 |
 |
Dear all **Apologies for cross-posting** Please watch out for a particularly virulent virus - [log in to unmask] Once on your machine, this "worm" virus sends e-mails without your knowledge to people's e-mail addresses extracted from unread mail in your mail-box. I am raising this as I have had received unsolicited, infected e-mails from three different mail-list members (I won't disclose names to save embarassment, but I have written to each to warn them). Each of the infected e-mails that I have received have been launched from and based upon e-mails distributed by JISCMAIL (which is obviously where the virus has picked up e-mail addresses). Please note, I am not saying that JISCMAIL has issued a virused e-mail, rather that several list members have infected systems, which upon receiving a mail from the JISCMAIL service have allowed the virus to extract e-mail addresses and sent out virused e-mails without their owners knowledge. The point is that there is a very high chance that other list members may have received infected e-mails from these people too. I therefore felt it important to raise it on these mail-lists. Luckily, my anti-virus package scans e-mails and identified them/stopped them before my machine could become infected. This virus is dangerous as it is very infectious/widespread and it installs a programme that captures and transmits keystrokes, which could include passwords and credit card numbers. It is also dangerous as you do not have to even open it for it to infect your machine - apparently just having it appear in your Outlook or Outlook Express in-box is enough to infect your machine. No need to panic, but as I have said, given that I know that three list members have been infected, you should take great care and ensure that you virus scan your machine with reputable, up to date antivirus software. Details of the virus follow at the end of this e-mail. Regards Chris Meaney (AIMC) Managing Director ======================================================================== Harvard Consultancy Services Ltd, Bexin House, 2/3 St. Andrews Place Southover Road, Lewes, East Sussex, BN7 1UP Tel: 01273 897517, Fax: 01273 471929, E-Mail: [log in to unmask] Registered in England & Wales no. 3766540 Registered Office: 50 Harvard Close, Malling, Lewes, East Sussex, BN7 2EJ. ======================================================================== This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR DOCS S3MSONG ME_NUDE CARD SEARCHURL YOU_ARE_FAT! NEWS_DOC IMAGES PICS The first extension that is appended to the file name is one of the following: .DOC .MP3 .ZIP The second extension that is appended to the file name is one of the following: .pif .scr The resulting file name would look something like this: CARD.DOC.PIF NEWS_DOC.MP3.SCR etc. Users should not open any emails with an attachment that matches the names listed above. Any email that has such an attachment should be deleted HOW TO REMOVE/AVOID IT: Use up to date anti-virus software. For details on this and manual removal techniques, see also: McAfee antivirus site: http://vil.mcafee.com/dispVirus.asp?virus_k=99069& Sophos antivirus site: http://www.sophos.com/virusinfo/analyses/w32badtransb.html Symantec Anti-virus page: http:[log in to unmask] Microsoft page on how to avoid this virus: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-020.asp