>>My computer says the attachments from this recent posting from "anhvu" on >>the listserve are infected. DO NOT OPEN!!! >> >> >>From: anhvu <[log in to unmask]> This was immediately suspicious. A one-hundred kilobyte message? I hope that list members will refrain from posting attachments to this list. And also from posting in HTML fomat. Sending attachments to a list is generally a bad idea and virus infections may be spread by code imbedded in HTML messages that calls the virus when the message is opened from a machine that is still online. Anything that absolutely needs to be distributed can be posted on the web and the URL announced on the list. The defunct e-groups issued all of their electronic forums with a "vault" expressly for file distribution. CODE RED WORM If you who may be running WinNT or Win2000 operating systems and have not expressly taken precautions to protect yourself you are exposed to attack. The worm is a parasite that enables those who distribute it to control infected machines remotely via the Windows IIS Personal Web Server. Estimates are that some 100,000 personal computers around the world are now Code Red zombies. Most people operating infected machines are unaware of the presence of a virus that has turned their machines collectively into a powerful weapon in the hands of persons unknown. The worm enters your computer while you are online by probing your ports and entering, typically, through port 80, if it finds it open. A friend of mine who is online most of the time intercepts 5 to 10 of these worms a day. The first massive attack on July 1st infected more than 300,000 machines world wide in the space of twelve hours. A second wave occurred on August 1st, a third is expected on Saturday, September 1st. Please investigate this yourselves. Check to see whether or not you are running Microsoft Personal Web server - some implementations of Windows install this as default. If you are, then assume that you are infected. Check the Microsoft web site and take steps to remove the worm and then either shut down IIS or download and install the MS patch to protect yourself from the worm if you continue to use IIS. The patch is not effective if your machine is already infected. The worm does not appear to be designed to damage your system or your hardware, but rather to use your equipment for purposes that are impossible to ascertain. Best regards, Omar To join or leave this LISTSERV list, please visit the list's web interface at: http://listserv.muohio.edu/archives/ateg.html and select "Join or leave the list" Visit ATEG's web site at http://ateg.org/