Let me be the first to say that I'm sorry this virus infected mail leaked through, and due to poor authentication routines in majordomo, this may happen again. Longtime ISN subscribers know that we don't send out attachments, if you did click on the attachment, the virus was W32.Beagle.A@mm. There is a number of programs now available to rid your computer/network of W32.Beagle.A@mm, (Check with your vendor) or you can manually disinfect your machine by doing the following... 1. Delete the registry value and restart the computer: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe] or terminate the running 'bbeagle.exe' process with Task Manager 2. Delete the worm from the Windows System Directory: %SysDir%\bbeagle.exe Finally, if you, or Usama bin Virus want to drop the Internet to its knees, make it a point to infect university computers on the weekend/holiday, use those networks that have no staffed contact/emergency/help desk numbers for the computing staff. Double check that the university police have no POC/emergency pager numbers if something really needs to be turned off. Not that these guys would know anything about that... http://www.dnsstuff.com/tools/whois.ch?ip=138.87.155.2 Its a sneaky virus, so to prevent a repeat of all of this, we're going to post messages for a few days from this address until things calm down a little, just in case you use isn@private in your mail filters. Thanks for your support! William Knowles wk@private *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/contribute.html *==============================================================* : ---------- Forwarded message ---------- : Return-Path: <owner-isn@private> : Received: from forced.attrition.org (forced.attrition.org [66.80.146.7]) : by idle.curiosity.org (8.11.6/8.11.6) with ESMTP id i0JKaKM06331; : Mon, 19 Jan 2004 14:36:30 -0600 : Received: (from majordomo@localhost) : by forced.attrition.org (8.11.6/3.8.9) id i0JJfnI08776 : for isn-list; Mon, 19 Jan 2004 14:41:49 -0500 : Received: from clalbur ([138.87.155.2]) : ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ : by forced.attrition.org (8.11.6/3.8.9) with SMTP id i0JJfmd08773 : for <isn@private>; Mon, 19 Jan 2004 14:41:49 -0500 : Date: Mon, 19 Jan 2004 13:38:57 -0600 : To: isn@private : Subject: [ISN] Hi : From: isn@private : Message-ID: <bauaoklkoxbcoysqwtn@private> : MIME-Version: 1.0 : Content-Type: multipart/mixed; : boundary="--------247787143784553" : Sender: owner-isn@private : Precedence: bulk : Reply-To: isn@private : x-unsubscribe: echo "unsubscribe isn" | mail majordomo@private : x-isn-list: x-loop, procmail, etc : x-url: http://www.c4i.org/isn.html : : Test =) : aowybbojjfjwudjx : -- : Test, yep. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jan 20 2004 - 17:05:54 PST