Re: Regarding a recent virus that reached my Radsafers address

["Michael Kay" <makay43@home.com>]

I think it appropriate to send this off topic message in light of the

severity of recent malicious code attacks on Radsafe and email in general.



Soapbox--Nomex garments on, shields up: It is your responsibility to be a

safe computer user to the community. If you do not "have the time" or are

unwilling to learn, then you do not belong on the net. This includes

protection against extrusion (sending out malicious messages)--you knew, or

should have known, you were doing this if you used a good firewall, as well

as intrusion handled by a good antivirus program.



To become educated and get a link to the best, FREE, firewall go to

http://www.grc.com

That is Gibson Research center, run by Steve Gibson. He was the person Yahoo

contacted about Sircam and Code Red. He has loads of information on

security; including his experiences with being the subject of a

denial-of-service attack. He rates the available firewalls, and the free

ZoneAlarm from Zone Labs is his choice. He also can Test your Shields and

Probe your Ports to check your internet security. He even has a tester for

seeing if your firewall prevents extrusion from your computer.



The ZoneAlarm firewall asks you every time a program that you haven't given

permission tries to contact the internet. It recognizes programs that name

themselves the same thing as a program already on your computer (that may

have internet permission, such as Outlook Express) because ZoneAlarm makes

an identifier for the program you gave permission to contact the internet

and therefore recognizes imposters.



ZoneAlarm is simple to download and install--and it works.



When I was having trouble downloading and installing a security patch for

Windows directly from Microsoft, they told me to try it with my firewall

disabled. I noticed a lot of activity on my modem for the small patch

Microsoft was trying to install. When I rebooted, I got a message from

ZoneAlarm asking if I wanted to allow some program I had never heard of to

contact the internet. A click on NO prevented my computer from becoming one

of those that spread a very malicious piece of code (a Trojan called

SubSystem7 Server 2.0) to all my correspondents, including those on Radsafe.

This occurred during the one day window when this trojan came out and Norton

Antivirus had not updated my virus detection software yet.



It was expensive to get the technical support to get all the pieces of that

malicious code out of my computer (pay-per-call to Symantec Technical

Support).



I emailed Microsoft, once I was back online 3 days later, and they sent me a

complete package to install the security patch without having to shut down

my firewall.



If possible, whenever you have to shut down the firewall, disconnect from

the internet (I turn my cable modem off). That may be required when you

upgrade the firewall, or to install some programs.



Good luck.



Yours for safer computing because, "No one wants a computer with a social

disease!"*



Michael Kay

makay43@home.com



*with due apology to Leonard Burnstein ("Gee Officer Krupke" in West Side

Story)





----- Original Message -----

From: "Bjorn Cedervall" <bcradsafers@HOTMAIL.COM>

To: <radsafe@list.vanderbilt.edu>

Sent: Saturday, August 11, 2001 1:00 AM

Subject: Regarding a recent virus that reached my Radsafers address





> Radsafers,

>

> I hesitate to send a message about a virus since there are tons of them.

In

> this particular case however - it seems reasonable to at least mention

some

> observations.

>

> The virus is called w32/sircom@MM and came in two copies to this email

> address (only used for Radsafers communication - how the virus made its

path

> via Radsafers is of course unclear to me) about a week ago. Routinely I

> deleted it (to me unknown sender - title that didn't make sense) - in both

> cases there were attached files of about 215 kb.

>

> The message in the file can be seen after my signing below.

>

> This far I got a total of six copies of this virus to different email

> addresses of mine - and in one case from a friend. Therefore I can assure

> any Radsafer who may also have got this virus that it is indeed very

nasty.

> It seems to use Outlook and forwards the virus on to people in the address

> catalog. Probably also to people with whom there was no previous

connection.

> The subject title seems to be constructed from  contents on the hard

disk -

> and then also takes files on the hard disk and forwards to others.

According

> to one source the virus will erase the hard disk on Oct. 16 if it is not

> removed.

>

> Now, my friend who sent me the virus in turn sent it to other people I

know.

> One of these individuals got such severe problems that he cannot even boot

> the computer now.

>

> I would not have written this above if it had not been for the relation to

> Radsafers combined with the severity of the virus. I may also mention that

> the virus passed through several filters (against junk email) that I have.

>

> Bjorn Cedervall   bcradsafers@hotmail.com

> -----------------------

> Hi!

>

> How are you?I send you this file in order to have your advice

> See you later.

>

> Thanks

>

> _________________________________________________________________

> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

>

> ************************************************************************

> You are currently subscribed to the Radsafe mailing list. To unsubscribe,

> send an e-mail to Majordomo@list.vanderbilt.edu  Put the text "unsubscribe

> radsafe" (no quote marks) in the body of the e-mail, with no subject line.

>

>



************************************************************************

You are currently subscribed to the Radsafe mailing list. To unsubscribe,

send an e-mail to Majordomo@list.vanderbilt.edu  Put the text "unsubscribe

radsafe" (no quote marks) in the body of the e-mail, with no subject line.