Listers, I got this message earlier from Jean Snow (Thanks, Jean)......
It gives you some idea of how rampant this thing is. Remember........it is
NOT going through the lists, but it is taking it's addresses from the
computers of the infected persons. Jean is correct about that. I was hit
by it also....had four infected files........but the reason that I got it
was because there was an MP3 script that had started.......and it got hold
before the AV program caught it. Had I updated? Yes! Thanksgiving
day. I got this virus when I returned from WI........so I hadn't updated
for a few days. NOW am updating daily! Once this script starts, it's too
late. Worst of it is, this script was sent by some danged spammer!!!! Had
nothing to do with Rootsweb, list members, at all. However, I need to
stress that list members ARE being infected. I've received messages from
several that were blank, and had the underscore today alone. So DO run an
Antivirus program.....DO upldate it daily, and run a scan daily. This
thing isn't so bad in view of the fact that this one, at least, is more
easily eradicated from your system than some of the others........but it IS
running rampant. Please, please be careful!!
Mari
LIst Admin
Date: Wed, 28 Nov 2001 08:32:56 -0700
From: Jean Snow <snowstar(a)earthlink.net>
Subject: Virus Warning
I've been attacked 4 times* in the last few days (fortunately, I'd just
updated Norton Anti-Virus and it caught them immediately). They seem to
have come not from a RootsWeb list, but from members of the lists and are
proliferating like crazy (one poster got 400!)
1. Be sure to update and use your virus scanning software (I'm using it
now every time I download mail or go on the Internet)
2. The attachment the virus/worm rides on may be invisible, but a clue is
a letter from someone whose return address begins with an underline (for
example: _snowstaretc.) The message will be empty (that surprised me, but
though I trashed them, Norton had picked up and quarantined the virus.
3. Someone wrote that MS email users are vulnerable, but I use Eudora and
was hit.
4. You need to write the person who sent you the virus (empty message) and
of course, delete the underline from the address (or it won't be sent) to
tell them their computer is infected.
One, at least, is a new strain of the virulent BadTrans. virus. Many have
suffixes like .scr, .pif, and one I received came as a .exe file (.exe is
a program, and I never, NEVER open one). Good luck. Jean
*DDMNLPDD.exe, infected with W95.Hybris.worm
*Humor.MP3.scr, infected with W32.BadTrans.B@mm
*S3MSONG.doc.scr
*Hamster.doc.pif