[ Coordinator's note: As I've said before, I don't want to use this list as [ a computer security dissemination tool. Until very recently I haven't sent [ out any virus warnings, or anything else of the sort, because it's too easy [ to spread incomplete information, or misinformation, which can sometimes [ spread faster, and cause more lost productivity than the threat it was meant [ to warn against. However, in the last six months or so, attacks against [ computer systems have skyrocketed in number, cleverness, and potential damage. [ I will occasionally send warnings if they seem especially pertinent to our [ community. Arnold's message below is very much to the point and helpful. [ [ Please let's not make it a habit to re-send every little thing that comes [ across our desktops concerning email viruses, and if you send in a message [ that I don't re-send to the list, please don't be offended, but the environment [ really has gotten much more disturbing recently, so I think I will begin [ sending occasional security related info. [ [ If anyone has any other ideas on how to handle this type of message, please [ let me know. [ [ Steve Kelley **************************************************************************** ***** ************** IF THIS MESSAGE CONTAINS AN ATTACHMENT, DO NOT OPEN IT****** **************************************************************************** ***** Greetings all Many of you have sent messages to me over the last 10 days regarding the apparent targeting of your systems by the W32/Magistr virus contained within an email attachment seemingly originating from this address. I have caried out exhaustive checks on the three machines from which I send electronic mail (virus checking, and examination of logs) and can find no evidence that these malicious emails originate from UCL machines. Additionaly, all electronic mail leaving UCL passes through a virus scanner at the mail hub. I therefore strongly suspect that this viral worm has used some other person's address book to send mail with my email address in the 'from' field. W32/Magistr-A is a 'polymorphic Windows 32 executable file virus which spreads by infecting files and via email. Magistr includes highly destructive code which - if triggered - can delete all files from local and network drives, wipe the CMOS settings, and flash the BIOS chip of your computer. The virus searches the user's address book, mailboxes and other files present on the computer for email addresses. The virus specifically targets addresses from Outlook Express, Netscape Navigator and Internet Mail and News. It then sends itself to these email addresses using its own SMTP client.' (the above is taken from (www).sophos.com/virusinfo/analyses/w32mag.html) I make a point of using Eudora 3.06 as my email client as it is immune to the visual basic scriptable email worms, those of you who use outlook as your email client may well be more susceptible to this kind of viral attack, there are methods for disabling windows scripting and/or fixing the security loopholes (should this be security chasms?) in outlook. Those of you who wish to carry out this work should consult your network administrators. I regard all samples that I put through the flow as being positive for hep B,C HIV and whatever, even when they originate from trusted sources, considering the potential for damage that a malicious attachment can cause, it would be wise if we treated our electronic mail in the same manner. Best regards, Arnold _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Arnold Richard Pizzey Department of Haematology Royal Free and University College London Medical School 98 Chenies Mews London WC1E 6HX U.K voice: +44 020-7679-6234 Fax: +44 020-7679-6222 email: a.pizzey@ucl.ac.uk _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
This archive was generated by hypermail 2b29 : Sun Jan 05 2003 - 19:01:27 EST