RootsWeb.com Mailing Lists
Home

Results for list 'zilesch'

Total: 1/1
    1. Virus Interception Policy ( VIP) and Trends of the new" Snealy Petes"
    2. John A Hansen

    3. Dear All: The new viruses are very deceptive and dangerous. They are being written by professional groups ( thieves) and used to get your SSN, passwords, and credit cards numbers. They are being written especially for email lists and to be distributed by the email list providers such as our own Rootsweb servers. It's the most serious attack on the email list system that I've seen in 30 years on the Internet. There are reports that Code Red is infecting 2000 computers per minute ( that is not a typo, it's per minute). You can verify this for yourself by going to www.caida.org Some of our own mailing lists are getting 70 return emails carrying the virus attachment for a single posting. So drastic problems call for drastic steps. Effective immediately I'm implementing a new policy on this mailing list. A; Send a copy ( reply not forward :-) of the infected message immediately to me at jahansen@qwest. B: Send a copy ( reply) to the infected user to let them know. C: Make a one time post to the mailing list of the name and user id of the infected user for an alert to all other subscribers. D: Block further messages in your email program from that user id until you get an all clear. Some additional Do's and a few Don't: Do: 1: Read the book "The Cuckoo's Egg" by Clifford Stoll. It was the first book ever written ( late 60's) on Virus. It describes how a off shore hacker was able to penetrate the nations highest security systems in a high security Unix environment to get classified info to sell to the KGB. It's entertaining and well written. 2: Make a one time ( that's once :-) posting to this list of receipt of a virus message from a user to alert the group of that infected user. 3: Send a copy of the message received to me so I have evidence of the infected user. I will be terminating their usage here do to their negligence of maintaining their system. 4: Keep your Anti Virus Software system up to date if you want to stay on the mailing list. If you have trouble maintaining Anti-Virus Software an option is to use the Message Boards. I'm trying to provide Gateways from the message boards to this list. 5: Do contact me if you need some references on Anti Virus Software. www.tucows.com has a nice selection ( 30 different packages) of freeware, shareware, and the professional brands. I use Norton, and it's street price is about $40.00 for their top of the line version. McAfee is good ( I own shares there = disclaimer) and there are numerous others. Weekly updates are the order of the day now and all of the brands provide those free of charge. BTW: I noted that AV software is the top downloads for the last several weeks) 6: Join the Virus Discussion List here at Rootsweb. VIRUS-DISCUSSION-L-request@computers.rootsweb.com 7: Monitor some of the newsgroups. A good one is alt.comp.virus Don't: 1: Post news of a new Virus. Most of those reports are hoaxes and are deceptive in nature. There is a major difference between making a posting regarding news of a virus and a posting regarding receipt of a virus attachment. One post is speculation and the other is fact/reality. If you want to send the news of a new virus to someone , send it to me and I'll track down the reality of the new Virus. There are currently over 500 new viruses ( and new versions) every week. 2: Do not activate any attachment from anyone until you are totally 100% convinced of the reliability. New viruses are being disguised to look like they come from your friends and previous contacts. They are made to look innocent with extensions of jpg, .doc .txt etc etc but believe me when I say the .pif .scr and .exe extension is there and covered up. These new viruses bring a whole new level of disguise and deception to the table. They can refer to recent correspondence with a friend or colleague or a recent posting that you made etc. They are real "Sneaky Pete's. A few additional References for you. 1: An analysis by David Moore (dmoore@caida.org) on the spread of the Code-Red (CRv2) Worm On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute. 43% of all infected hosts were in the United States, while 11% originated in Korea followed by 5% in China and 4% in Taiwan. The .NET Top Level Domain (TLD) accounted for 19% of all compromised machines, followed by .COM with 14% and .EDU with 2%. We also observed 136 (0.04%) .MIL and 213 (0.05%) .GOV hosts infected by the worm. A QuickTime animation of the geographic expansion of the worm is available. http://www.caida.org/analysis/security/code-red/ 2: Here is a URL for another Sircam explanation site. http://antivirus.about.com/library/weekly/aa072301a.htm?PM=n2072801a 3: Symantec ( Norton details) http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html So be careful: Best Regards John A Hansen jahansen@qwest.net List Adm

    07/28/2001 05:48:12