[LargeFormat] Virus?

Clive Warren largeformat@f32.net
Fri Apr 26 05:41:02 2002 

At 6:50 pm -0700 25/4/02, Les Newcomer wrote:
>I'm putting this out as an APB and asking if anybody knows what's going on
>with my computer.
>
>Starting about 3 or 4 days ago I started getting emails from unkown
>recients, with various attachments.
>None of the emails come from the same address, none come from the LF list
>serve, all have different subject headings.  All have attachements with odd
>or unkown formats
snip
>
>Has anybody recieved anything similar?
>Does anybody have enough computer skills to tell me what a .pif, scr and a
>[1].htm is?  I would have assumed it would have lead to a page on the web
>but it doesn't.
snip

Les,

As you are using a Mac you are probably safe. This is the Code Red 
worm virus that has surfaced again. Essentially, if someone has an 
infected machine, the virus uses the MS OutLook mail application to 
gather Email addresses and replicates itself, generating attachment 
files that includes the virus and based on random files on the 
unfortunate person's computer. The virus sends out Emails to all the 
addresses it can find - if your address is on the infected computer, 
you receive the virus carrying Emails. The Emails are sent out 
whenever the infected machine is connected to the internet.

The .pif, scr and [1].htm attachment files are the virus incorporated 
in random selections of files taken from the infected computer.

As you are using a Mac, simply delete the messages and attachments - 
always a good idea to run a virus checking application that should be 
kept up to date. If you are using a PC and OutLook then the preview 
window can activate the virus. So if you are running a PC and find 
the suspicious file attachments, chop your external internet 
connection immediately and run an up to date anti-virus application 
to clean up your computer.

Some modifications of this virus can also gather Email addresses that 
are included on web pages visited by the infected machine. The 
visited pages are stored as files in the browser's cache and the 
virus scans these looking for EMail addresses. This is how the 
registered f32 photographers recently were subject to virus Emails. I 
did warn all registered photographers to be on their guard and 
identified the Email for them.

One of the best ways of avoiding the MS virus of the month is to use 
any mail client that is not OutLook!  I recommend Eudora which is 
free and an excellent Email client that I have been using for many 
years. http://www.eudora.com If you also use a Mac then you are even 
more safe :-)

Hope this helps,

Cheers,
        Clive