Another Virus Alert

“by a mere 32 seconds.”

“This ain't horseshoes.”

“yeah but skiracer gave the better info”

“Well, our IS just implemented a system wide scan. Boy did performance slow down.”

“I would worry about your AV software if it didn't slow way down, chili.”

“When I run live update I get an LU1844 error message. It also says my last Definition file is dated 5/28/2003...which sucks because I run liveupdate about two or three times a week.

What I am suspecting now is that it has not been working for months, but acts like it is updating. The error message just started happening though.

I went to the Symantec website AND IT WAS ABSOLUTELY NO HELP WHATSOEVER.”

“We just had a virus attempt via an address at @canada.com.”

“I found a page at Symantec that supposedly addresses the LU1844 problem. None of their fixes worked.

This sux.”

“Did you try this page Phil?

This won't affect your photo page, will it?”

“a virus alert from Violin, how ironic. ;-)”

“Its all part of my evil plan - don't worry lyra, don't worry.”

“Is that the one that tries to trick you into thinking it's a mail delivery failure? I had two of those in my hotmail (junk) account this morning.”

“well i got hit it”

“I've received three at work in the last two days. Our email server here is set up to strip the viral payload, then go ahead and deliver the email.”

“well im back. they found three eeekkkkkk

but it goes with the job.”

“Scanner from eEye Digital Security. Just came out today. Scan a single IP address (one computer) or a range of IP adresses. Warning: Your network administrator may not enjoy the IP traffic this may cause on your internal network.

How It Works
Detection:
1. A TCP syn scan is performed on port 3127 to locate systems with port 3127 open.

2. A conversation is attempted with the open 3127 port to verify that it is the listening backdoor to verify infection – if not then the system will display “Potentially Infected”.

3. If the system has been infected, then it will be displayed as “Infected”. If the system has not been infected , then the system will be displayed as “Not Infected”.”

“An Attorney's Advice ..and it's free!

Read this and make a copy for your files in case you
need to refer to it someday. Maybe we should all take
some of his advice!

A corporate attorney sent the following out to the
employees in his company:

The next time you order checks have only your
initials (instead of first name) and last name put on
them. If someone takes your checkbook, they will not
know if you sign your checks with just your initials
or your first name but your bank will know how you
sign your checks.

When you are writing checks to pay on your credit
card accounts, DO NOT put the complete account number
on the "For" line. Instead, just put the last four
numbers. The credit card company knows the rest of the
number and anyone who might be handling your check as
i! t passes through all the check processing channels
won't have access to it.

Put your work phone # on your checks instead of your
home phone. If you have a PO Box use that instead of
your home address. Never have your SS# printed on your
checks (DUH!) you can add it if it is necessary. But
if you have it printed, anyone can get it.

Place the contents of your wallet on a photocopy
machine, do both sides of each license, credit card,
etc. You will know what you had in your wallet and all
of the account numbers and phone numbers to call and
cancel.

Keep the photocopy in a safe place. I also carry a
photocopy of my passport when I travel either here or
abroad. We have all heard horror stories about fraud
that's committed on us in stealing a name, address,
Social Security number, credit cards, etc.

Unfortunately, I, an attorney, have firsthand
knowledge because my wallet was stolen last month.
Within a week, the thieve(s) ordered an expensive
monthly cell phone! package, applied for a VISA credit
card, had a credit line approved to buy a Gateway
computer, received a PIN number from DMV to change my
driving record information online, and more.

But here's some critical information to limit the
damage in case this happens to you or someone you
know: We have been told we should cancel our credit
cards immediately. But the key is having the toll free
numbers and your card numbers handy so you know whom
to call. Keep those where you can find them easily.

File a police report immediately in the jurisdiction
where it was stolen, this proves to credit providers
you were diligent, and is a first step toward an
investigation (if there ever is one).

But here is what is perhaps most important: (I never
even thought to do this).

Call the three national credit-reporting
organizations immediately to place a fraud alert on
your name and Social Security number. I had never
heard of doing that until advised by a bank that
called to tell me an application for credit was made
over the Internet in my name.

The alert means any company that checks your credit
knows your information was stolen and they have to
contact you by phone to authorize new credit.

By the time I was advised to do this, almost two
weeks after the theft, all the damage had been done.

There are records of all the credit checks initiated
by the thieves' purchases, none of which I knew about
before placing the alert. Since then, no additional
damage has been done, and the thieves threw my wallet
away this weekend (someone turned it in). It seems to
have stopped them in their tracks.

The numbers are:

Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289

Social Security Administration (fraud line):
1-800-269-0271

We pass along jokes on the Internet; we pass along
just about everything. Pass this information along. It
could really help someone you care about.”

“For anyone who might be interested, the latest Symantec (Norton)Virus Definition File is 01/28/2004 rev. 17

Phil, did you get your virus definition file to update properly?”

“I think I got a virus email last night at home. I didn't open it to find out, but there were some funny things about it:

1) It was an email telling me that I had sent an email with a virus to someone. The virus identified was Worm.SCO.A. I looked on the Symantec site and they had no listing for this virus.

2) The address I supposedly sent the virus to was an address on a server that doesn't exist. I used 2 different DNS lookup sites to try and resolve the server name to an IP address. Both failed.

3) The email appeared to have been sent from the postmaster at a different site that also failed the DNS lookup listed above.

So be careful!”

“There is a new variant of the MyDoom virus that deletes .doc, .xls and other files. If you're using Norton AntiVirus, make sure you keep those pattern files up to date. The latest Virus Definition File for Norton AntiVirus is 02/24/2004 rev. 17.

Symantec's name for the new name for MyDoom.F is W32.Mydoom.F@mm. More information can be found at Symantec MyDoom.F info”