TJim

I post to several usenets and I haven't received a thing yet. <knocks on
wood> Of course, now that I said that, my inbox will be flooded next time I
check... :-P


--
Jim
98 TJ SE
90 SJ GW
http://www.delawareja.com/gallery/JDJeep98


"DaveW" <spsffan@verizon.net> wrote in message
news:1NQab.2789$zA2.2390@nwrddc02.gnilink.net...
> Carlo Jr. wrote:
> > Whoa..........I am sort of glad to hear that it is not only me. I get
around
> > 15 to 30 every time I open Outlook Express - even if it is only an hour
or
> > so apart. You don't think that someone from this news group was less
than
> > honorable, do you???????
> >
>
>
> No, it is happening all over. I got 150 yesterday and over 200 today.
> There's a loooonnng thread on my antique radio newsgroup about it. Seems
> to be almost anyone who ever posted to USENET.
>
> Gotta go. The Shadow is on KNX 1070!
>
> Regards,
>
> DAve
> 91 XJ
>

Mark12211

>Ha! I got 19 of those e-mails today, so far. Someone is trying hard to
>infect us. They are --------- ********

I got them too.

Mark12211

>Ha! I got 19 of those e-mails today, so far. Someone is trying hard to
>infect us. They are --------- ********

I got them too.

@c0mca$t.net

Approximately 9/20/03 05:19, TJim uttered for posterity:

> I tried that with comcast. My wife was receiving several W32.klez emails
> each hour at one point. Comcast basically came back to me and said that it
> was not their responsibility to scan emails and I should get an antivirus
> program. How helpful is that?!?
>
>
About typical for an ISP these days. I used to have one run
by a buncha Berkeley students, but it got so successful it
got bought by RCN, who promptly cancelled all non-business
accounts in the area. Even asked Comcast if they could open
up the mailboxes, since if I don't pull mail every few hours,
the inbox overflows. Hah. As soon as I can get good high speed
DSL am gonna go back to Covad and fire up the old Sparc and
do my own mail/newsfeeds.

@c0mca$t.net

Approximately 9/20/03 05:19, TJim uttered for posterity:

> I tried that with comcast. My wife was receiving several W32.klez emails
> each hour at one point. Comcast basically came back to me and said that it
> was not their responsibility to scan emails and I should get an antivirus
> program. How helpful is that?!?
>
>
About typical for an ISP these days. I used to have one run
by a buncha Berkeley students, but it got so successful it
got bought by RCN, who promptly cancelled all non-business
accounts in the area. Even asked Comcast if they could open
up the mailboxes, since if I don't pull mail every few hours,
the inbox overflows. Hah. As soon as I can get good high speed
DSL am gonna go back to Covad and fire up the old Sparc and
do my own mail/newsfeeds.

@c0mca$t.net

Approximately 9/20/03 05:14, TJim uttered for posterity:

> Do you have your email protection set up in Norton?

Doesn't help unless the manual update was done after the
18th. The virus detect signature wasn't there until then.

> Get ZoneAlarm firewall, too. That helps. (That'll help against intrusions,
> too.)

Won't help a bit if the worm is compressed and stuffed inside a
mime'd email or news posting.

> Get MailWasher. You can put individual addresses or entire domains on your
> black list and it'll bounce them for you right from your ISP's server making
> it look to the sender like your email addy is no good. You don't even have
> to let them into your computer.

That won't help either. The worm is not coming from any single
domain.

What helps is not running Outlook, as there is absolutely no way
you can prevent this worm, since Outlook calls Internet Explorer's
rendering engine and this worm uses invalid MIME types that
Microsoft admits will bypass any and all security checks.

@c0mca$t.net

Approximately 9/20/03 05:14, TJim uttered for posterity:

> Do you have your email protection set up in Norton?

Doesn't help unless the manual update was done after the
18th. The virus detect signature wasn't there until then.

> Get ZoneAlarm firewall, too. That helps. (That'll help against intrusions,
> too.)

Won't help a bit if the worm is compressed and stuffed inside a
mime'd email or news posting.

> Get MailWasher. You can put individual addresses or entire domains on your
> black list and it'll bounce them for you right from your ISP's server making
> it look to the sender like your email addy is no good. You don't even have
> to let them into your computer.

That won't help either. The worm is not coming from any single
domain.

What helps is not running Outlook, as there is absolutely no way
you can prevent this worm, since Outlook calls Internet Explorer's
rendering engine and this worm uses invalid MIME types that
Microsoft admits will bypass any and all security checks.

Joe

You don't need a virus scan if you don't EVER open attachments that you are
not 100% about...
Viruses are usually self inflicted... "Gee, if I open this attachment from
someone I NEVER heard of I can make an extra $80,000 a year parttime... OK!"

"TJim" <jim@ranlet.nospam.com> wrote in message
news:bAednbW1Yo9b2PGiU-KYvQ@comcast.com...
> I tried that with comcast. My wife was receiving several W32.klez emails
> each hour at one point. Comcast basically came back to me and said that
it
> was not their responsibility to scan emails and I should get an antivirus
> program. How helpful is that?!?
>
>
> --
> Jim
> 98 TJ SE
> 90 SJ GW
> http://www.delawareja.com/gallery/JDJeep98
>
>
> "Lon Stowell" <lon.stowell@comcast.net> wrote in message
> news:ePLab.525627$uu5.87127@sccrnsc04...
> > Approximately 9/19/03 15:00, Richard Harris uttered for posterity:
> >
> > > I've been getting at least 170-200 each time I log on....
> > > Anyone know the cure?
> > > I have Norton Antivirus that's up to date and its not getting any
> virus's...
> >
> > If Norton is not flagging the worms in the attachments, it isn't
> > sufficiently up to date. The Intelligent Updater patch was only
> > released 18 sep and the Live Update was only scheduled to be
> > released on 24 Sep, although Symantec may have changed this
> > after upgrading the worm thread due to this high PITA factor.
> >
> > The cure would be to beat your ISP bloody senseless to run
> > all mail thru a viral scan appliance... they are very fast
> > and very cheap.
> >
>
>

Joe

You don't need a virus scan if you don't EVER open attachments that you are
not 100% about...
Viruses are usually self inflicted... "Gee, if I open this attachment from
someone I NEVER heard of I can make an extra $80,000 a year parttime... OK!"

"TJim" <jim@ranlet.nospam.com> wrote in message
news:bAednbW1Yo9b2PGiU-KYvQ@comcast.com...
> I tried that with comcast. My wife was receiving several W32.klez emails
> each hour at one point. Comcast basically came back to me and said that
it
> was not their responsibility to scan emails and I should get an antivirus
> program. How helpful is that?!?
>
>
> --
> Jim
> 98 TJ SE
> 90 SJ GW
> http://www.delawareja.com/gallery/JDJeep98
>
>
> "Lon Stowell" <lon.stowell@comcast.net> wrote in message
> news:ePLab.525627$uu5.87127@sccrnsc04...
> > Approximately 9/19/03 15:00, Richard Harris uttered for posterity:
> >
> > > I've been getting at least 170-200 each time I log on....
> > > Anyone know the cure?
> > > I have Norton Antivirus that's up to date and its not getting any
> virus's...
> >
> > If Norton is not flagging the worms in the attachments, it isn't
> > sufficiently up to date. The Intelligent Updater patch was only
> > released 18 sep and the Live Update was only scheduled to be
> > released on 24 Sep, although Symantec may have changed this
> > after upgrading the worm thread due to this high PITA factor.
> >
> > The cure would be to beat your ISP bloody senseless to run
> > all mail thru a viral scan appliance... they are very fast
> > and very cheap.
> >
>
>

Lon Stowell

Approximately 9/21/03 15:51, Joe uttered for posterity:

> You don't need a virus scan if you don't EVER open attachments that you are
> not 100% about...

On vulnerable versions, or incorrectly patched, upgraded, or
installed versions, all you need to do is "preview"
the email with that attachment if it contains an invalid MIME type
exploit. All it takes is an email that causes Outlook to call the
HTML or MIME rendering engine from Internet Explorer.

And just to make your day, if your virus software signatures are
from before Sep 18th, you just got infected with no action on your
part other than having received an email with a bad mime'd attach.

> Viruses are usually self inflicted... "Gee, if I open this attachment from
> someone I NEVER heard of I can make an extra $80,000 a year parttime... OK!"

You may or may not be vulnerable, depending on how you installed
your version of Outlook:Express 6.00.2720.3000

Installed correctly that version prompts you before running
mis-mime'd executables. If not installed correctly, it will run
W32.Swen.A
automatically.

From Technet.
"However, a flaw exists in the type of processing that is specified
for certain unusual MIME types. If an attacker created an HTML e-mail
containing an executable attachment, then modified the MIME header
information to specify that the attachment was one of the unusual MIME
types that IE handles incorrectly, IE would launch the attachment
automatically when it rendered the e-mail."


>
> "TJim" <jim@ranlet.nospam.com> wrote in message
> news:bAednbW1Yo9b2PGiU-KYvQ@comcast.com...
>> I tried that with comcast. My wife was receiving several W32.klez emails
>> each hour at one point. Comcast basically came back to me and said that
> it
>> was not their responsibility to scan emails and I should get an antivirus
>> program. How helpful is that?!?
>>
>>
>> --
>> Jim
>> 98 TJ SE
>> 90 SJ GW
>> http://www.delawareja.com/gallery/JDJeep98
>>
>>
>> "Lon Stowell" <lon.stowell@comcast.net> wrote in message
>> news:ePLab.525627$uu5.87127@sccrnsc04...
>> > Approximately 9/19/03 15:00, Richard Harris uttered for posterity:
>> >
>> > > I've been getting at least 170-200 each time I log on....
>> > > Anyone know the cure?
>> > > I have Norton Antivirus that's up to date and its not getting any
>> virus's...
>> >
>> > If Norton is not flagging the worms in the attachments, it isn't
>> > sufficiently up to date. The Intelligent Updater patch was only
>> > released 18 sep and the Live Update was only scheduled to be
>> > released on 24 Sep, although Symantec may have changed this
>> > after upgrading the worm thread due to this high PITA factor.
>> >
>> > The cure would be to beat your ISP bloody senseless to run
>> > all mail thru a viral scan appliance... they are very fast
>> > and very cheap.
>> >
>>
>>
>
>