a new one is on the loose, please update your virus scanners
as this is spreading fast. Ive already recieved 50+ lol

your infected if you recieved it or checked your mail. period!

so update and get it clean! please? :)



MIMAIL/MyDoom/Novarg Email Virus Continues

Beginning about 5 pm EST (2200 UTC) yesterday we began receiving a flood
of email containing a malicious attachment. To visually see what has
been arriving at our servers, we have two graphs available. We are
showing emails per 10 minutes at http://isc.sans.org/images/virus.png
and emails per hour at http://isc.sans.org/images/virus2.png . Notice
the drop-off overnight followed by the rapid increase this morning as
people came to work. There was a spike for the east coast workers and
another increase as the west coast came to work. The time across the
bottom is EST. Today's increase started at about 8 am Central European
time, again corresponding roughly to the time workers began opening
their mail. This afternoon there has been a gradual decrease as the
infected computers are brought under control. While no new variants have
been detected yet, it would not be
unexpected to see modified versions appear in the next few days.

A very detailed writeup of the events surrounding this malware
including analysis and discussions by
the Trojan Horses Research Mailing List is available online at
http://www.math.org.il/newworm-digest1.txt




--
--
http://www.kencofish.com Ken Arnold,
401-781-9642 cell 401-225-0556
Importer/Exporter of Goldfish,Koi,rare Predators
Shipping to legal states/countries only!
Permalon liners, Oase & Supreme Pondmaster pumps


Linux (SuSE 8.2) user #329121
Please Note: No trees or animals were harmed in the
sending of this contaminant free message We do concede
that a signicant number of electrons may have been
inconvenienced ;)

KenCo wrote:

> a new one is on the loose, please update your virus scanners
> as this is spreading fast. Ive already recieved 50+ lol
>
> your infected if you recieved it or checked your mail. period!

Nope. Need to open the attachment.

Safe viewer Irfanview:

http://www.pricelessware.org/2003/PL2003GRAPHICS.htm#A426

It's my default for *everything* it will handle. I think it needs a
couple of plug ins because of copyright problems.

> so update and get it clean! please? :)

Foxmail.

http://www.pricelessware.org/2003/PL2003INTERNET.htm#A343



Removing IE or OE will also close most loopholes, as will changing the
bindings.
http://www.epix.net/~artnpeg

Art Kopp (alt.comp.freeware and alt.comp.virus) is good people and one
of the early progammers. He has a lot of good info for the DOS based
windows programs, but it looks like he is fading off with the new NT
based M$ programs.

>My AV program, e Trust EZ Antivirus, won't alert on email, I think it is
>because the email is in a compressed format, but once the file or

Strange, MY EZ Trust lerts on email....

I got a few of these Es with the attachment, some my ISP picked up, but
some came thru. It was really interesting in that some of the From's looked
like people I should know, like people with my last name (but looking
closely not from anyone related to me). I thought that was either very
weird or they're getting trickier to get people in a hurry to open them.
~ jan

>I got a few of these Es with the attachment, some my ISP picked up, but
>some came thru. It was really interesting in that some of the From's looked
>like people I should know, like people with my last name (but looking
>closely not from anyone related to me). I thought that was either very
>weird or they're getting trickier to get people in a hurry to open them.

The From address is spoofed, but lookks real enough so that a lot of
users are opening the attachment.

Here is a good site to read about mydoomA:
http://www3.ca.com/virusinfo/virus.aspx?ID=38102

Hal wrote:

> That's great! Go ahead and open it. I'm just chicken. :) I'm not
> opening an attachment that looks suspicious just because it didn't alert
> until I put it on the hard drive. Then if it doesn't alert, it is OK.

Not necessarily. Most of the anti virus programs do not alert on brand
new viruses.

I leave questionable e-mail unopened for a couple days and update the
anti virus, then rescan. Mozilla also allows saving e-mail as .txt and
I open with notepad.

Any e-mail that cannot get read as text, gets tossed.

On Fri, 30 Jan 2004 13:49:14 -0900
Offbreed > wrote:

> Hal wrote:
>
> > That's great! Go ahead and open it. I'm just chicken. :) I'm
> > not opening an attachment that looks suspicious just because it
> > didn't alert until I put it on the hard drive. Then if it doesn't
> > alert, it is OK.
>
> Not necessarily. Most of the anti virus programs do not alert on brand
>
> new viruses.
>
> I leave questionable e-mail unopened for a couple days and update the
> anti virus, then rescan. Mozilla also allows saving e-mail as .txt and
>
> I open with notepad.
>
> Any e-mail that cannot get read as text, gets tossed.
>
I open anything that shows up in my inbox. Worms, trojans, viruses, and
such make no difference to me. I use a secure system. You can, too.

Cybe R. Wizard
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L

Cybe R. Wizard wrote:

> I open anything that shows up in my inbox. Worms, trojans, viruses, and
> such make no difference to me. I use a secure system. You can, too.

My ISP is not *nix freindly, and I cannot afford a Mac. So, I deleted
IE and OE and use 3rd party freeware for the internet, until I figure
out pppd, etc. Had it up once, hdd crashed.

On Fri, 30 Jan 2004 14:38:55 -0900
Offbreed > wrote:

> Cybe R. Wizard wrote:
>
> > I open anything that shows up in my inbox. Worms, trojans, viruses,
> > and such make no difference to me. I use a secure system. You can,
> > too.
>
> My ISP is not *nix freindly, and I cannot afford a Mac. So, I deleted
> IE and OE and use 3rd party freeware for the internet, until I figure
> out pppd, etc. Had it up once, hdd crashed.
>
Mine's not, either. I don't tell 'em. Good going, using something
other that Microsoft malware. I was a real Agent fan before having a
sea change.

Cybe R. Wizard
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L

On Fri, 30 Jan 2004 22:09:12 -0500
Hal > wrote:

> On Fri, 30 Jan 2004 23:16:52 GMT, "Cybe R. Wizard"
> <Cybe_R_Wizard@WizardsTower> wrote:
>
> >I open anything that shows up in my inbox. Worms, trojans, viruses,
> >and such make no difference to me. I use a secure system. You can,
> >too.
>
> Not if I have no idea what you are talking about. Sounds interesting
> though. What do you mean a secure system?
>
> Regards,
>
> Hal

A system built from the start to disallow simple users changing the
system at all except to install new software /to their own directories/.
A system which has full logging capacity in order to follow what has
been done to it. A system that only needs antivirus software to protect
others who may not use secure systems. There are really a bunch of
these type systems.

The one that I use is Debian GNU/Linux.

In effect, anything other than Microsoft OSes, for which viruses and
such are written, not because Windows is so prevalent, but because
Windows is written /to be insecure/. Follow the money.

The list of such secure systems includes such well known OSes as Mac
OSX, UNIX, Solaris, BeOS, and the BSDs and such little known OSes as
QNX.

Cybe R. Wizard
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L

In article >, KenCo says...
>
>
>a new one is on the loose, please update your virus scanners
>as this is spreading fast. Ive already recieved 50+ lol
>
>your infected if you recieved it or checked your mail. period!

very hard to buy into that one, you can not get the worm virus by receiving
email, In order to get it you must click on the attachment period. Too many
people believe everything they read or hear about this from misinformed people
and help spread their original message without seeking the facts themselves.

The reason that a virus is so sucessful is people are generally stupid and naive
when it comes to them. I never run virus software and never open up anything
that does not come in a picture or text, without knowlegde that I am getting
something else. Quit being stupid people and openening **** that can damage
your computer. Is it really going to kill you to have to delete the eamil
without reading it? DAH
>
>so update and get it clean! please? :)
>
>
>
> MIMAIL/MyDoom/Novarg Email Virus Continues
>
>Beginning about 5 pm EST (2200 UTC) yesterday we began receiving a flood
>of email containing a malicious attachment. To visually see what has
>been arriving at our servers, we have two graphs available. We are
>showing emails per 10 minutes at http://isc.sans.org/images/virus.png
>and emails per hour at http://isc.sans.org/images/virus2.png . Notice
>the drop-off overnight followed by the rapid increase this morning as
>people came to work. There was a spike for the east coast workers and
> another increase as the west coast came to work. The time across the
>bottom is EST. Today's increase started at about 8 am Central European
>time, again corresponding roughly to the time workers began opening
>their mail. This afternoon there has been a gradual decrease as the
>infected computers are brought under control. While no new variants have
>been detected yet, it would not be
> unexpected to see modified versions appear in the next few days.
>
> A very detailed writeup of the events surrounding this malware
>including analysis and discussions by
> the Trojan Horses Research Mailing List is available online at
> http://www.math.org.il/newworm-digest1.txt
>
>
>
>
>--
>--
>http://www.kencofish.com Ken Arnold,
>401-781-9642 cell 401-225-0556
>Importer/Exporter of Goldfish,Koi,rare Predators
>Shipping to legal states/countries only!
>Permalon liners, Oase & Supreme Pondmaster pumps
>
>
>Linux (SuSE 8.2) user #329121
>Please Note: No trees or animals were harmed in the
>sending of this contaminant free message We do concede
>that a signicant number of electrons may have been
>inconvenienced ;)
>

Cybe R. Wizard wrote:
> On Fri, 30 Jan 2004 22:09:12 -0500
> Hal > wrote:
>
>
>>On Fri, 30 Jan 2004 23:16:52 GMT, "Cybe R. Wizard"
>><Cybe_R_Wizard@WizardsTower> wrote:
>>
>>
>>>I open anything that shows up in my inbox. Worms, trojans, viruses,
>>>and such make no difference to me. I use a secure system. You can,
>>>too.
>>
>>Not if I have no idea what you are talking about. Sounds interesting
>>though. What do you mean a secure system?
>>
>>Regards,
>>
>>Hal
>
>
> A system built from the start to disallow simple users changing the
> system at all except to install new software /to their own directories/.
> A system which has full logging capacity in order to follow what has
> been done to it. A system that only needs antivirus software to protect
> others who may not use secure systems. There are really a bunch of
> these type systems.
>
> The one that I use is Debian GNU/Linux.
>
> In effect, anything other than Microsoft OSes, for which viruses and
> such are written, not because Windows is so prevalent, but because
> Windows is written /to be insecure/. Follow the money.
>
> The list of such secure systems includes such well known OSes as Mac
> OSX, UNIX, Solaris, BeOS, and the BSDs and such little known OSes as
> QNX.
>
> Cybe R. Wizard

and I use SuSE Linux profesional, Just becaluse I like its simplicity
( simple minds----simple OS's)


John Rutz

Cybe R. Wizard wrote:

> Mine's not, either. I don't tell 'em.

They don't mind. (They better not.) They just don't provide
assistance. KPU is a public utility, and, until recently, was focused
on maximising income. They are presently undergoing involuntary
restructuring <G>. They may become a little more responsive to user
needs in future, considering how much of the management has "retired",
"resigned", or been fired.

MrKnowitall wrote:

> very hard to buy into that one, you can not get the worm virus by receiving
> email, In order to get it you must click on the attachment period.

The idea you can get viruses by reading e-mail is related to the
difficulty in being certain that the e-mail program in use is text
only. The e-mail program authors keep putting extra capabilities in
the programs, and adding this to the upgrades. I suspect pressure from
spammers and big business who want to send advertisements (certainly
not the users with any sense).

Result? Big, wide open, back door for mal-ware.

On Sat, 31 Jan 2004 22:19:16 -0500
Hal > wrote:

> On Sat, 31 Jan 2004 04:03:24 GMT, "Cybe R. Wizard"
> <Cybe_R_Wizard@WizardsTower> wrote:
>
> >The one that I use is Debian GNU/Linux.
>
> I'm still trying to learn Windows. I hate new software. Things I
> can beat with a hammer or twist with a wrench come closer to matching
> my skills. :)
>
> Regards,
>
> Hal

I, too, am more inclined to be a mechanical tinkerer. I love to build
things, including computers and ponds. At the same time, that's one of
my favorite things about Linux, it's complete adaptability, a tinkerer's
dream. One guy controls his telescope out in the yard with his Linux
machine in the house with programs he wrote himself. Another just made
an embedded Linux system to play mp3s in his car. A fellow in Louisiana
is working on making his own personal wearable, fully connected Linux
computer and, working with his university, writing and testing
Linux robotic programs for self-propelled tractors for use in
large-scale farming. Now if I could just get my /own/ mind around that
programming stuff...

Of course, being a tinkerer, I break my installation once in a while...

BTW, did you know that the NSA has made a custom Linux distribution as
the base for it's own in house secure systems, then turned around and,
in the true spirit of Open Source software, made the source code and
all security enhancements available for download?
http://librenix.com/?inode=645

Cybe R. Wizard -still a duffer
--
Unofficial "Wizard of Odds," A.H.P.
Original PORG "Water Wizard," R.P.
"Wize(ned) Wizard," A.P.F-P-Y.
Barely Tolerated Wizard, A.J.L & A.A.L

Hal wrote:

> On Sat, 31 Jan 2004 04:03:24 GMT, "Cybe R. Wizard"
> <Cybe_R_Wizard@WizardsTower> wrote:
>
>
>>The one that I use is Debian GNU/Linux.
>
>
> I'm still trying to learn Windows. I hate new software. Things I can
> beat with a hammer or twist with a wrench come closer to matching my
> skills. :)

Well if you don't mind the computer not being usable afterwords...