Recent Emails w/ Attachments

[DougPulver@aol.com]

Hey guys, Is it just me? I've recently received a BUNCH of emails from "phole" and others with attachments and goofy subjects like "great music", "good shit", etc. I'm not in the habit of opening any emails from people I don't know, much less with attachments (even if they say " mg-tabc"). Am I being unnecessarily paranoid or do you guys generally feel the same way? It would certainly be too bad to have TABC bombarded with stupid "outside" junk. Now if these are actually stupid "inside" junk messages than I apologize. (Yes, Badger, this means you.) Is there some way to stop this if it's not coming from "us"? Thanks. Cheers, Doug TC 5850

[Frank O_ The Mountain]

In a message dated 12/1/01 13:48:38 Pacific Standard Time, DougPulver@aol.com writes: >>

[Skip Kelsey]

Doug: That stuff in loaded with virus. My McCafee anti-virus took care of it. I have been bombarded with E-Mail containing virus today. Skip................................................... At 04:47 PM 12/1/01 -0500, DougPulver@aol.com wrote:

>Hey guys, > >Is it just me? I've recently received a BUNCH of emails from "phole" and >others with attachments and goofy subjects like "great music", "good shit", >etc. I'm not in the habit of opening any emails from people I don't know, >much less with attachments (even if they say " mg-tabc"). > >Am I being unnecessarily paranoid or do you guys generally feel the same way? >It would certainly be too bad to have TABC bombarded with stupid "outside" >junk. Now if these are actually stupid "inside" junk messages than I >apologize. (Yes, Badger, this means you.) Is there some way to stop this if >it's not coming from "us"? Thanks. > >Cheers, > >Doug >TC 5850 > > > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

[Chip Old]

On Sat, 1 Dec 2001 DougPulver@aol.com wrote:

> Is it just me? I've recently received a BUNCH of emails from "phole" > and others with attachments and goofy subjects like "great music", > "good shit", etc. I'm not in the habit of opening any emails from > people I don't know, much less with attachments (even if they say " > mg-tabc").

The multiple messages from pohle@jps.net and cbrenner01@snet.net were infected with the "Aliz Worm", also known as the "Peace Worm," "Win32.Aliz", and "W95/Aliz.a". Aliz first appeared back in May, but didn't become a serious problem until late November. The fact that the messages appeared to be from pohle@jps.net and cbrenner01@snet.net means those two list members' PCs are infected by Aliz, which is sending out infected messages to all addresses in their address books. A PC becomes infected when the owner opens the file attachment from an infected message. However if the PC owner uses Outlook Express and has an unpatched Internet Explorer 5.01 or 5.5 on the PC, then simply reading the infected message will infect his/her PC. This is because the Aliz Worm takes advantage of a well-known "auto open" bug in Explorer which causes the infected file attachment to open automatically. See the following for more information about the Aliz Worm: http://www.F-Secure.com/v-descs/aliz.shtml http://vil.mcafee.com/dispVirus.asp?virus_k=99260& http://securityresponse.symantec.com/avcenter/venc/data/w32.aliz.worm.html For more info about the Outlook Express/Internet Explorer "auto open" bug, including a patch to fix it, see: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp The BadTrans.B Worm is another rapidly spreading virus that makes use of that same "auto-open" bug. Several BadTrans.B infected messages have also apperaed on the MG-TABC list recently. For more info on BadTrans.B, see: http://www.bcpl.net/news/news.20011128a.badtrans

> Am I being unnecessarily paranoid or do you guys generally feel the > same way? It would certainly be too bad to have TABC bombarded with > stupid "outside" junk. Now if these are actually stupid "inside" junk > messages than I apologize. (Yes, Badger, this means you.) Is there > some way to stop this if it's not coming from "us"? Thanks.

It is coming from us, not from outside. The MG-TABC list rejects messages sent by non-subscribers. That means pohle@jps.net and cbrenner01@snet.net are list members. Just keep in mind that they are not intentionally sending the virus-infected messages. Their infected PCs are doing it. There is no reason to be paranoid about this. Just make sure you're using an invulnerable version of Internet Explorer and Outlook Express. If you don't have an anti-virus program on your PC, get one. If you already have one, keep its virus description database up to date so it will know how to deal with the latest viruses. And never Never NEVER open an unexpected file attachment, even if it appears to be from someone you know. -- Chip Old (Francis E. Old) E-Mail: fold@bcpl.net Manager, BCPL Network Services Phone: 410-887-6180 Manager, BCPL.NET Internet Services FAX: 410-887-2091 320 York Road Towson, MD 21204 USA