an attachment] - -------------------------------------------------------------------------- The worm comes with a variety of nearly 20 names, but one of the most common is "bboy.exe". DO NOT RUN THE ATTACHMENT included in the email and PLEASE delete it and the email message immediately! Here are some facts that have been identified: 1. Symantec has named this worm: W32.NewApt.Worm. 2. Once opened/launched the worm will send a copy of itself to everyone in the computer's address book (some say "In Basket"). 3. It forges its own return address to look like it was sent by someone "else" in the address book. [In the the ones I received, one of them was supposedly from a Mailing List] 3. The file being passed as an attachment is approximately 68K. 4. The subject line of this message will vary but will appear to be a reply to something recently received by that machine. [As in the ones I received, the Subject lines were ones that sounded familiar] What I have done: There has been considerable discussion regarding the virus among the Listowners. RootsWeb has confirmed that it could become a serious threat because of the manner in which it propagates itself, but re-assures us that their filters to intercept attachments will send such messages "bouncing" to us as Listowners, and thus, you as subscribers will never see them. I have set all the Mailing Lists that I administer to "prepend" the name of the List at the start of the Subject line. This virus can't do that. So, even if the supposed "author" is a Mailing List, if it doesn't have that "prepend" name, be alert! What we can do: 1. Read the details of this worm virus by checking with Symantec at: http://www.symantec.com/avcenter/index.html including how to clean up an infected computer. 2. Upon receiving a suspect email with an .exe attachment from ANYONE, first email them back and confirm that they've intended to send a MessageMate. 3. Continue to open and read e-mail in a normal manner (the virus cannot do its dirty work until the file itself is launched -- ie, double-clicked). 4. Throw into the trash any attachments that come with the .exe extension, unless we are expecting them and know in advance what they contain. Regards to all at this special Holiday Season! JS List Custodian ____________________________ James Shuman, art instructor Modesto High School jshuman@telis.org ____________________________