Hello all listers,
This came through on the Listowners List tonight. Please be aware of this
problem and do not fill the mailing list with virus/worm messages. Please be
sure that your virus programs are up to date and do not open any attachments
until you verify from the sender that you were sent an attachment. If you do
not know the sender, DO NOT open attachment.
Date: Tue, 01 Oct 2002 11:22:12 +1000
From: "Andrew Billinghurst" <billingh(a)rootsweb.com>
Subject: [LO] [info] Our subscribers have a new virus/worm, ~69kb posts
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
I am seeing numbers of our subscribers being infected with either a new
virus or a
>fresh bout of a new variation of a virus/worm, the latter is my
preferred guess, as >you will see something like.
> Content-Type: audio/x-midi;
> name=SECOND CARD.pub.pif
> Content-Transfer-Encoding: base64
> Content-ID: <Vzz4MovYIcYiz>
>From what I can see,
* it takes addresses from address books or old emails, I think more likely
to be
old >emails [gathering from who I am getting them from]
* it sends an email with about a 67kb payload, so it uses its own
mailing
engine, >attachment names like adaptec.jml.pif
* it seems pretty virulent as I received 7 in a few hours and this is
the
first that I >have seen of it
* it doesn't seem to spoof email From: addresses, from what I can
see of the
headers
What will happen?
* It seems to get past some virus software, and I would hazard a guess that
there
>will be new virus definitions out in the next few days to help.
* I think that where ISPs have virus software, some will kill it but
some
ISPs won't.
What do you do?
Well to quote Elmer Fudd, "be wery wery careful". Do you need to tell your
lists? >IMO no.
Regards Andrew
If you have any questions about this, please contact me at
CAVER-admin(a)rootsweb.com
.
Peace to all,
Nina
List Caretaker