Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'stroup'

Total: 1/1
    1. Fwd: [EUDORA] FROM VIRUS-DISCUSSION LISTOWNER - EVERYONE PLEASE READ !!!!! (Was: RootsWeb can not transmit attachments)
    2. Bill Williamson

    3. >Resent-Date: Mon, 23 Apr 2001 03:01:20 -0600 >X-Original-Sender: [email protected] Mon Apr 23 03:01:19 2001 >X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 >Date: Sun, 22 Apr 2001 22:01:52 -0400 >Old-To: [email protected] >From: "George W. Durman" <[email protected]> >Old-Cc: [email protected], [email protected], This is excellant information about virus propagation and our mailing lists. Please take a few minutes and read it. Bill >OK, let's see if I can explain this so that everyone understands >how these latest viruses, trojans, and worms work. > >Let's start with the very latest, W32/[email protected], also seen >as W32/[email protected] Here are other aliases that have been >found: > >Backdoor-NK.svr , >BadTrans (F-Secure), >I-Worm.Badtrans (AVP), >[email protected] (NAV). > >There are several things about this one that need to be discussed, >how it is spread, and the danger to the infected user's computer. > >1) W32/[email protected] is received as a REAL attachment >(more about "real" vs. "inline" attachments later). It comes as an >actual file attachment, which is downloaded to a user's computer >into whatever directory is set up for such downloads. For >Eudora, Pegasus, and other "stand alone" email programs, >this will be something like "Downloads", "Attachments", etc. >For MS Outlook and MS Outlook Express, I'm not sure where >a separate attached file is placed. > >2) A user's computer is NOT infected UNTIL he/she clicks on >the attachment and "runs" it, that is, executes it so that it does >whatever it's supposed to do. > >3) Once a user clicks the attachment, it installs itself on to the >user's computer. It then does two things: > > a) It propagates itself so that every time the system is rebooted, >it mails itself to the sender of EVERY UNREAD EMAIL in the user's >MS Outlook FOLDERS. Notice that I say "folders", not "folder". >That means that if you filter incoming email into various created >folders, this trojan/virus searches all of them, not just the IN BOX. > > HERE'S THE REALLY DIRTY PART: The virus looks through >all those unread emails; it finds the originator of them (FROM:) >and REPLIES to the person who sent the original email. BUT, >it also attaches a copy of the infected file and mails it along >with the "reply". Thus, if John Doe sends an email to a person, >or to a Mailing List, when that email ends up on another user's >email program, and that other user is infected and hasn't read >John's email, John receives a reply containing a copy of the >virus as a separate clickable file. > > HERE'S WHY USERS KEEP INSISTING THAT VIRUSES CAN >BE SPREAD BY ROOTSWEB MAILING LISTS, AND WHY >THEY THINK THE ATTACHMENT CAME THROUGH A >MAILING LIST: Let me give an example - > > John Doe sends a post to the SMITH-L Mailing List. John >Doe's system is NOT infected. Every one of the 2,000+ users >of the SMITH-L Mailing List receives a copy of John's >email. One of these users, let's call him Bill Smith, has the >W32/[email protected] virus on his system. > > Now, Bill has a copy of John's email in his Outlook program. >He doesn't read it right away. He reboots his computer and, >when Windows restarts, the virus looks through Bill's email >in Outlook. It sends a reply to the sender of EVERY unread >email, AND attaches a copy of itself as a separate attachment. >It copies all the original headers, including those that show >the email came through [email protected] > > Then John, the original sender of the email, receives a >"reply" to his email, from Bill. John looks at the email and >sees that it is a reply to his original post. He also sees >[email protected] in several of the headers. As >far as he's concerned, he has received a normal reply back >through the Mailing List. > > If John is a "newbie", one of two things happen: > > I) He sees an attached file, with a message something like, >"Take a look to the attachment." He says to himself, "This >Bill Smith is answering my original post, AND he has sent >me an attachment which is probably a file having something >to do with information on my query." He clicks the attachment; >thus ANOTHER SMITH-L Mailing List user is infected. > >or > > II) He is savvy enough to know NOT to open the attachment, >BUT from the looks of the "reply" it appears that it came >back to him via the Mailing List. He screams and curses, >and says, "I knew it! I don't care what the Listowners and >the folks at Rootsweb say, these virus attachments ARE >coming through the Mailing List!" He then posts angry >posts to all the Mailing Lists to which he subscribes, >calling the Listowners and Rootsweb people liars. He >thus starts another round of uninformed posts about how >attachments CAN be passed through Mailing Lists, and >about how viruses CAN also be passed through the Lists. > > In short, this virus/trojan tricks recipients of infected >email into thinking the virus is being propagated via a >Mailing List. NOT SO !!!!! > > b) The other thing this virus/trojan does is this: > > Once running, the trojan attempts to mail the victim's IP >Address to the author. Once this information is obtained, >the author can connect to the infected system via the Internet >and steal personal information such as usernames, and passwords. >In addition, the trojan also contains a keylogger program which is >capable of capturing other vital information such as credit card >and bank account numbers and passwords. > >4) THIS IS WHY EVERY COMPUTER USER MUST HAVE >A FIREWALL ON HIS/HER COMPUTER !!!!! It doesn't matter >whether you are using a dialup modem, a cable modem, DSL, >or whatever, you NEED a firewall. A firewall is nothing more >than a small utility that prevents malicious people from entering >your system through a "back door". Once such a person has >your IP address, he/she can connect to your computer any >time your modem is connected, which is 27/7 for everyone but >those using a dialup modem. Of course, a dialup modem is >accessible only when you are actually "online". > >5) So, PLEASE, let's stop this latest round of blaming Rootsweb >Mailing Lists for allowing attachments, and for propagating >viruses, trojans, worms, etc. I know that in the future, as new >users subscribe, many of them will come to the same erroneous >conclusions and start the thread all over again. They should >be politely, but firmly, advised of the true situation. > >6) VERY IMPORTANT POINT: Some users insist that email >from Mailing Lists always comes as attachments. Not so! >SOME email programs, such as MS Outlook/Outlook Express >and AOL, convert ALL List email into attachments. This is >one of the most serious problems with such programs, and >causes users to think that they are receiving "real" attachments. > > "REAL" attachments are FILES that are outside the body >of an email, and come along with the email as a "rider". Other >so-called "attachments" are those that contain the actual text >from the body of an email. This is especially true for those >subscribers to the Digest Mode of Lists. MS Outlook and >AOL extract the body text and put it into "attachments". > >To the poster who was worried about "viruses going around >on the GEN-NEWBIE Mailing List": I hope you can see from >the above that the viruses are being sent from infected users' >computers, users who happen to be receiving email from the >List. > >This point MUST be made: If any user receives an infected >email, or an infected attached file, and it appears to have >come through a Mailing List, IT DID NOT. Blame the >problems, and resulting confusion, on a virus-writer who >is a little smarter than the average gomer. > >To end, here's a list of the KNOWN file-names that the >W32/[email protected] virus/trojan uses: > >Card.pif >docs.scr >fun.pif >hamster.ZIP.scr >Humor.TXT.pif >images.pif >New_Napster_Site.DOC.scr >news_doc.scr >Me_nude.AVI.pif >Pics.ZIP.scr >README.TXT.pif >s3msong.MP3.pif >searchURL.scr >SETUP.pif >Sorry_about_yesterday.DOC.pif >YOU_are_FAT!.TXT.pif > >So far, I have received virus attachments with the names >"README.TXT.pif" and "Sorry_about-yesterday.DOC.pif". > >Anyone reading this has my permission to copy it and >repost to individuals or other Mailing Lists. > >SgtGeorge >George W. Durman >VIRUS-DISCUSSION Listowner > >At 10:17 AM 04/22/2001, Richard D. Reddick wrote: >*********START OF ORIGINAL MESSAGE TEXT********* >>Okay, enough already - >>I have never experienced a virus sent through RootsWeb! Am >>on many RW forums/lists, manage several. Has something >>changed recently? Originally RootsWeb system could not >>transmit attachments. What's up? Others send or the worm >>sends such attachments, when you dig into the properties and >>encoding what you find is the message with that suspect >>attachment did not originate or come through RootsWeb! Period. >>St. George, this is still correct, right? >>How your new email software handles things may be suspect as >>well. Ignorance is never a reason to slander, but it is okay to ask >>and discuss. >>Richard >> >>From: Doris McGlone <[email protected]> >>To: [email protected] >>Subject: [GenHumor-L] Re: Virus? >> >>All of my mail from rootsweb lists come as attachments. Does >>that mean I shouldn't open them? This is scary. The Gen-Newbie >>list has had a lot of viruses going around also. I'm about to unsub >>from it. >>Doris >**********END OF ORIGINAL MESSAGE TEXT********** Bill Williamson, listowner Whitfield Co., S T R O U P & P E E L E R mail lists and Boards & ICQ-USERS list

    04/23/2001 05:02:05