Beginning March 2nd, 2020 the Mailing Lists functionality on RootsWeb will be discontinued. Users will no longer be able to send outgoing emails or accept incoming emails. Additionally, administration tools will no longer be available to list administrators and mailing lists will be put into an archival state.
Administrators may save the emails in their list prior to March 2nd. After that, mailing list archives will remain available and searchable on RootsWeb
I am just testing to see if the lists are still up and running. If you notice
I have the date and time on my e-mail. Might be a good idea don't you think?
Renee Waring
Please be aware that many individuals that do send out Virus do so intentionally. They will create an imaginary email address and send it out just to create problems and for kicks.
The best thing to do is to install a virus scan, many are on the market and do a fantastic job of protecting your system.
Sorry to hear that people do this for kicks, beware that the year 2002 is suppose to be really bad for this such activity.
Bill Filber
Spring Lake, Michigan
This morning I rec'd a virus within an answer [or I suppose it was] to a message that I posted last night on a Querie Board for Pennsylvania re: Alexander Taggart in Pennsylvania c 1780.
This virus came from someone named Doyle T. Brittain an it looks like the list from which he got/sent this is PANORTHU-L which I never heard of before this morning. I can't find this list at Rootsweb...[only took cursory look this morning!]
The virus was the W32 Badtrans.B@mm virus. This wipes out your hard drive.
I do not know this person...so if any on the list know him would you please get in touch with him and tell him that a virus is attached to his messages. I tried to e-mail him back but it bounced back to me...so I don't know what that means. He should know that he is unknowingly sending this out to others~!
Thanks,
Carol E. Taggart,
Windsor, Ontario
tagg(a)sprint.ca
Greetings, PAGENWEB-L(a)rootsweb.com
I thought you would be interested in knowing about this computer Virus...
Name: W32/Badtrans@MM
Characteristics:
UPDATE November 25, 2001 20:30 PST AVERT has raised the Risk Assessment on
the Badtrans.b variant to Medium On Watch for corporate users and High for
home users. We have received many reports that the virus is being seen and
stopped at corporate gateways and mailservers. However, we continue to get
reports from the home user segment that they have become infected. This is
due to the fact that home users tend to update their DAT files less
frequently.
As noted below, the virus is detected as W32/Badtrans@MM as the detection
technology, which identified the virus first, uses this naming convention
for both variants of the Badtrans virus.
This new variant of Badtrans drops a password stealing trojan which is
detected as PWS-Hooker with the 4173 DATs, or greater, and a variant of
PWS-AV with the 4172 DATs.
UPDATE November 24, 2001 15:30 PST A new variant of Badtrans has been
discovered. This is considered to be variant .b by some companies.
VirusScan and other McAfee products with DAT files 4168 are protected from
this variant without any updating from that DAT. The variant will be
detected as W32/Badtrans@MM when scanning compressed files.
This variant is a Medium risk as is the first variant. Your risk of
infection is higher if you do not have the 4168 DAT files or above. See
the <A href="#Bvariant">.b section below</A> for more details on this
variant.
Badtrans.a details: This mass mailing worm attempts to send itself using
Microsoft Outlook by replying to unread email messages. It also drops a
remote access trojan (detected as Backdoor-NK.svr with the 4134 DATs;
<I>detected heuristically as New Backdoor prior to the 4134 DAT
release</I>).
When run, the worm displays a message box entitled, "Install error" which
reads, "File data corrupt: probably due to a bad data transmission or bad
disk access." A copy is saved into the WINDOWS directory as INETD.EXE and
an entry is entered into the WIN.INI file to run INETD.EXE at startup.
KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a keylogger DLL detected
as PWS-AV (was DUNpws.av) are written to the WINDOWS SYSTEM directory, and
a registry entry is created to load the trojan upon system startup.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kerne
l32=kern32.exe
<I>Note: Under WinNT/2K, an additional registry key value is entered
instead of a WIN.INI entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE </I>
Once running, the trojan attempts to mail the victim's IP Address to the
author. Once this information is obtained, the author can connect to the
infected system via the Internet and steal personal information such as
usernames, and passwords. In addition, the trojan also contains a
keylogger program which is capable of capturing other vital information
such as credit card and bank account numbers and passwords.
The next time Windows is loaded, the worm attempts to email itself by
replying to unread messages in Microsoft Outlook folders. The worm will be
attached to these messages using one of the following filenames (note that
some of these filenames are also associated with other threats, such as <A
target=_blank
href="http://vil.nai.com/vil/dispVirus.asp?virus_k=98797">W95/MTX.gen@M</A
>):
Card.pif docs.scr fun.pif hamster.ZIP.scr Humor.TXT.pif images.pif
New_Napster_Site.DOC.scr news_doc.scr Me_nude.AVI.pif Pics.ZIP.scr
README.TXT.pif s3msong.MP3.pif searchURL.scr SETUP.pif
Sorry_about_yesterday.DOC.pif YOU_are_FAT!.TXT.pif
The message body may contain the text:Take a look to the
attachment.<I>AVERT first received an intended version of this worm
(10,623 bytes) on April 11 from a company in New Zealand.</I> <A
name=Bvariant>
Badtrans.b details: This mass mailing worm attempts to send itself using
Microsoft Outlook by replying to unread and read email messages. It also
mails itself to email addresses found within files that exist on your
system. It drops a keylogging trojan (detected as PWS-Hooker with the 4173
DATs, or greater) into the SYSTEM directory as KDLL.DLL. This trojan logs
keystrokes for the purpose of stealing personal information (such as
credit card and bank account numbers and passwords). This information is
later emailed to the virus author(s).
When run, this variant copies itself to the WINDOWS SYSTEM directory as
KERNEL32.EXE and creates a registry run key to load itself at startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunOnce\kernel32=kernel32.exe This variant replies to incoming email
messages and sends itself to email addresses found in "*.asp" and "*.ht*"
files. The sender address used by the virus when emailing itself to others
may be chosen from the following list: <FONT size=3><XMP>" Anna"
<aizzo(a)home.com>
"JUDY" <JUJUB271(a)AOL.COM>
"Rita Tulliani" <powerpuff(a)videotron.ca>
"Tina" <tina0828(a)yahoo.com>
"Kelly Andersen" <Gravity49(a)aol.com>
"Andy" <andy(a)hweb-media.com>
"Linda" <lgonzal(a)hotmail.com>
"Mon S" <spiderroll(a)hotmail.com>
"Joanna" <joanna(a)mail.utexas.edu>
"JESSICA BENAVIDES" <jessica(a)aol.com>
" Administrator" <administrator(a)border.net>
" Admin" <admin(a)gte.net>
"Support" <support(a)cyberramp.net>
"Monika Prado" <monika(a)telia.com>
"Mary L. Adams" <mary(a)c-com.net>
</XMP></FONT>
Additionally, the virus prepends the return address used with an "_"
(underscore). Thus replying to an infected message will fail to reach the
intended recipient.
The message subject is typically: "Re:"
The message attachment name will be one of the following: <!-- HIDE ME
is created from three sections. The first part is chosen from the
possibilities:
fun Humor docs info Sorry_about_yesterday Me_nude Card SETUP stuff
YOU_are_FAT! HAMSTER news_doc New_Napster_Site README images Pics The
second part is chosen from the possibilities:
DOC. .MP3. .ZIP. and the last part from the possibilities:
pif scr
UNHIDE ME -->
Card.DOC.pif docs.DOC.pif fun.MP3.pif HAMSTER.DOC.pif Humor.MP3.scr
images.DOC.pif info.DOC.scr Me_nude.MP3.scr New_Napster_Site.MP3.pif
news_doc.DOC.scr Pics.DOC.scr README.MP3.scr S3MSONG.DOC.scr
SEARCHURL.MP3.pif SETUP.DOC.scr Sorry_about_yesterday.MP3.pif
stuff.MP3.pif YOU_are_FAT!.MP3.scr This new variant uses the iframe
exploit and incorrect MIME header to run automatically on unpatched
systems. See <A target=_blank
href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/s
ecurity/bulletin/MS01-020.asp">Microsoft Security Bulletin (MS01-020)</A>
for more information and a patch.
To check your system for this Virus, and to learn how to protect yourself
from computer viruses, visit the McAfee.com Clinic at
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103.
For complete information on this Virus, view McAfee.com's Virus
Information Library listing at
http://vil.mcafee.com/dispVirus.asp?virus_k=99069.
This email was sent to you by Teekeela Williams