medieval-religion: Scholarly discussions of medieval religion and culture
Laura Jacobus asked:
<< Is diane Auslander a member of this list? One of her emails has
unaccountably been sent to me, and it won't bounce back. As it's
confidential to a student, I'd like to let her know, somehow >>
and Bella Millett responded with:
<< I think we all got this one, and suspect that it wasn't
misrouted at all, but re-sent at random by a computer virus
(possibly Fizzer). Treat these things with care! >>
At the encouragement of listowner George Ferzoco I'm posting a
revised version of a response I send off-list to him, Laura, and
Bella.
***
First off, an explanation of the new subject header. "Malware" is a
general term for worms, viruses, and trojans and therefore
essentially means "any sort of software designed to make your
computer do something you wouldn't want it to." Most of the bugs
currently circulating are actually hybrid worm/viruses. These web
pages are a few years old:
http://www2.auckland.ac.nz/itss/interconnect/1999/bodysecuritydec99.html
http://users.iafrica.com/c/cq/cquirke/malware.htm
but go into more detail; a Google search for malware will find you a
good deal more. Now that I've given you the proper and technical name
I'm going to revert to the popular usage of "virus" for the sake of
convenience, but I thought it was a useful term to pass along.
I suspect that many people got the same message that Laura, Bella,
and I did. It had an attachment which I'm 99% sure was a virus - I
have a Mac and so can't easily make a positive ID - but the sending
out of random files or snippets of them from the hard drive of the
infected computer is a characteristic of a number of popular bugs.
Last week saw the debut of a new variant of the appropriately named
Bugbear called BugbearB; for those who might not remember the
original version, it was a very common if not particularly
destructive virus, although one with great potential for
embarrassment for its ability to distribute files from an infected
computer's hard drive. See:
http://www.f-secure.com/bugbear/
The new version is still not destructive in the classic sense of the
word; it won't reformat your hard drive, for example, but it is
significantly more insidious (see the additional note at the end of
my message) and has the potential to cause more harm in other ways.
See:
http://www.f-secure.com/v-descs/bugbear_b.shtml
(I should note that I have no connection to F-Secure; it simply
turned up near the top of a Google search for Bugbear. All the other
big anti-virus sites will have information about it too.)
Another feature of both Bugbear and the other widely circulating
virus, Klez, is that not only do they sometimes completely forge the
From: field, they can also combine real user names with domains taken
from other correspondents. That would explain both the practical
matter of Laura's attempt to contact DA bouncing (if I understand her
correctly) and why someone who appears to be an expert in matters
Celtic and medieval - going by the few Google hits DA generated -
would have a return address at Woods Hole Oceanographic Institute!
:-) (If in fact that *was* the From: domain in Laura's and Bella's
copies of the message.)
This would also explain why a check of the headers of the infected
message shows no indication of it having come from Woods Hole, but
rather from an address at Earthlink/Mindspring (although some bugs
are able to forge headers, or so I've read). The headers of my copy
also show no hint of it having come through the medieval religion
list, which is why I included George among the recipients of my
original message. The infected computer must have had the e-mail
addresses of the three of us somewhere on its hard drive - archived
copies of our deathless prose? I for one am rather flattered :-)- and
that's why we were blessed with copies of the grade report and the
bug. I assume others on the list received them too.
Even though the common viruses can totally forge headers, the fact
that the message was originally written by Diane Auslander and
presumably wouldn't otherwise have circulated widely suggests
strongly that it really was from her machine, with the only other
likely candidate being the student's computer.
An additional note: After writing the above I read DA's and CC's
responses posted to the list. One of the particularly devious
characteristics of BugbearB is that despite CC's assurances to the
contrary, it *is* capable of infecting a computer when a message
containing it is simply opened by the recipient. In other words, you
don't have to open or run the attachment; even looking at the e-mail
is enough *if* you're using an unpatched version of Outlook and
Internet Explorer. As the F-Secure page linked above puts it:
"The body of an infected message can contain I-Frame exploit. It
allows the worm to run automatically on some computers when an
infected e-mail is viewed (for example, with Outlook and IE 5.0 or
5.01)."
This quote is followed by a link to an MS patch which fixes the
problem. The bottom of the F-Secure page also has links to removal
tools (as I assume Symantec's and other similar sites do too).
See also:
http://www.internetnews.com/ent-news/article.php/2217561
and a search of Google News for "Bugbear" will provide hundreds more links.
I'm by no means an expert in any of these matters and don't really
have the right to offer advice on them, but I think it's safe to
encourage people using Microsoft operating systems to have virus
protection and to update it as often as possible. In addition I'd
make the potentially controversial suggestion that given the frequent
discoveries of vulnerability in MS's e-mail programs it might be
prudent to consider switching to an application that doesn't require
such frequent patches to plug security holes.
Best,
John
--
*** John McChesney-Young ** [log in to unmask] ** Berkeley,
California, U.S.A. ***
**********************************************************************
To join the list, send the message: join medieval-religion YOUR NAME
to: [log in to unmask]
To send a message to the list, address it to:
[log in to unmask]
To leave the list, send the message: leave medieval-religion
to: [log in to unmask]
In order to report problems or to contact the list's owners, write to:
[log in to unmask]
For further information, visit our web site:
http://www.jiscmail.ac.uk/lists/medieval-religion.html
|