actually, this virus sent by anhvu is NOT Code Red.. this is the same "old" w95/magistr (the "old" version of SirCam, the one with "hi!how are you" message) - only the filename is different. but it still is a virus, and _not_ one of the harmless kind. a. At 12:10 01.08.30. +0300, you wrote: >>>My computer says the attachments from this recent posting from "anhvu" on >>>the listserve are infected. DO NOT OPEN!!! >>> >>> >>>From: anhvu <[log in to unmask]> > >This was immediately suspicious. A one-hundred kilobyte message? > >I hope that list members will refrain from posting attachments to this >list. And also from posting in HTML fomat. Sending attachments to a >list is generally a bad idea and virus infections may be spread by >code imbedded in HTML messages that calls the virus when the message >is opened from a machine that is still online. Anything that >absolutely needs to be distributed can be posted on the web and the >URL announced on the list. The defunct e-groups issued all of their >electronic forums with a "vault" expressly for file distribution. > > >CODE RED WORM > >If you who may be running WinNT or Win2000 operating systems and have >not expressly taken precautions to protect yourself you are exposed to >attack. The worm is a parasite that enables those who distribute it to >control infected machines remotely via the Windows IIS Personal Web >Server. Estimates are that some 100,000 personal computers around the >world are now Code Red zombies. Most people operating infected >machines are unaware of the presence of a virus that has turned their >machines collectively into a powerful weapon in the hands of persons >unknown. > >The worm enters your computer while you are online by probing your >ports and entering, typically, through port 80, if it finds it open. A >friend of mine who is online most of the time intercepts 5 to 10 of >these worms a day. The first massive attack on July 1st infected more >than 300,000 machines world wide in the space of twelve hours. A >second wave occurred on August 1st, a third is expected on Saturday, >September 1st. > >Please investigate this yourselves. Check to see whether or not you >are running Microsoft Personal Web server - some implementations of >Windows install this as default. If you are, then assume that you are >infected. Check the Microsoft web site and take steps to remove the >worm and then either shut down IIS or download and install the MS >patch to protect yourself from the worm if you continue to use IIS. >The patch is not effective if your machine is already infected. > >The worm does not appear to be designed to damage your system or your >hardware, but rather to use your equipment for purposes that are >impossible to ascertain. > > >Best regards, > > >Omar > >To join or leave this LISTSERV list, please visit the list's web interface at: > http://listserv.muohio.edu/archives/ateg.html >and select "Join or leave the list" > >Visit ATEG's web site at http://ateg.org/ > To join or leave this LISTSERV list, please visit the list's web interface at: http://listserv.muohio.edu/archives/ateg.html and select "Join or leave the list" Visit ATEG's web site at http://ateg.org/