LISTSERV - MUSEUM-L Archives - HOME.EASE.LSOFT.COM

MUSEUM-L Archives

Museum discussion list

MUSEUM-L@HOME.EASE.LSOFT.COM

	LISTSERV Archives
	MUSEUM-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: virus alert
From:	Nicholas Burlakoff <[log in to unmask]>
Reply To:	Museum discussion list <[log in to unmask]>
Date:	Wed, 20 Aug 2003 16:39:01 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (69 lines)

I have had the same message today. I have also been under attack by this
worm for the past two days averaging one e-mail with the worm per hour.
Please be careful and keep your anti-virus software updated.
nburlakoff

-----Original Message-----
From: Museum discussion list [mailto:[log in to unmask]]On Behalf
Of Harry Needham
Sent: Wednesday, August 20, 2003 2:49 AM
To: [log in to unmask]
Subject: virus alert

Yesterday, I received a message from webshield on a server at the University
of Toledo to say that it had intercepted a message, purporting to come from
me, containing an attachment infected with the W32/Sobig.f@MM virus. I have
no idea how many other people around the world received a similar message.

It did NOT come from me, but rather from someone out there who had (a) my
email address on file and (b) a computer infected with the virus. Here's how
it works, as explained to me last evening by my son the computer whiz:

The virus is contained in an attachment, which arrives with a message which
seems to come from someone you may know. If you open the attachment, the
virus activates. It searches your pc for email addresses. It picks one of
these at random to be the "sender" and then sends a message with an infected
attachment to every other address it finds. Ingenious, isn't it? The
infected message can come from someone you know - but it really doesn't.The
virus is assisted by the way Microsoft Outlook Express can keep
automatically adding addresses to your address book, which lets it propagate
faster.

What is equally interesting is that the virus is one of the few that is
polymorphic. It mutates, to try to make detection difficult.

Fortunately, Norton (and, I am sure, McAffee) have been able to keep up with
it. For more information, go to: http://securityresponse.symantec.com/

Please keep your virus detection software up to date, use it, and don't open
unexpected attachments, even if it's from an address you may recognize.
Harry
--
Harry Needham, Principal ([log in to unmask])
Harry Needham Consulting Services Inc.
Solutions for Heritage Institutions - and Others!
74 Abbeyhill Drive
Kanata ON K2L 1H1 Canada
(Voice) +1.613.831-1068
(Fax) +1.613.831-9412

=========================================================
Important Subscriber Information:

The Museum-L FAQ file is located at
http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed
information about the listserv commands by sending a one line e-mail message
to [log in to unmask] . The body of the message should read "help"
(without the quotes).

If you decide to leave Museum-L, please send a one line e-mail message to
[log in to unmask] . The body of the message should read "Signoff
Museum-L" (without the quotes).

=========================================================
Important Subscriber Information:

The Museum-L FAQ file is located at http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed information about the listserv commands by sending a one line e-mail message to [log in to unmask] . The body of the message should read "help" (without the quotes).

If you decide to leave Museum-L, please send a one line e-mail message to [log in to unmask] . The body of the message should read "Signoff Museum-L" (without the quotes).

ATOM RSS1 RSS2

HOME.EASE.LSOFT.COM