Virus Alert

<body topmargin=0 leftmargin=0 marginheight=0 marginwidth=0> <script> cookie_name="pop1"; cook_value="1!!1258852394"; cook_expires="Sun, 22 Nov 2009 01:14:14 GMT"; document.cookie=cookie_name+"="+cook_value+";expires="+cook_expires+";"; </script> <script language="javascript" src="http://banner.0catch.com/cgi-bin/popup_mainsite.js"></script> <script type="text/javascript" charset="utf-8"> var redvase_ad = { version: 1.5 }; redvase_ad.publisher = 'zerocatch'; redvase_ad.kind = 'popunders'; redvase_ad.content = 'pop'; redvase_ad.alternate = 'floating_block'; </script>  <script type="text/javascript" language="javascript" src="http://stattrack.0catch.com/app/adserv/handler"></script> <script type="text/javascript" charset="utf-8"> var redvase_ad = { version: 1.5 }; redvase_ad.publisher = 'zerocatch'; redvase_ad.kind = 'zerocatch_tips_tricks_newsletter'; redvase_ad.content = 'creative' </script> <script src="http://redvase.bravenet.com/javascripts/redvase.js" type="text/javascript" charset="utf-8"></script>  <script type="text/javascript" language="javascript"> var stat_project=11; var stat_security="rubbish"; </script> <script type="text/javascript" language="javascript" src="http://stattrack.0catch.com/stat.js"></script> <noscript><a href="http://stattrack.0catch.com/" target="_blank"><img src="http://stattrack.0catch.com/app/track/handler?user=11&key=rubbish" alt="StatTrack" border="0"></a> </noscript>  </noscript></div></xmp></style> <style type="text/css">  </style>  <center> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td bgcolor="#ffffff"><center><font color="BLUE" size=-1> <a href="http://www.1accesshost.com" target="_blank">free web hosting</a> | <a href="http://www.0catch.com" target="_blank">website hosting</a> | <a href="http://www.bluefishhosting.com" target="_blank">Business WebSite Hosting</a> | <a href="http://submitsolution.com/freesitesubmission.php">Free Website Submission</a> | <a href="http://www.qccart.com">shopping cart</a> | <a href="http://www.bluehost.com">php hosting</a><br /> </font></center> </td></tr> </table> </center> <table border="0" cellspacing="1" cellpadding="1"> <tr> <td align="left"><a href="http://1accesshost.com" target="_blank"><img src="http://0catch.com/freewebsite.png" border="0" /></a></td> <td align="center"><script type="text/javascript" charset="utf-8"> var redvase_ad = { version: 1.5 }; redvase_ad.publisher = 'zerocatch'; redvase_ad.kind = 'leaderboard'; redvase_ad.content = 'creative'; </script> <script src="http://redvase.bravenet.com/javascripts/redvase.js" type="text/javascript" charset="utf-8"></script></td></tr><tr><td colspan="2" align="center"><script type="text/javascript"> rnd = (new String(Math.random())).substring(2,8) + (((new Date()).getTime()) & 262143); ad_par = 13100; sb_size = ''; sb_button = ''; sb_image = ''; rs_logo = 'http://www.armadasearch.com/arm_logos/logo-blue.jpg'; rs_theme = 'coolSteel'; rs_tmp = ''; rs_type = 'basic'; document.write('<scri' + 'pt type="text/javascript" src="http://adunit.adrevmedia.com/search.js?' + rnd + '"></scr' + 'ipt>'); </script> </td></tr></table><!POP YES 1 bravepages 1258852394-0 visited=11%2F21%2F2009; visited=11%2F21%2F2009; visited=11%2F21%2F2009><table cellpadding=0 cellspacing=0 border=0><tr> <td valign="top" colspan=2 height=90 BGCOLOR="#FFFF66" TEXT="#080000" bgproperties="fixed" background="19400760dkfegl.jpg"> <div> <FONT SIZE="5" COLOR="#BF0000" FACE="Times New Roman" ><B>SOLDIER OF GOD</B></FONT><FONT SIZE="2" COLOR="#BF0000" FACE="Times New Roman" ><B> </B></FONT><FONT SIZE="2" COLOR="#FFFF33" FACE="Times New Roman" ><B>   </B></FONT><B> |     </B><A HREF="index.htm" TARGET="_top" TITLE="SOLDIER OF GOD"><U><B>home</B></U></A></div> <div> <A HREF="id17.htm" TARGET="_top" TITLE="About Us"><U><B>About Us</B></U></A><B>   |   </B><A HREF="id59.htm" TARGET="_top" TITLE="DO YOU LOVE JESUS"><U><B>DO YOU LOVE JESUS</B></U></A><B>   |   </B><A HREF="id27.htm" TARGET="_top" TITLE="Four Spiritual Laws"><U><B>Four Spiritual Laws</B></U></A><B>   |   </B><A HREF="id60.htm" TARGET="_top" TITLE="I Want Jesus In My Life"><U><B>I Want Jesus In My Life</B></U></A><B>   |   </B><A HREF="id106.htm" TARGET="_top" TITLE="ONLINE COUNSELING"><U><B>ON-LINE COUNSELING</B></U></A><B>   |   </B><A HREF="id90.htm" TARGET="_top" TITLE="Daily Dose"><U><B>Daily Dose</B></U></A><B>   |   </B><A HREF="id109.htm" TARGET="_top" TITLE="Daily Christian Reading"><U><B>Daily Christian Reading</B></U></A><B>   |   </B><A HREF="id114.htm" TARGET="_top" TITLE="ONLINE BIBLE COLLEGE"><U><B>ON-LINE BIBLE COLLEGE</B></U></A><B>   |   </B><A HREF="id111.htm" TARGET="_top" TITLE="ONLINE GREETING CARDS"><U><B>ON-LINE GREETING CARDS</B></U></A><B>   |   </B><A HREF="id86.htm" TARGET="_top" TITLE="ONLINE LIVE CHAT"><U><B>ON-LINE LIVE CHAT</B></U></A><B>   |   </B><A HREF="id113.htm" TARGET="_top" TITLE="POEMS BY SOUXSIEY"><U><B>POEMS BY SOUXSIEY</B></U></A><B>   |   </B><A HREF="id92.htm" TARGET="_top" TITLE="An Invitation"><U><B>An Invitation</B></U></A><B>   |   </B><A HREF="id88.htm" TARGET="_top" TITLE="Greeting Cards"><U><B>Greeting Cards</B></U></A><B>   |   </B><A HREF="id91.htm" TARGET="_top" TITLE="SPURGEON DAILY DEVOTIONAL"><U><B>SPURGEON DAILY DEVOTIONAL</B></U></A><B>   |   </B><A HREF="id94.htm" TARGET="_top" TITLE="PowerPoint TRACTS"><U><B>PowerPoint TRACTS</B></U></A><B>   |   </B><A HREF="id73.htm" TARGET="_top" TITLE="Message Board"><U><B>Message Board</B></U></A><B>   |   </B><A HREF="id71.htm" TARGET="_top" TITLE="Interview With God The Movie"><U><B>Interview With God - The Movie</B></U></A><B>   |   </B><A HREF="id61.htm" TARGET="_top" TITLE="CHRISTIAN MOVIES"><U><B>CHRISTIAN MOVIES</B></U></A><B>   |   </B><A HREF="id87.htm" TARGET="_top" TITLE="Frequently Asked Questions"><U><B>Frequently Asked Questions</B></U></A><B>   |   </B><A HREF="id49.htm" TARGET="_top" TITLE="Ministry Links"><U><B>Ministry Links</B></U></A><B>   |   </B><A HREF="id103.htm" TARGET="_top" TITLE="The Video Man"><U><B>The Video Man</B></U></A><B>   |   </B><A HREF="id56.htm" TARGET="_top" TITLE="HTML WebSite Links"><U><B>HTML Web-Site Links</B></U></A><B>   |   </B><A HREF="id20.htm" TARGET="_top" TITLE="Contact Us"><U><B>Contact Us</B></U></A><B>   |   </B><B>Virus Alert</B><B>   |   </B><A HREF="id72.htm" TARGET="_top" TITLE="Your Feedback"><U><B>Your Feedback</B></U></A><B>   |   </B><A HREF="id116.htm" TARGET="_top" TITLE="United Restoration Ministries"><U><B>United Restoration Ministries</B></U></A></div> <div> </div> </td> </tr><tr> <td valign="top" width=193 BGCOLOR="#66FFCC" TEXT="#080000"> <div> <B>KEEP YOUR SYSTEM FREE FROM</B><FONT SIZE="4" COLOR="#CCCCFF" FACE="Times New Roman" ><B> </B></FONT><FONT SIZE="4" COLOR="#FF0000" FACE="Times New Roman" ><B>VIRUS</B></FONT></div> <div> <B>SCAN YOUR DRIVES </B><FONT SIZE="4" COLOR="#FF0000" FACE="Times New Roman" ><B>FREQUENTLY</B></FONT></div> <div> <B><IMG SRC="0c8725f0.gif" border=0 width="114" height="95" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <bR> <bR> </td> <td valign="top" height=390 BGCOLOR="#FFFFFF" TEXT="#080000"> <div> <B>Virus Alert</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B> <a href="http://www.reverseroe.com/reverseroe/"> <img src="http://www.reverseroe.com/reverseroe/images/468x60.gif" border=2 alt="CLICK HERE to REVERSE Roe v. Wade!"></a>  </B></div> <div> <IMG SRC="0c50e3d0.gif" border=0 width="270" height="61" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></div> <bR> <div>  <B>WHERE TO GO TO FIX VIRUS WHICH HAVE ATTACKED YOUR COMPUTER</B></div> <div> <B>Follow The Link(s) Associated With The Virus For Information and/or Repair.</B></div> <div> <B>Click For</B></div> <div> <A HREF="http://www.symantec.com/avcenter/tools.list.html" TARGET="_top" TITLE="http://www.symantec.com/avcenter/tools.l"><U><B>Antivirus Removal Tools</B></U></A></div> <bR> <div> <FONT SIZE="4" COLOR="#FF0000" FACE="Times New Roman" ><B>w32.Badtrans.B</B></FONT><FONT SIZE="3" COLOR="#FFFFFF" FACE="Times New Roman" ><B> </B></FONT><B>Click The "AntiVirus Removal Tools" Link Above for a cure </B><B>to this</B><B> worm.</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B>Our Reply From Symantec</B></div> <div> <B>Date sent:           </B><FONT SIZE="3" COLOR="#000080" FACE="Times New Roman" ><B>Sun, 9 Dec 2001 18:17:05 -0800</B></FONT></div> <div> <B>From:                </B><FONT SIZE="3" COLOR="#000080" FACE="Times New Roman" ><B>bacta@symantec.com</B></FONT></div> <div> <B>To:                  </B><FONT SIZE="3" COLOR="#000080" FACE="Times New Roman" ><B>drboyd@boydboydministries.com</B></FONT></div> <div> <B>Subject:             </B><FONT SIZE="3" COLOR="#000080" FACE="Times New Roman" ><B>SARC Automation: Tracking #1050633</B></FONT></div> <bR> <div> <B>Below is a status update on your virus submission:</B></div> <bR> <div> <B>Date: Sat Dec  8 18:17:05 PST 2001</B></div> <div> <B>Steve Boyd</B></div> <div> <B>27747 Church Street</B></div> <div> <B>Castaic, CA 91384-2511</B></div> <bR> <div> <B>Dear Steve Boyd</B></div> <div> <B>We have analyzed your submission.  The following is a report of our findings for each file you have submitted:</B></div> <bR> <div> <B>filename: C:\WINDOWS\TEMP\Unknown04b6.data machine: STEVE BOYD result: This file is infected with </B><FONT SIZE="3" COLOR="#006633" FACE="Times New Roman" ><B>W32.Badtrans.B@mm</B></FONT></div> <bR> <div> <B>The attached file is a self extracting zip containing updated virus definitions for Norton AntiVirus to successfully detect and repair  this virus.</B></div> <bR> <div> <B>Developer notes:</B></div> <div> <B>C:\WINDOWS\TEMP\Unknown04b6.data is a non-repairable virus or a trojan horse. It is detected by NAV after an update using the attached definition updater. Please delete this file and replace it if necessary.</B></div> <bR> <div> <B>Should you have any questions about your submission, please contact  technical support at the appropriate number listed below and give them the tracking number in the subject of this message.</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="120900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <bR> <div> <B>'Goner' virus infects businesses, consumers</B></div> <div> <B> </B></div> <div> <B>Anti-virus companies scrambled to protect their customers against a new virus like e-mail attack Tuesday that purports to be a computer screen saver program.</B></div> <div> <B> </B></div> <div> <B>Security company McAfee reported thousands of its clients sent in copies of the worm, called 'Goner.' An Internet worm has the ability to spread to other computers on its own.</B></div> <bR> <div> <B>"It's very harmless looking," McAfee virus research manager April Goostree said. The e-mail has a subject line of "Hi," and asks the user to check a screen saver program, which is attached.</B></div> <bR> <div> <B>If the recipient runs the screen saver, the computer becomes infected. Like many e-mail attacks, it sends itself out to everyone in the victim's address book. It can also sends itself through the instant messaging program ICQ.</B></div> <bR> <div> <B>In addition to ICQ, Goner affects only Microsoft's Outlook and Outlook Express e-mail programs on computers running Windows.</B></div> <bR> <div> <B>Computer experts advise that people not open unexpected e-mail attachments, even if the sender is someone familiar. Computer users should update their antivirus software at least weekly.</B></div> <bR> <div> <B>Goner also attempts to delete critical files for any security or anti-virus program the victim might have installed.</B></div> <bR> <div> <B>McAfee has placed Goner on "outbreak" status. The last virus with that status was the "Love Letter" attack, which caused billions of dollars in damages worldwide.</B></div> <bR> <div> <B>"It's moving extremely quickly," Goostree said. "We're getting hundreds and hundreds of samples in a very short time."</B></div> <bR> <div> <B>Anti-virus companies received the first samples of Goner from Europe, particularly France and Germany. Ian Hameroff, a business manager at Computer Associates, said about 30 of its clients worldwide reported getting the worm.</B></div> <bR> <div> <B>By Tuesday afternoon, several major anti-virus companies including McAfee and Symantec</B><FONT SIZE="3" COLOR="#FFFFFF" FACE="Times New Roman" ><B> had released updates so their software can detect Goner.</B></FONT></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="28b900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <div> <A HREF="#w32_magistr_24876_mm" TITLE="Virus Alert"><U><B>W32.Magistr.24876</B></U></A></div> <bR> <div> <B>W32.Magistr.24876@mm is a virus that has email worm capability. It is also network aware. It infects Windows Portable Executable (PE) files, with the exception of .dll system files. It sends email messages to addresses that it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which are used by mail clients such as Microsoft Outlook and Microsoft Outlook Express. The email message may have up to two attachments, and it has a randomly generated subject line and message body. Virus definitions dated March 13, 2001, or later will detect this virus.</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="224900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <div> <B>The Nimda Worm   </B><A HREF="#w32_nimda_a_mm_virus" TITLE="Virus Alert"><U><B>A</B></U></A><B>  -  </B><A HREF="#w32_nimda_b_mm" TITLE="Virus Alert"><U><B>B</B></U></A></div> <bR> <div> <B>As yet another viruslike program clogs networks around the globe, software giant Microsoft Corp. again finds its software at the center of the attack.</B></div> <bR> <div> <B>The ``Nimda'' program, which targets Windows-based servers and computers, struck internationally Wednesday, shutting down sites in Norway, Japan and elsewhere even as it seemed to be abating in the United States.</B></div> <bR> <div> <B>The Nimda worm, which was first detected Tuesday, targets a handful of holes found in Microsoft's server software as well as cracks in some versions of its e-mail and Web browsing software.</B></div> <bR> <div> <B>It can infect Web sites running Microsoft's Internet Information Services software, like the recent ``Code Red'' worm did. Once a Web site is infected, any Web user accessing it can get the worm.</B></div> <bR> <DIV ALIGN="LEFT"></DIV> <div> <IMG SRC="142900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></div> <div> <B>New Virus:</B></div> <div> <B>Attacks the following: </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>Sector Zero  from the hard disk</B></FONT></div> <div> <B>DO NOT OPEN: </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>Email from unknown sources with subject </B></FONT></div> <div> <B>                              "A Virtual Card for You" -  "An Internet Flower For You"</B></div> <bR> <div> <B>A new virus has just been discovered that has been classified by Microsoft as the most destructive ever! This virus was discovered  yesterday afternoon by McAfee and no vaccine has yet been developed.</B><FONT SIZE="3" COLOR="#FFFFFF" FACE="Times New Roman" ><B> </B></FONT><FONT SIZE="3" COLOR="#FF0000" FACE="Times New Roman" ><B>This virus simply destroys Sector Zero  from the hard disk</B></FONT><B>, where vital information for its functioning  are stored.  </B></div> <div> <B>  </B></div> <div> <FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title</B></FONT><B> </B><FONT SIZE="3" COLOR="#FF0000" FACE="Times New Roman" ><B>"A Virtual Card for You."</B></FONT><B> </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the  reset button are pressed, the virus destroys Sector Zero, thus  permanently destroying the hard disk. Yesterday in just a few hours  this virus caused panic in New York, according to news broadcast  by CNN. This alert was received by an employee of Microsoft  itself. So don't open any mails with subject: "A Virtual Card for  You." As soon as you get the mail, delete it. Please pass this  mail to all of your friends. Forward this to everyone in your  address book.  I would rather receive this 25 times than not at all. Also: Intel  announced that a new and very destructive virus was discovered  recently.  </B></FONT></div> <div> <B>  </B></div> <div> <B>If you receive an email called </B><FONT SIZE="3" COLOR="#FF0000" FACE="Times New Roman" ><B>"An Internet Flower For You,"</B></FONT><FONT SIZE="3" COLOR="#FFFFFF" FACE="Times New Roman" ><B> </B></FONT><B>do not  open it. Delete it right away! This virus removes all dynamic link  libraries (.dll files) from your computer. Your computer will not  be able to boot up !!  </B></div> <div> <B> </B></div> <div> <B>George Cullinan  </B></div> <div> <B>Vice President-Investments  </B></div> <div> <B>Portfolio Manager/Financial Consultant  </B></div> <bR> <DIV ALIGN="LEFT"></DIV> <div> <IMG SRC="120900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></div> <div> <B>** Microsoft takes heat for </B><A HREF="#codered_v3" TITLE="Virus Alert"><U><B>Code Red</B></U></A><B> **</B></div> <div> <B>While network administrators wait and prepare for another round of Code Red worm attacks, the software giant is drawing much of the blame. From CNET News.com</B></div> <bR> <DIV ALIGN="LEFT"></DIV> <div> <A HREF="http://www.msnbc.com/modules/exports/ct_email.asp?/news/607667.asp" TARGET="_top" TITLE="http://www.msnbc.com/modules/exports/ct_"><U><B>http://www.msnbc.com/modules/exports/ct_email.asp?/news/607667.asp</B></U></A></div> <div> <IMG SRC="0c6900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></div> <bR> <div> <A HREF="#w32_sircam_worm_mm" TITLE="Virus Alert"><U><B>SirCam Virus</B></U></A></div> <bR> <div> <B>This is a virus notification from Southwestern Bell/Pacific Bell/Nevada Bell Internet Services.  Please read this message carefully.</B></div> <bR> <div> <FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>A virus known as</B></FONT><B> </B><FONT SIZE="3" COLOR="#FF0000" FACE="Times New Roman" ><B>SirCam</B></FONT><B> </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>is affecting Internet users worldwide.  The SirCam virus is transmitted through e-mail attachments and will likely come from someone you know.  We recommend that you monitor your e-mail for unusual or unexpected messages.  As a precaution, delete messages that begin</B></FONT><B> </B><FONT SIZE="3" COLOR="#BF0000" FACE="Times New Roman" ><B>"Hi! How are you?"</B></FONT><B> </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>and end</B></FONT><B> </B><FONT SIZE="3" COLOR="#BF0000" FACE="Times New Roman" ><B>"See you later. Thanks"</B></FONT><B> </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>and contain an attachment.  The message also may appear in Spanish, beginning</B></FONT><B> </B><FONT SIZE="3" COLOR="#BF0000" FACE="Times New Roman" ><B>"Hola como estas?"</B></FONT><B> </B><FONT SIZE="3" COLOR="#000000" FACE="Times New Roman" ><B>and ending</B></FONT><B> </B><FONT SIZE="3" COLOR="#BF0000" FACE="Times New Roman" ><B>"Nos vemos pronto, gracias."</B></FONT></div> <bR> <div> <B>If your computer becomes infected, the virus will send messages to every e-mail address stored on your computer and attach your personal files to outgoing messages.  We strongly recommend that you update your anti-virus software to help protect your computer from this virus.</B></div> <bR> <div> <B>For a complete description of this virus, please refer to the bulletin available at:</B></div> <div> <A HREF="http://www.cert.org/advisories/CA-2001-22.html" TARGET="_top" TITLE="http://www.cert.org/advisories/CA-2001-2"><U><B>http://www.cert.org/advisories/CA-</B></U></A><A HREF="http://www.cert.org/advisories/CA-2001-22.html" TARGET="_top" TITLE="http://www.cert.org/advisories/CA-2001-2"><U><B>2001-22.html</B></U></A><A HREF="http://www.cert.org/advisories/CA-2001-22.html" TARGET="_top" TITLE="http://www.cert.org/advisories/CA-2001-2"><U><B>.</B></U></A></div> <bR> <DIV ALIGN="LEFT"></DIV> <div> <IMG SRC="0c6900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></div> <div> <B>We are placing this on our Web-Site as information that will be very helpful to all. This page will keep you aware of any NEW VIRUS that can affect the operation of your computer.</B></div> <bR> <div> <B>Subject: Mawanella </B></div> <div> <B>Body: Mawanella is one of the Sri Lanka's Muslim Village </B></div> <div> <B>Attachment: Mawanella.vbs</B></div> <bR> <div> <B>The mailing routine occurs each time an infected .VBS file is executed. As the virus does not configure Windows to load the .VBS file at startup, this mailing routine will only occur once for most people.</B></div> <bR> <div> <B>What to do to avoid infection:</B></div> <bR> <div> <B>1.Do not open any e-mail messages with the subject 'Mawanella.' Delete any such messages unread immediately.</B></div> <bR> <div> <B>2.Do not open attachments from unknown sources. If opening an attachment received from an unknown e-mail correspondent, use extreme caution and consider scanning the application with security</B></div> <div> <B>software.</B></div> <bR> <div> <B>3.Take notes of updates and virus alerts from the company that makes your anti-virus software. Most anti-virus software companies have Web sites that provide daily information on computer safety and virus prevention.</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="0c7900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <bR> <div> <B>What is the Life_Stages Virus?</B></div> <div> <B>According to CNET, Network Associates, and Symantec, a new virus titled LIFE_STAGES.TXT.SHS is spreading via Microsoft Outlook, ICQ, mIRC, and PIRCH. This worm is sent as an attachment (called LIFE_STAGES.TXT') in e-mail messages with any one of 12 titles, including 'Funny,' 'Jokes,' or 'Life stages.' Once you open the attachment, the worm sends e-mail messages to addresses listed in your Microsoft Outlook Address book and deletes copies of the messages after they have been sent. Although the virus may alter some Registry files, it does not delete saved files from your hard drive.</B></div> <div> <B>The 'LIFE_STAGES.TXT' attachment is a Shell Script object file that carries the extension 'SHS,' but the extension is not normally displayed, making it easy to disguise.</B></div> <bR> <div> <B>What to do to avoid infection:</B></div> <bR> <div> <B>1.Do not open any e-mail messages with the subject 'Funny,' 'Jokes,' or 'Life stages' or any attachments called 'LIFE_STAGES.TXT.SHS.' Delete any such messages unread immediately.</B></div> <bR> <div> <B>2.Do not double-click any attachments from unknown sources and use extreme caution when opening attachments sent to you by persons known to you.</B></div> <bR> <div> <B>3.Be sure to check with the company that makes your anti-virus software for updates on a daily basis and be aware that their online sites are currently extremely busy and may be slow to access or not possible to access during certain times of the day.</B></div> <bR> <div> <B>What is the ILOVEYOU Virus?</B></div> <div> <B>A worm based on the ILOVEYOU (Loveletter.A) worm has been discovered. Friendmess.A (a.k.a Friend Message) deletes all files from the Windows directory, including the Windows/System and Windows/Temp sub-directories. If you receive an e-mail with the subject line 'FRIEND MESSAGE' beware. The body text will read 'A real friend sent this message to you' and the text asks you to open the attached file 'FRIEND_MESSAGE.TXT.vbs.' If you receive this e-mail, delete it. Do not open the attached file. Opening the attached file activates the worm on your system.</B></div> <div> <B>'ILOVEYOU' - Updated for new variants May 8, 2000</B></div> <bR> <div> <B>A Melissa-like e-mail and IRC worm and many variants have spread through various e-mail systems via attachments to e-mail messages and through IRC. The original ILOVEYOU virus and various copycats are now spreading rapidly. Once an attachment is opened, the worm replicates itself and adds several files to the user's computer and can overwrite existing BAT, COM, GIF, BMP, WAV, INI, EXE, DLL, SYS, VBS, VBE, JS, JSE, CSS, WSH, SCT, HTA, MP2, MP3, JPG or JPEG files. This vulnerability will also make changes to your registry and has been known collect passwords and send them to a remote server.</B></div> <bR> <div> <B>Please note that variants have appeared that masquerade as fixes for the virus or alerts for new versions of the virus that actually contain the destructive worm. Industry experts believe that even more variants may appear over the next several days.</B></div> <bR> <div> <B>What to do to avoid infection:</B></div> <bR> <div> <B>1.Do not open any e-mail messages with the subject 'ILOVEYOU' or with any of the subjects in bold text below. Delete any such messages unread immediately.</B></div> <bR> <div> <B>2.Do not double-click any attachments from unknown sources and use extreme caution when opening attachments sent to you by persons known to you.</B></div> <bR> <div> <B>3.Be sure to check with the company that makes your anti-virus software for updates on a daily basis and be aware that their online sites are currently extremely busy and may be slow to access or not possible to access during certain times of the day.</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="0c7900a0.gif" border=0 width="400" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <div> <B>What is the QAZ Virus?</B></div> <div> <B>According to McAfee and Symantec, a new trojan/virus, identified as the QAZ virus, is infecting Internet users, including cable modem users. This virus spreads itself by infecting notepad.exe over unsecured file and print sharing. The virus also scans other Internet users for open file and print sharing, which has resulted in a substantial increase the reporting of netbios probes.</B></div> <bR> <div> <B>What to do:</B></div> <bR> <div> <B>1.Check with the company that makes your anti-virus software and install the most current updates. Run a complete scan on your system and follow the instructions provided by your anti-virus software company. Be aware that their online sites are currently extremely busy and may be slow to access or not possible to access during certain times of the day.</B></div> <bR> <div> <B>2.Disable file and print sharing. View instructions on how to disable file and print sharing for Windows View instructions on how to disable file and print sharing for the Macintosh 3.You should run a full scan on your system at least once a week.</B></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="225d00a0.gif" border=0 width="720" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <div> <B>FIX THOSE VIRUS</B></div> <div> <B>Solution:</B></div> <div> <B>As a service to our visitors, this document is regularly updated to inform you of the recent top virus threats.</B></div> <bR> <div> <B> <A NAME="w32_nimda_a_mm_virus"><IMG BORDER="0" SRC="1x1.gif" HEIGHT="1" ALIGN="bottom" WIDTH="1" HSPACE="0" VSPACE="0" ></A></B><B>W32.Nimda.A@mm virus</B></div> <div> <B>Symantec has received a number of submissions and has assessed this as a level 4 threat rating.</B></div> <bR> <div> <B>There is a new mass-mailing worm that utilizes email to propagate itself. The threat arrives as readme.exe in an email. In addition, the worm sends out probes to IIS servers attempting to spread by using the Unicode Web Traversal exploit similar to W32.BlueCode.Worm. Compromised servers may display a Web page prompting a visitor to download an Outlook file, which contains the worm as an attachment. Also, the worm will create an open network share that allows access to the system. The worm will also attempt to spread through open network shares.</B></div> <bR> <div> <B>Virus definitions dated September 18, 2001, or later will detect this worm. For up-to-date information about this virus, visit the following Internet address:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html</B></U></A></div> <bR> <div> <B>To download the W32.Nimda.A@mm removal tool, visit the following Internet address:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.removal.tool.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.removal.tool.html</B></U></A></div> <bR> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="2263f0a0.gif" border=0 width="575" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <div> <B> <A NAME="w32_nimda_b_mm"><IMG BORDER="0" SRC="1x1.gif" HEIGHT="1" ALIGN="bottom" WIDTH="1" HSPACE="0" VSPACE="0" ></A></B><B>W32.Nimda.B@mm</B></div> <div> <B>W32.Nimda.B@mm is a variant of W32.Nimda.A@mm. This variant has the same functionality as the .A variant. However, it has been compressed with a runtime compressor.</B></div> <div> <B>This variant is currently believed to be low risk. The main difference between this variant and W32.Nimda.A@mm, apart from the compression, is the file names that it uses to propagate.</B></div> <bR> <div> <B>The new file names are Puta!!.eml and Puta!!.scr</B></div> <bR> <div> <B>Virus definitions dated October 9, 2001, or later will detect this worm. For up-to-date information about this virus, visit the following Internet address:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.b@mm.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.b@mm.html</B></U></A></div> <bR> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="2263f0a0.gif" border=0 width="575" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <div> <B> <A NAME="w32_sircam_worm_mm"><IMG BORDER="0" SRC="1x1.gif" HEIGHT="1" ALIGN="bottom" WIDTH="1" HSPACE="0" VSPACE="0" ></A></B><FONT SIZE="4" COLOR="#0000FF" FACE="Times New Roman" ><B>W32.Sircam.Worm@mm</B></FONT></div> <div> <B>This worm arrives as an email message with the following content:</B></div> <bR> <div> <B>    * Subject: The subject of the email will be random, and will be the same as the file name of the attachment in the email.</B></div> <div> <B>    * Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.</B></div> <div> <B>      Spanish Version:</B></div> <div> <B>          * First line: Hola como estas ?</B></div> <div> <B>          * Last line: Nos vemos pronto, gracias.</B></div> <div> <B>      English Version:</B></div> <div> <B>          * First line: Hi! How are you?</B></div> <div> <B>          * Last line:See you later. Thanks</B></div> <bR> <bR> <div> <B>The worm will also append a random document from your hard drive and send it out in email as part of the worm.</B></div> <bR> <div> <B>Virus definitions dated July 17, 2001, or later will detect this worm. For additional information, visit the following Internet address:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html</B></U></A></div> <bR> <div> <B>To download the W32.Sircam.Worm@mm fix tool, visit the following Internet site:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html</B></U></A></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="2263f0a0.gif" border=0 width="575" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <bR> <div> <B> <A NAME="codered_v3"><IMG BORDER="0" SRC="1x1.gif" HEIGHT="1" ALIGN="bottom" WIDTH="1" HSPACE="0" VSPACE="0" ></A></B><FONT SIZE="4" COLOR="#0000FF" FACE="Times New Roman" ><B>CodeRed.v3</B></FONT></div> <div> <B>CodeRed.v3 was discovered on August 4, 2001. Virus definitions dated August 5, 2001, or later will detect this worm. It has been called a variant of the original CodeRed worm, because it uses a known buffer overflow problem to propagate to other Web servers. The Symantec AntiVirus Research Center has received reports of a high number of infected IIS Web servers. The original CodeRed worm had a payload that caused a denial of service attack on the White House Web server. The CodeRed.C variant has a payload that provides full remote access to the Web server. For more information about CodeRed.v3, visit the following Internet address:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/codered.worm.html</B></U></A></div> <bR> <div> <B>To download the CodeRed fix tool, visit the following Internet site:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/codered.removal.tool.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/codered.removal.tool.html</B></U></A></div> <DIV ALIGN="LEFT"></DIV> <div> <B><IMG SRC="2263f0a0.gif" border=0 width="575" height="10" ALIGN="BOTTOM" HSPACE="0" VSPACE="0"></B></div> <bR> <div> <B> <A NAME="w32_magistr_24876_mm"><IMG BORDER="0" SRC="1x1.gif" HEIGHT="1" ALIGN="bottom" WIDTH="1" HSPACE="0" VSPACE="0" ></A></B><FONT SIZE="4" COLOR="#0000FF" FACE="Times New Roman" ><B>W32.Magistr.24876@mm</B></FONT></div> <div> <B>W32.Magistr.24876@mm is a virus that has email worm capability. It is also network aware. It infects Windows Portable Executable (PE) files, with the exception of .dll system files. It sends email messages to addresses that it gathers from the Outlook/Outlook Express mail folders (.dbx, .mbx), the sent items file from Netscape, and Windows address books (.wab), which are used by mail clients such as Microsoft Outlook and Microsoft Outlook Express. The email message may have up to two attachments, and it has a randomly generated subject line and message body. Virus definitions dated March 13, 2001, or later will detect this virus.</B></div> <bR> <div> <B>For complete information about W32.Magistr.24876@mm, visit the following Internet site:</B></div> <div> <A HREF="http://securityresponse.symantec.com/avcenter/venc/date/w32.magistr.39921@mm.html" TARGET="_top" TITLE="http://securityresponse.symantec.com/avc"><U><B>http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.39921@mm.html</B></U></A></div> <bR> <bR> </td> </tr></table></body>