[filk] Re: Yet ANOTHER nasty outlook virus--this is no joke!

This is a potentially dangerous variant of an older virus. Anyone running Outlook 2000 or Outlook Express 5.5 and below is at risk. Like all such viruses I know of, the patch from Microsoft was available months before the virus came out, but many people still haven't installed them all.

Here's how you can protect yourself from the virus running automatically, without being opened. This will work even if there is no patch for a particular virus. Remember, however, that if you deliberately open the attachment, you are toast.

Go to Outlook or Outlook Express. Go to Tools, then Options, then Security. Set Security to the most restricted option available (there will be two).

Next, go to the Control Panel and open Internet Options. Under Security, select Restricted Sites. Click "Custom". Select "Disable" for anything you can, and set everything else to "High". Some things don't have either option; they're fine.

This will stop all auto-running email viruses, and should work on all future such viruses, even if they work via unpatched holes in security.

Filksinger
AKA David Nasset, Sr.
Geek Prophet to the Technologically Declined

> -----Original Message-----
> From: filk-bounce at dragoncat.net [mailto:filk-bounce at dragoncat.net]On
> Behalf Of A. Prather
> Sent: Wednesday, November 28, 2001 9:31 AM
> To: lady_firebird at yahoogroups.com; tahc_asan at u.washington.edu;
> filk at dragoncat.net; kkfh at aol.com; Eileen M. Rickey; Charmel Bowden
> Subject: [filk] Yet ANOTHER nasty outlook virus--this is no joke!
>
>
>
>
> Hi
>
> Last night my husband's computer got infected with the latest Outlook
> worm. It comes in as an attachment with a subject line from a recent
> e-mail you sent to the person. For example, my husband sent his father his
> flight number. He received the virus as an attachment to an e-mail which
> said "flight number" in the subject line.
>
> The worm creates an executable file called Kernel32.exe, which does things
> to the registry and to the kernel32.dll file. The net result is that
> allyour cached passwords get captured and sent to several sites. The thing
> also drops a trojan that enables keystroke logging for sixty seconds every
> time it sees keywords like "login", "password" and a few others. You can
> get details from the symantec web site.
>
> This worm affects Windows machines using Outlook Express. It's
> particularly nasty because all you have to do is highlight the infected
> message...and the attachment will execute. You can prevent damage if you
> have a firewall like ZoneAlert--because the firewall will stop the worm
> from accessing the Internet. Oh, yes, one other feature--the darn thing
> sends itself to everyone in your address book. Also, Microsoft has
> information about how to fix the security hole this virus takes advantage
> of.
>
> I really recommend that if you haven't updated your virus checker since 24
> November, you do so. Also if you have questions, go to the Web site--don't
> just take my word for it. It was very late when we were trying to deal
> with this, so I basically have it right--but I din't know how to fix it.
>
> Take care, everybody!
>
>
> Anne
>
>
>
Received on 11/28/01