From: Kathleen Duey <kathleen>
Date: Mon, 11 Dec 2000 22:35:03 -0800

I do these warnings for the Child lit list and two others, so if you've already skimmed it, please delete. I am not a techie. I am a great Chicken Little, though, who has found solid help sources, linked below.

I got an email this evening that asked me to check out a cool new flash movie in an attachment labeled CREATIVE EXE. It was addressed to me, and signed by a name a didn't recognize. Fishy, fishy, so I deleted it, closed the mail program to dump it allll the way out, then reupped Explorer and went and looked. (Before I finished writing this, the email was sent a second time. It is "signed" by one Gina Fedon. I don't know if this is an auto signature, attached by the program that is infected, or a decoy name attached by the bug designer. If any knows Gina, tell her to stay off her email program until she can fix the bug. If she is real, I must be in her address book; she is not in mine )

This IS a worm carried by an attachment. You can reference http://www.symantec.com/avcenter/ or http://www.nipc.gov/ at any time to check for new threats and their fixes. Here's the whole scoop on this one, called W32.Polin.Worm, from Mr. Norton. I recommend you read it and spread the news. http://www.symantec.com/avcenter/venc/data/w32.prolin.worm.h tml

Basic quickie advice: Don't Open no stinkin' attachments. The worm spreads via Microsoft Outlook by emailing itself to everyone in the Outlook address book. The worm sends a copy of itself with the filename: CREATIVE.EXE The file is attached to an email with the subject line: A great Shockwave flash movie The body of the email is as follows: Check out this new flash movie that I downloaded just now
... It's Great Bye

Fixes can also be found at: http://www.symantec.com http://www.nai.com (McAfee) http://www.antivirus.com (Trend Micro) http://www.fsecure.com http://www.sophos.com


**************************** While we are at this:


Other new threats: There are several just now, including NAVIDAD.EXE. which can actually damage your computer's ability to function because it changes registry keys. Symantec http://www.symantec.com/avcenter/ offers a fix on their site. Here's the information: http://www.symantec.com/avcenter/venc/data/w32.navidad.html or http://www.nipc.gov/warnings/assessments/2000/009.htm

Other sites with the fix: http://www.nai.com http://www.trend.com http://fsecure.com http://www.sophos.com


Again, don't open attachments if you don't know what they are. NOT who they are from, mind you. They will often come with a friend's name in the address line because they are designed to send themselves out using the infected computer's address books and settings. Symantecs list of things to watch out for now reads: W32.Prolin.Worm 11/30/2000 11/30/2000
 W32.Navidad 11/03/2000 11/06/2000
 W32.HLLW.Bymer 10/9/2000 10/10/2000
 W95.Hybris.Gen 9/25/2000 9/25/2000
 W95.MTX 8/17/2000 8/28/2000
 Wscript.KakWorm 12/27/1999 12/27/1999
 W32.Funlove 11/8/1999 11/11/1999

 All these are links accessible from http://www.symantec.com/avcenter/

Maybe it comes down to this: Friends don't send friends attachments unless, in a separate, prequel-email, they say they are fixing to do just that. Which will work until the bugfiends figure out how to do that, using your whole address book. Actually, we should probably just all be grateful that most of these come from people who are coup-counters, not terrorists.

Very Merry, Bright, Happy Holidays, Be Well.... and stay the heck clear of unidentified attachments, though kakworm doesn't come in one, it is in the body of the email itself. Sigh. And now, back to Lewis and Clark, still dithering over which fork to take... Kathleen http://www.kathleenduey.com
Received on Tue 12 Dec 2000 12:35:03 AM CST