 |
|
| Automated PC Solutions |
| VACM - Virus Alerts for the Common Man |
|
|
||||
|
||||
| VACM Home | APCS Home | Links | ||
|
||||
|
||
|
||
 |
||
|
||
|
||||||||||||||||||||||||||||||||||||||||||
People wishing to subscribe to VACM can do so by clicking here.
Greetings from The VACM Team,
In this issue:
------------------------------------
1. New HIGH RISK eMail and IIS virus spreading VERY fast
(learn what you can do to protect your systems)
2. Worth Repeating - new MAGISTR virus more cunning
*************************************************************
* 1. New HIGH RISK eMail and IIS virus spreading VERY fast
*************************************************************
W32/Nimda-A is an email virus that arrives with an attached
README.EXE file.
The Bottom Line
-------------------------------------------------
1. The "Nimda" virus will execute if you have your Outlook
preview pane turned on. The default settings for
Outlook and Outlook Express have the preview pane
turned on.
3. The default Windows settings will hide filename
extensions of files ending in ".EXE" and other
dangerous attachments.
4. Be wary of any mail with an attachment name "README".
Do not double-click on any "README" attachments.
Delete the email, or forward it to VACM@apcsnh.com
if you would like us to analyze it for you. Our
analysis results will be posted to the list and on
the VACM Archives web site.
What you should do...
-------------------------------------
There are a few things that you can do one time to
enhance your protection. These are basically changes
to the default Windows and email program settings.
We strongly encourage you to find some time to do
these on-time changes as soon as possible. Long time
VACM subscribers have probably done some or all of
these already.
For new VACM subscribers or those who need
instructions on overcoming the default settings
in Windows and your email program, simply visit
the VACM Archives and read the following articles:
"Disable Your Preview Pane Now!"
"Disable Hiding of File Extensions Now!"
"Do This First..." to disable WSH
Once you have made these changes to your system,
always remember the safe way to handle file
attachments...
Follow these simple steps ALWAYS and you won't
have to be afraid of attachments.
*** NEVER just double click file attachments in
emails directly!! There's a safer way...
Whenever I get file attachments, here's what I do:
-First, I do a LiveUpdate to get the latest virus
definitions installed (LiveUpdate is Norton,
yours may differ. Just get the latest virus
updates for your antivirus software installed.)
-Make VERY sure that your auto-protect is enabled
(usually this means that the antivirus icon down
in the system tray area does not have a red
circle and line through it).
-then, go back to the email message with the
attachment, right-click on the attachment and
do a "Save As" (this may be done differently in
email programs other than Outlook. Just make
sure you save the attachment to your hard drive,
rather than opening it directly from within the
email message by double-clicking on it). I
usually do the "Save As" and send the attachment
right to my desktop where it's easy to get to
later (for deleting or filing somewhere else).
So, what good did all that do?
Well, first you got the most up-to-date virus protection.
Then, by doing the "Save As" you actually gave your
AntiVirus software a chance to scan the file as it
was being written to your disk (desktop, or folder you
chose). That's right- you made sure that your antivirus
had a chance to look at the attachment.
Plus, you got to see exactly what the filename was
(including its file extensions) when you did the SaveAs.
If the filename ended in .VBS or .VBE or .PIF or .LNK
or .SCR or .EXE or .CMD or .BAT, these are highly
suspect. Go ahead and do the SaveAs to let the virus
scan happen, but you might still want to just delete
the email since rarely does anyone have any business
sending you a file of one of these types, unless
they are trying to get you to execute a virus
program, that is.
BTW, if you get a .EXE or one
of the other suspect file types, and it came from
someone you know, you might just email them back
and ask if they sent it to you and what it is.
Then wait for their reply before opening it.
They may not know they sent it to you if their
system has a virus quietly sending infected
emails to everyone that person knows.
Now, if the SaveAs completes without generating a
warning from your antivirus, and it is really a valid
file (such as a .DOC or .TXT or .XLS), only then should
you consider opening the attachment. You can then
double-click on it from the email message, or you can
double click the copy you saved to your desktop.
Either way, when you are done with the file, you
have a copy on your desktop that you can either
delete or move to a folder of your choice if it is
something you wish to keep.
******************************************************
* 2. Worth Repeating - New MAGISTR variant now making
* the rounds- very destructive!
******************************************************
Armed with your new knowledge in how to deal safely
with file attachments, you won't have to worry too much
about this one- as long as you adhere to the instructions
in this VACM alert.
Specifically, Magistr is a mass-mailing email worm arriving
as an .EXE attachment. The filename itself varies, and it
may include one or more files that are not part of the
infection but rather were lifted from the infected user's
machine. If the .EXE file is run, the virus will copy itself
to the Windows\System directory, infect Windows 32-bit
portable executable files on the system, and will also
register itself to run each time the system is rebooted.
In any event, five minutes after the virus was initially
run, it begins a mass-mailing routine based on addresses
found in Outlook, Outlook Express, and even Netscape Mail.
The body and subject line of the email appear to be derived
from files or emails on the infected user's system. This
could either cause the email message carrying the virus
to appear filled with gibberish, or conversely, the
chosen text could lend an air of legitimacy.
*******************************************************
* In Closing...
*******************************************************
Well, that's all we have time for in this edition.
It was lengthy, I know, but very important information
that can save you lots of aggrevation!
Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions
|
*** Be sure to check out the appendix at the end of this alert
******** APPENDIX - Handy How-To Tips ********** * How To Boot into Safe Mode Shut the computer down so that the power is off.
|