Further information available at
http://www.datafellows.fi/news/2001/news_2001112600.shtml. Information
on hoax alerts at http://www.datafellows.fi/virus-info/. There are other
sites with info also
**********************************************************************
Jim Roberts Hon FMA
University of Leicester
Department of Museum Studies
http://www.le.ac.uk/museumstudies/ <http://www.le.ac.uk/museumstudies/>
+44 (0)116 252 3961
***********************************************************************
> -----Original Message-----
> From: Chris Meaney [mailto:[log in to unmask]]
> Sent: Tuesday, November 27, 2001 11:46 PM
> To: [log in to unmask]
> Subject: Virus alert
>
>
> Dear all
>
> **Apologies for cross-posting**
>
> Please watch out for a particularly virulent virus -
> [log in to unmask]
> Once on your machine, this "worm" virus sends e-mails without
> your knowledge
> to people's e-mail addresses extracted from unread mail in
> your mail-box.
>
> I am raising this as I have had received unsolicited,
> infected e-mails from
> three different mail-list members (I won't disclose names to save
> embarassment, but I have written to each to warn them). Each
> of the infected
> e-mails that I have received have been launched from and
> based upon e-mails
> distributed by JISCMAIL (which is obviously where the virus
> has picked up
> e-mail addresses). Please note, I am not saying that JISCMAIL
> has issued a
> virused e-mail, rather that several list members have
> infected systems,
> which upon receiving a mail from the JISCMAIL service have
> allowed the virus
> to extract e-mail addresses and sent out virused e-mails without their
> owners knowledge.
>
> The point is that there is a very high chance that other list
> members may
> have received infected e-mails from these people too. I
> therefore felt it
> important to raise it on these mail-lists.
>
> Luckily, my anti-virus package scans e-mails and identified
> them/stopped
> them before my machine could become infected.
>
> This virus is dangerous as it is very infectious/widespread
> and it installs
> a programme that captures and transmits keystrokes, which
> could include
> passwords and credit card numbers. It is also dangerous as
> you do not have
> to even open it for it to infect your machine - apparently
> just having it
> appear in your Outlook or Outlook Express in-box is enough to
> infect your
> machine.
>
> No need to panic, but as I have said, given that I know that
> three list
> members have been infected, you should take great care and
> ensure that you
> virus scan your machine with reputable, up to date antivirus software.
>
> Details of the virus follow at the end of this e-mail.
>
> Regards
>
> Chris Meaney (AIMC)
> Managing Director
>
> ==============================================================
> ===========
> Harvard Consultancy Services Ltd, Bexin House, 2/3 St. Andrews Place
> Southover Road, Lewes, East Sussex, BN7 1UP
> Tel: 01273 897517, Fax: 01273 471929, E-Mail: [log in to unmask]
>
> Registered in England & Wales no. 3766540
> Registered Office: 50 Harvard Close, Malling, Lewes, East
> Sussex, BN7 2EJ.
> ==============================================================
> ===========
>
> This worm arrives as an email with one of several attachment
> names and a
> combination of two appended extensions.
>
> The list of possible file names is:
> HUMOR
> DOCS
> S3MSONG
> ME_NUDE
> CARD
> SEARCHURL
> YOU_ARE_FAT!
> NEWS_DOC
> IMAGES
> PICS
>
> The first extension that is appended to the file name is one of the
> following:
> .DOC
> .MP3
> .ZIP
>
> The second extension that is appended to the file name is one of the
> following:
> .pif
> .scr
>
> The resulting file name would look something like this:
> CARD.DOC.PIF
> NEWS_DOC.MP3.SCR
> etc.
>
> Users should not open any emails with an attachment that
> matches the names
> listed above. Any email that has such an attachment should be deleted
>
> HOW TO REMOVE/AVOID IT:
>
> Use up to date anti-virus software.
>
> For details on this and manual removal techniques, see also:
>
> McAfee antivirus site:
> http://vil.mcafee.com/dispVirus.asp?virus_k=99069&
>
> Sophos antivirus site:
> http://www.sophos.com/virusinfo/analyses/w32badtransb.html
>
> Symantec Anti-virus page:
> [log in to unmask]" target="_blank">http:[log in to unmask]
>
> Microsoft page on how to avoid this virus:
> http://www.microsoft.com/technet/treeview/default.asp?url=/tec
hnet/security/
bulletin/MS01-020.asp
|