election-law_gl-digest Tuesday, September 18 2001 Volume 01 : Number 071
----------------------------------------------------------------------
Date: Tue, 18 Sep 2001 17:17:46 -0700
From: "Lowenstein, Daniel" <lowenste@mail.law.ucla.edu>
Subject: FW: ******* VIRUS ALERT ********
- ------_=_NextPart_001_01C140A0.81D13100
Content-Type: text/plain
The majority of virus alert warnings are false alarms. I am
forwarding this one to both listservs in which I participate because it
comes from our computer office at the law school and because I received
another warning a short while ago from what I regard as a responsible
source.
Best,
Daniel H. Lowenstein
UCLA Law School
310-825-5148
-----Original Message-----
From: Pine, Sean
Sent: Tuesday, September 18, 2001 5:04 PM
To: All Faculty & Staff
Subject: ******* VIRUS ALERT ********
Importance: High
To All Faculty and Staff,
Please be aware that there is a HIGH likelyhood that you will receive a
new virus via email. While the email subject varies, the attachment seems
to be limited to an attachment entitled README.EXE which uses the icon for
a standard Internet Explorer document.
** What To Do **
* Do NOT open the "Readme.exe" attachment
* Delete the email immediately.
* Also delete any copies of the email in your Deleted Items folder
If you have any copies of the email in your Sent Items folder, or if you
clicked on the attachment -- contact Information Systems immediately!
Because this virus came out today, we are still determining how it
propagates and what effect it has on infected PC's. We have already
updated our email server's anti-virus software with a patch that became
available at 3:00 p.m. today. This should keep the attachment from
getting through. We are also in the process of creating an update that
will automatically install itself on your PC after you login on Wednesday.
Faculty and staff with questions should contact the helpdesk at 825-4689.
Thank you,
Scott MacKnight
IS Support Manager
UCLA School of Law
(310) 206-3446
scott@law.ucla.edu
<<...OLE_Obj...>>
******* VIRUS DETAIL ********
The Danger Level for this virus is high as it can cause significant loss
of data.
This virus affects:
[ ] Macintosh Users
[x] Windows Users
Virus Name: W32/Nimda@MM (alias W32/Minda@MM)
How it is transmitted: The email attachment name seems to be limited to
Readme.exe and uses the icon for an Internet Explorer HTML document.
What to (not) do: Do NOT open the "Readme.exe" attachment; delete
the attachment immediately
What the virus does: worm sends itself out by email, searches for open
network shares, and attempts to copy itself to unpatched Microsoft IIS web
servers
More Information:
W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods
to spread itself. The worm sends itself out by email, searches for open
network shares, and attempts to copy itself to unpatched Microsoft IIS web
servers. The worm does this using the Unicode Web Traversal exploit. A
patch and information regarding this exploit can be found at
http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
Users visiting compromised web servers will be prompted to download an
.EML (Outlook Express) email file, which contains the worm as an
attachment.
Also, the worm will create an open network share on the infected machine
allowing access to the system.
- ------_=_NextPart_001_01C140A0.81D13100
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>FW: ******* VIRUS ALERT ********</TITLE>
</HEAD>
<BODY>
<P> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">The majority of virus alert warnings are false =
alarms. I am forwarding this one to both listservs in which I =
participate because it comes from our computer office at the law school =
and because I received another warning a short while ago from what I =
regard as a responsible source.</FONT></P>
<P> <FONT SIZE=3D2 =
FACE=3D"Tahoma">Best,</FONT>
</P>
<P> <FONT SIZE=3D2 =
FACE=3D"Tahoma">Daniel H. Lowenstein</FONT>
<BR> <FONT SIZE=3D2 =
FACE=3D"Tahoma">UCLA Law School</FONT>
<BR> <FONT SIZE=3D2 =
FACE=3D"Tahoma">310-825-5148</FONT>
</P>
<P><FONT SIZE=3D1 FACE=3D"Arial">-----Original Message-----</FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">From: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">Pine, Sean </FONT>
<BR><B><FONT SIZE=3D1 FACE=3D"Arial">Sent: </FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">Tuesday, September 18, 2001 5:04 PM</FONT>
<BR><B><FONT SIZE=3D1 =
FACE=3D"Arial">To: </FONT></B> <FONT SIZE=3D1 =
FACE=3D"Arial">All Faculty & Staff</FONT>
<BR><B><FONT SIZE=3D1 =
FACE=3D"Arial">Subject: </FONT>=
</B> <FONT SIZE=3D1 FACE=3D"Arial"> ******* VIRUS ALERT =
********</FONT>
<BR><B><FONT SIZE=3D1 =
FACE=3D"Arial">Importance:</FONT></B> <FONT =
SIZE=3D1 FACE=3D"Arial">High</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">To All Faculty and Staff,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Please be aware that there is a =
</FONT><FONT COLOR=3D"#FF0000" SIZE=3D2 FACE=3D"Arial">HIGH</FONT><FONT =
SIZE=3D2 FACE=3D"Arial"> likelyhood that you will receive a new virus =
via email. While the email subject varies, the attachment seems =
to be limited to an attachment entitled</FONT><B> <FONT SIZE=3D2 =
FACE=3D"Arial">README.EXE</FONT></B><FONT SIZE=3D2 FACE=3D"Arial"> =
which uses the icon for a standard Internet Explorer =
document.</FONT></P>
<P><U><B><FONT SIZE=3D2 FACE=3D"Arial">** What To Do **</FONT></B></U>
<UL><LI><FONT SIZE=3D2 FACE=3D"Arial">Do NOT open the =
"Readme.exe" attachment</FONT></LI>
<LI><FONT SIZE=3D2 FACE=3D"Arial">Delete the email =
immediately.</FONT></LI>
<LI><FONT SIZE=3D2 FACE=3D"Arial">Also delete any copies of the email =
in your</FONT><B> <FONT SIZE=3D2 FACE=3D"Arial">Deleted =
Items</FONT></B> <FONT SIZE=3D2 FACE=3D"Arial">folder</FONT></LI>
<BR>
</UL>
<P><FONT SIZE=3D2 FACE=3D"Arial">If you have any copies of the email in =
your</FONT><B> <FONT SIZE=3D2 FACE=3D"Arial">Sent Items</FONT></B><FONT =
SIZE=3D2 FACE=3D"Arial"> folder, or if you clicked on the attachment -- =
contact Information Systems immediately!</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Because this virus came out today, we =
are still determining how it propagates and what effect it has on =
infected PC's. We have already updated our email server's =
anti-virus software with a patch that became available at 3:00 p.m. =
today. This should keep the attachment from getting =
through. We are also in the process of creating an update that =
will automatically install itself on your PC after you login on =
Wednesday.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Faculty and staff with questions =
should contact the helpdesk at 825-4689.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Thank you,</FONT>
<BR><I><FONT SIZE=3D4 FACE=3D"Monotype Corsiva">Scott =
MacKnight</FONT></I>
<BR><FONT SIZE=3D2 FACE=3D"Arial">IS Support Manager</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">UCLA School of Law</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">(310) 206-3446</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">scott@law.ucla.edu</FONT></U>
<BR><FONT FACE=3D"Arial" SIZE=3D2 COLOR=3D"#000000"> =
<<...OLE_Obj...>> </FONT>
</P>
<P><FONT SIZE=3D2 =
FACE=3D"Arial"> &nb=
sp; &nb=
sp; ******* VIRUS DETAIL ********</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">The Danger Level for this virus is =
high as it can cause significant loss of data.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">This virus affects:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">[ ] Macintosh Users</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">[x] Windows Users</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Virus =
Name: &=
nbsp; W32/Nimda@MM (alias W32/Minda@MM)</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">How it is transmitted: The email =
attachment name seems to be limited to Readme.exe and uses the icon for =
an Internet Explorer HTML document.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">What to (not) =
do: Do NOT open the =
"Readme.exe" attachment; delete the attachment =
immediately</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">What the virus does: =
worm sends itself out by email, searches for open network shares, and =
attempts to copy itself to unpatched Microsoft IIS web =
servers</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">More Information:</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">W32.Nimda.A@mm is a new mass-mailing =
worm that utilizes multiple methods to spread itself. The worm sends =
itself out by email, searches for open network shares, and attempts to =
copy itself to unpatched Microsoft IIS web servers. The worm does this =
using the Unicode Web Traversal exploit. A patch and information =
regarding this exploit can be found at</FONT></P>
<P><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"><A =
HREF=3D"http://www.microsoft.com/technet/security/bulletin/ms00-078.asp"=
=
TARGET=3D"_blank">http://www.microsoft.com/technet/security/bulletin/ms0=
0-078.asp</A></FONT></U><FONT SIZE=3D2 FACE=3D"Arial">.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Users visiting compromised web servers =
will be prompted to download an .EML (Outlook Express) email file, =
which contains the worm as an attachment.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Also, the worm will create an open =
network share on the infected machine allowing access to the =
system.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"></FONT>
</P>
<BR>
</BODY>
</HTML>
- ------_=_NextPart_001_01C140A0.81D13100--
------------------------------
End of election-law_gl-digest V1 #71
************************************