From: "Cathy Collier" <>
Subject: Re: OT [TMG] Virus or what?? HTML
Date: Sat, 4 May 2002 11:22:11 -0400
References: <LOBBKOOEANNIIOJMJAELAEJKEAAA.earbar@netway.com> <5.1.0.14.0.20020504063811.009f9aa0@pop.sprynet.com> <001f01c1f379$a329c2e0$d4daf943@reed>
Even doing it that way may not be safe anymore. I just received an email
with an attachment that said it was from the WEST-L message list at
Rootsweb.com. I'm not even subscribed to the WEST-L message list! And for
sure Rootsweb doesn't allow attachments. But, here was one sitting there in
my maibox! I wrote to the Rootsweb helpdesk and this was their reply:
"Hi,
It is impossible to receive a virus infected email from a RootsWeb mail
list. All posts to RootsWeb lists must be in plain text, and they can not
contain attachments.
The W32.Klez virus (there are several variants) spoofs/forges the From
address by inserting an address it finds on the infected computer. It then
sends copies of itself to addresses it finds in the address book of the
infected computer. The actual sender can usually be determined by viewing
the full expanded headers of the message. The "Return Path" or Reply to"
address will be different than the "From" address.
Here is some info from Symantec about the Klez virus:
http://securityresponse.symantec.com/avcenter/venc/data/ type="text/javascript">DisplayMail('mm.html','w32.klez.e');
Our HelpDesk FAQ has tips for protecting yourself from viruses, and links
to some popular AV software sites.
http://helpdesk.rootsweb.com/announce.html#virus";
So, as you can see, by reading those FAQs, even email addresses known to you
may not be safe -- including message lists from Rootsweb! Because the KLEZ
worm will pick up an address, ANY address, including a message list address,
from the infected computer and send it out to all the others in the address
book.
BTW, I have also been inundated by spam at the BRASSER-L-request mailbox.
Since this reaches only me and the robot, Rootsweb tells me no harm, no
foul, and just to delete it; but, it's definitely annoying!
Cathy
Listowner: PAPKE-L, KUTSCHKE-L and BRASSER-L @Rootsweb.com
Papke & Collier Genealogy Home Page
http://www.familytreemaker.com/users/c/o/l/Cathleen-M-Collier/index.html#lin
ks
Pommernkontakte (managed by Gunthard Stuebs)
http://pommernkontakte.de/index.html?sessid=902c28d2590217e7f984864cd40a4281
&mode=page&db=rc&page=welcome
Grandparents are similar to a piece of string handy to have around and
easily wrapped around the fingers of grandchildren.
----- Original Message -----
From: "Theresa Greene Reed" <>
To: <>
Sent: Saturday, 04 May, 2002 10:36 AM
Subject: Re: OT [TMG] Virus or what?? HTML
> Darrell,
>
> NO ! NO ! It is not safe in my copy of Outlook Express to click on the
> message line (line with the icon, name of sender, subject, and date ant
time
> received) for an infected message without actually receiving the virus or
> worm when the Preview pane is open. It has happened to me many times. I
> never open unexpected attachments. This happens by simply clicking on the
> line on the list.
>
> When I click on the line, two things happen at once. My McAfee VirusScan
> gives me a big red Virus Warning window. Behind this is another window
> which shows the download IN PROGRESS. The downloading envelope is moving
> from one side to another in a download window, meaning (in my view) that
the
> virus or worm is being downloaded as I look at it. I have learned to act
> QUICKLY to cancel everything before it progresses too far. I do this as
> fast as possible. Then I close Outlook Express, and run a virus scan on
all
> drives.
>
> As I said before, I have been fortunate to cancel everything fast enough
so
> that I wasn't infected, and my VirusScan report showed that there were no
> infected files. I've never known how to avoid this.
>
> I don't want this to happen again, so I'm taking every precaution. Now,
> since I received Kirk Ransom's e-mail telling me how to turn off the
Preview
> pane, and since I received Caroline Gurney's e-mail message telling me how
I
> can read the message without the Preview pane open, I do it differently.
> Before I receive e-mail messages, now, I turn off the Preview Pane, then
> look at the list of messages (sender and subject, etc) first. If I don't
> recognize the sender and subject as those that are familiar to me, I view
> the suspicious message by right-clicking on it, then selecting
> Properties>Details> Message Source to read it safely. Then, and only then
> do I go back to turn on the Preview pane and read the ones that are
familiar
> to me (like TMG messages).
>
> In other words, I don't click on an unfamiliar message anymore. If I
should
> miss one, and happen to click on an infected message, my antivirus is
> up-to-date, and will catch it as before. But that is much less likely. I
> don't mind doing all of this, because I'd rather be safe than sorry.
>
> Theresa
> (Not a computer guru)
> ----- Original Message -----
> From: "Darrell A. Martin" <>
> To: <>
> Sent: Saturday, May 04, 2002 7:50 AM
> Subject: Re: OT [TMG] Virus or what?? HTML
>
>
> > At 05:32 AM 5/4/02 -0400, Theresa Greene Reed wrote:
> > >To Beth and Kirk,
> > >
> > >I am using Outlook Express Version 5, and, like Beth, I do not find a
> place
> > >where I can only show text. Perhaps someone can shed more light on
this.
> > >Please.
> > >
> > >(However, I'm having a wonderful time turning off preview and examining
> all
> > >mail messages carefully under Properties> Details> Message Source
before
> I
> > >open them to read them. The only inconvenience with this is that I
don't
> > >find a way to print the message. If it's something I want to keep, I
> have
> > >to hand-copy the message in its entirety. But that's better than
> exposure
> > >to a potential virus when I don't recognize the source.)
> > >
> > >Theresa
> >
> > Hi, Theresa:
> >
> > I am *not* an Outlook Express guru. However, what you are doing --
> although
> > certainly calculated for safety -- just HAS to be more paranoia than
even
> > the KLEZ epidemic would call for. If you have your AV software up to
date,
> > that is: a current version of a reputable program with virus
definitions
> > no more than a few days old, and if OE is configured reasonably well,
you
> > should be able to open any message that does not have an attachment,
print
> > it, etc., without concern. Even a message *with* an attachment should be
> > safe, if the attachment is not opened by your specific action.
> >
> > If preview is turned off and AV is on as described, and if you can see
> > which messages have attachments, there should be I think only two more
> > steps to take. You need to find a setting that will stop HTML tags from
> > auto-running (I don't know the exact OE phrase), and you need to find a
> > setting that will prevent embedded scripts from running (ditto on the OE
> > phrase).
> >
> > Darrell
> >
> >
> > Darrell A. Martin
> > a native Vermonter currently in exile in Addison, Illinois
> >
> >
> >
> >
> > ==== TMG Mailing List ====
> > Visit the TMG Tips web site <http://www.tmgtips.com>; for items of
interest
> to TMG users.
> >
> >
>
>
> ==== TMG Mailing List ====
> Please remove any "Reply-To:" address in your e-mail program. Including a
"Reply-To:" prevents others from benefiting from replies to your questions.
>
>