Beginning March 2nd, 2020 the Mailing Lists functionality on RootsWeb will be discontinued. Users will no longer be able to send outgoing emails or accept incoming emails. Additionally, administration tools will no longer be available to list administrators and mailing lists will be put into an archival state.
Administrators may save the emails in their list prior to March 2nd. After that, mailing list archives will remain available and searchable on RootsWeb
Hi all,
This message is going out to all the lists I manage. If you receive
this multiple times, please keep one and read it. Use your delete key
on the rest...
EFFECTIVE IMMEDIATELY... GIVE ME ADVANCE NOTICE and RECEIVE MY RESPONSE
TO IT ***BEFORE*** you send me any material by way of attachment. Any
data arriving before a notice will be deleted.
~@~@~@~@~@~@~@~@~@~@~@~@
NEWBIES AND COMPUTER NOVICES, PLEASE BE SURE TO READ **ALL** OF THIS
MESSAGE... print this out if you have to, but understand that you need
this information so you can protect your own computer, hence protect the
rest of us...
A new and dangerous version of the Tanatos Virus has hit cyberspace that
all the major anti-virus houses have elevated to "red" on their scales
and consider it "extremely dangerous." We are talking about one virus
with TWO versions.
** Panda Anti-Virus Software has determined that this virus has already
affected 23% of the computers globally.
** In just a few hours, this virus has already infected more computers
than the Klez.I virus ~ the #1 virus since April 2002.
I personally have already received 32 messages containing attachments
with this virus. It is IMPERATIVE that you know about this one!
The first thing I want to let you know is that YOU CAN NOT be infected
by any messages coming from any of Rootsweb's lists. The threat to your
computer DOES NOT come from the list itself. It comes OFF THE LIST from
those friends, family members, acquaintances who have your email address
in their computer's address books. They MAY OR may not belong to the
same Rootsweb list(s) as you. That being said the following is
important to remember when you read the information after the seven
points I'll list below...
1. Rootsweb allows ONLY text messages through their filters.
Attachments to messages are NOT allowed, nor can they get through those
filters.
2. If you receive a message with an attachment that LOOKS like it came
from the list, it's probably a virus-laden message (reread #1, above).
DO NOT click on the attachment. Instead, either delete the message or
email back to the person you received the message from and see if they
sent you something by way of email. Just DON'T click on the attachment,
particularly if it has a double extension (see #5).
3. Next, if you don't already have one, get yourself an anti-virus
program IMMEDIATELY. A good, free one that I know of is AVG by Grisoft
<http://www.grisoft.com>. Once you have it in your computer, be sure to
update FREQUENTLY.
4. If you already have an AV program installed, update IMMEDIATELY.
Norton AV has issued two AV updates in as many days. AVG has also
issued updates and so has McAfee.
5. ANY file with a double extension (filename.pif.exe OR
filename.gif.scr) is an excellent clue that you're sitting on an
attachment with a virus in it. DO NOT OPEN IT!! Delete it immediately.
6. If your email program automatically opens attachments, go to your
program options and find out how to stop that. You want to have to
manually open them, especially now.
7. Quitting the Rootsweb lists you belong to isn't going to make your
computer safe, nor will this virus "go away" tomorrow or even next week.
Remember, it's whoever has you in their address books that you need to
be concerned about. It IS wise at this point though, to be wary of any
email list (for example, those at yahoogroups) that does allow attachments.
Let's get started learning about this new virus...
The new version of this malicious program, called Tanatos.b, has
dangerously destructive capabilities for infecting computer files.
Tanatos.a, also known as BugBear.a is a worm virus spreading via the
Internet as an attachment to infected emails. The worm also copies
itself over local networks to segments open for full access and runs
backdoor and PSW trojan routines.
Tanatos is a complex worm that contains many different elements:
1. Mass-mailer
2. Network Share Propagator
3. Keylogger
4. Remote Access Trojan
5. Polymorphic Parasitic File Infector
6. Security Software Terminator
The Tanatos (BugBear) worm itself is a Windows PE EXE file about 50KB in
length (it is compressed by the UPX utility), and written in Microsoft
Visual C++. Aliases for the Tanatos virus are:
Bugbear.B (F-Secure), PE_BUGBEAR.B (Trend), W32.Bugbear.B@mm (Symantec),
W32.Kijmo, W32.Shamur, W32/Bugbear.b.dam, Win32.Bugbear.B (CA)
***HOT*** THE INFECTED MESSAGES HAVE DIFFERENT SUBJECTS, BODIES, AND
ATTACHED FILE NAMES...
The worm sends messages of two types (which it randomly selects). In
first case, in order to run from the infected message the worm exploits
the IFrame security breach (as a result the worm activates when a
message is being opened or previewed in vulnerable (victim) systems). In
the second case the worm does not use "breach tricks" and the attached
worm copy activates from infected email only in case a user clicks on
the attached file. The Tanatos worm got its name from the text string
appearing in its code:
Project Tanatos
Installing
While installing the worm copies itself to the Windows system directory
under a random name and registers itself in the system registry auto-run
key:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce The worm's EXE
filename depends on the C: volume name, for example:
FYOM.EXE
YOK.EXE
The worm also places a DLL file in the Windows system directory under a
random name and uses this file to 'spy' on and record all keyboard input.
The virus contains a long list of domain names (related to banking
institutions). Strings within the virus suggest that if it determines
the victim machine to belong to such a domain, the following Registry
key is set:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSettings
"EmableAutodial" = 00 00 00 01
For a list of the domains carried in the worm, go to the bottom of the
page here: <http://vil.mcafee.com/dispVirus.asp?virus_k=100358>
Mass-mailing ~ ***IMPORTANT!!!***
This worm emails itself to addresses found on the local system (in files
and email messages). This goes for both the TO and FROM fields. Thus the
SENDER ADDRESS IS SPOOFED, OR FORGED, AND NOT A DIRECT INDICATION OF AN
INFECTED USER.
It extracts addresses from file names containing these strings:
* .DBX
* .EML
* INBOX
* .MBX
* .MMF
* .NCH
* .ODS
* .TBB
Spreading: Emails
To send infected messages Tanatos uses a direct connection to the
default email server. Victim email addresses are gotten from the
following file types:
*.ODS, *.MMF, *.NCH, *.MBX, *.EML, *.TBB, *.DBX, *INBOX*
This virus spreads over the network (via network shares) and by mailing
itself (using it's own SMTP engine).
The Tanatos worm searches for these files in the system and extracts
email-like strings from them.
The Subject field is selected from the following variants:
Greets!
Get 8 FREE issues - no risk!
Hi!
Your News Alert
$150 FREE Bonus!
Re:
Your Gift
New bonus in your cash account
Tools For Your Online Business
Daily Email Reminder
News
free shipping!
its easy
Warning!
SCAM alert!!!
Sponsors needed
new reading
CALL FOR INFORMATION!
25 merchants and rising
Cows
My eBay ads
empty account
Market Update Report
click on this!
fantastic
wow!
bad news
Lost & Found
New Contests
Today Only
Get a FREE gift!
Membership Confirmation
Report
Please Help...
Stats
I need help about script!!!
Interesting...
Introduction
various
Announcement
history screen
Correction of errors
Just a reminder
Payment notices
hmm..
update
Hello!
Additionally, the message Subject can be randomly selected by "Tanatos"
from a randomly selected disk file. Filenames may also be taken from
files found in the infected computer's personal folder.
The message Body is randomly selected by Tanatos varies and may contain
fragments of files found on the victim's system (including old email
messsages).
The attached file name is also randomly selected and it may have a
double extension, for example:
filename.XLS.SCR
Spreading: Network
Tanatos enumerates network resources shared for writing, looks for the
startup folder and copies its file to this folder (if found).
This routine has a bug and the worm also sends copies of itself to
shared network printers.
Backdoor - HOW TANATOS WORKS...
Tanatos is a remote access trojan, which means if your computer is
infected, the worm open a port on your computer where it then listens
for "master" commands (from the person or people who are controlling
it). The backdoor routine grants control over infected machines, giving
those who control Tanatos the ability to send/receive/copy/execute
files, terminate processes, send out user info. etc.
Tanatos also opens the HTTP server on infected machines, doing this
offers a WEB interface with which to manipulate infected machines.
PSW Trojan
The worm also has a trojan routine that sends user info and cached
passwords to several email addresses that are encrypted in the worm body.
Other
Among many others, Tanatos looks for the following applications and
tries to terminate them:
zonealarm.exe blackd.exe
lockdown2000.exe avwin95.exe
avgctrl.exe anti-trojan.exe
safeweb.exe navwnt.exe
navlu32.exe navapw32.exe
Recognize that these files are execution files to anti-virus software
programs. A full list of the applications Tanatos tries to attack can
be found at <http://www.viruslist.com/eng/viruslist.html?id=52245>.
Yes, there is a way to remove the virus from your computer if you find
that it's been infected. Depending on the AV program you use, you'll
need to visit their web site to get the repair.
Scan your computer OFTEN. Update to the MAX. Be alert and be cautious.
I've emphasized heavily about Rootsweb in this "head's up" because so
many messages come to us offlist that do, in fact, have viruses
attached. I get them every day. They appear to come FROM the list,
when they actually DON'T. So, don't worry about receiving list mail.
It's those messages offlist you need to be concerned about ~ which leads
me to reiterate...
The Tanatos (Bugbear) virus sends 3rd party emails where the FROM:
address is spoofed. Third party viruses have 2 victims, the receiving
and the spoofed sender. Rarely does a person today receive a virus
directly from the purported sender. The Tanatos virus spoofs email
addresses. So, if you receive an infected message from your mom (for
example), realize that it WILL NOT have come from her computer but from
someone (could even be someone she barely knows) who has her email
address it it. BE VIGILANT with regard to the attachment itself.
This information isn't meant to scare half the computer life out of you.
However, it IS meant to make you aware of this malicious virus that
can cost you money to get your computer repaired, cause you to lose your
files, AND make a lot of people cranky! It's vital that you protect
your computer so you can protect OUR computers.
Colleen Pustola
List Manager
Permission is given to pass this message along.
Hi family,
Okay, you've had several months off while I've been socializing with my
inlife relatives and getting my daughter married. Let's see if you're
ready for THIS challenge...
The warmer months are also the months people make moves. I know our
immigrant ancestors didn't move only during the warmer months, though
I'm sure they'd wished they had or could have.
1. This challenge is for you to tell us about your immigrant ancestors.
Keep in mind who this discussion group is all about! We don't want ALL
your immigrants, just the ones that apply to us.
2. IF you're unable to discuss your immigrant because you haven't found
him/her yet (neither have I), then tell us about the major moves that
your ancestors made in country - those who took to the trail.
How's that? :)
Colleen