Loading ...
Sorry, an error occurred while loading the content.

Virus Warning

Expand Messages
  • David Paul
    A virus (actually a worm) has been sent to me. This is not a hoax. Below is the gist of the messages that I sent in reply to the person who sent me the virus.
    Message 1 of 1 , Jan 1, 2001
    • 0 Attachment
      A virus (actually a worm) has been sent to me. This is not a hoax. Below is
      the gist of the messages that I sent in reply to the person who sent me the
      virus. Please be aware that anyone who gets and re-sends this virus is
      usually totally unaware that they are doing so. It is a relatively benign
      virus in that it does not destroy or alter anything on your computer,
      (except for the parts necessary to make it into a re-mailable virus). It
      should be noted that this virus apparently only infects people who use
      Microsoft's Outlook Express as their mail program.

      ----------------begin of messages-------------------
      I think that you have a virus on your machine. Your
      message arrived with a warning that there was an activeX control which my
      security settings would not let my machine execute. I saved the message and
      looked at it with an analyzer and found some very strange code embedded in
      the message. Now I don't pretend to understand it all, but it looks like it
      writes things into your registry and various other files on your computer,
      so I suspect that it is indeed a virus. I hope I'm wrong. I'll try to find
      out more about it and let you know. If you have anti-virus software, then
      you should run it and see if it spots anything.
      ------- end of first message-----

      Yes, you indeed do have a virus. (technically, its a worm, not a
      virus). It is called Kak and is similar to the BubbleBoy virus which was in
      the press a few months ago. Take a look at:

      http://www.datafellows.com/v-descs/kak.htm

      -----------quoted from the above web page-----------
      if active scripting is disabled from Outlook Express, the worm will not
      work.

      Microsoft has more information on this problem available at:
      http://www.microsoft.com/technet/security/bulletin/fq99-032.asp

      They also have a patch to fix this problem at:
      http://www.microsoft.com/technet/security/bulletin/ms99-032.asp

      ---------- end of quote---------------

      I believe that I was able to intercept the virus because I loaded the above
      patch a while back, but it is also possible that it was because I disable
      Java Scripting. I'm not sure which at the moment and am trying to figure it
      out. I'll continue to update you on what I find. Good way to start out the
      new Millenium :)
      ------- end of second message -------
      Ok. I believe that you should check out Internet Explorer to disable
      JavaScript from running unsigned activeX controls.

      Start up IE, click on tools, Internet Options and the Security tab at the
      top. Click on Custom Level and look for:
      'Initialize and script ActiveX controls not marked as safe'. Click to
      Disable

      and find:

      'Script ActiveX controls marked safe for scripting'. Click to Enable

      As a further safeguard, I would download and install the patch that was
      mentioned in my previous message.

      Fortunately, this worm appears to be rather benign as it doesn't destroy or
      alter anything seriously. In addition to embedding
      itself into every e-mail that you send, it simply shows a message on the
      first day of every month if you start up windows after 6:00 PM and then
      shuts down windows.
      ------ end of third message -------

      The web page I mentioned first has details on how to recognize if you have
      gotten this virus and how to get rid of the virus if it has indeed gotten to
      you.

      Let me know if there are any questions.

      Paul
    Your message has been successfully submitted and would be delivered to recipients shortly.