--- Begin Message ---Ted,That is NOT true. This fellow obviously became infected through reading a HTML formatted email containing the WORM. I wish people would stop their paranoia about opening email. PLAIN email can not infect your computer. It's that simple. HOWEVER, as I mentioned in my last reply, those with OUTLOOK EXPRESS (I'm not yelling, I'm emphasizing), are most vunerable.
The scoop on the KAK work is:
This is an Internet worm which uses _javascript_ and an ActiveX control, called
"Scriptlet Typelib", to propagate itself through email using MS Outlook
Express. This worm consists of 3 components, an HTA file (HTML
Application), a REG file (Registration Entries Update) and a BAT file
(MS-DOS Batch).When an e-mail or newsgroup message infected by this worm is opened by a
reader which supports _javascript_ in HTML, the script checks to see if MS
Internet Explorer 5 or higher is installed. If it is, using an ActiveX exploit
known as "Scriptlet TypeLib", the script writes the KAK.HTA file to the
Startup folder of the local machine. This will launch the code embedded in the
HTA file at the next Windows startup. Microsoft has published a security
update which addresses this ActiveX exploit and users are encouraged to
update their systems with this component. With this update installed, users
are questioned if they wish to run the ActiveX control which "might be unsafe".Might or might NOT be safe. All the patch does is let's one know off a ActiveX.
The best fix for all the problems of viruses and email and newsgroups, is to practice safe computing using Netscape. It has no security holes like IE and Outlook Express.
Again, the fellow that wrote the message is over-paranoid. You CAN safely open email, attachements are another story. If one is still worried about Microsoft ActiveX infecting their system, then in Netscape, simply switch off viewing email as HTML. Voila! (for the paranoid.)
People running List Severs and/or newsgroup servers can, and should have security installed which they can get from the originators of the problem,... Microsoft.
Jim
Ted Windsor wrote:
------------------------------------------------------------------------Subject: Re: Viruses?? More species seen!
Date: Fri, 27 Oct 2000 10:19:43 -0700
From: [email protected]
Organization: Applied Technology
To: [email protected], RIFE LIST <[email protected]>
CC: [email protected]
References: <[email protected]> <[email protected]>Ralph & friends,
A new version of virus is now on the scene that does not exist as an
attachment to an email which must be 'clicked on' to open & activate it;
one example is the KAK worm that showed up in my incoming email
yesterday, by merely opening the email to read it, the script is run....
prudence in not opening unrecognized attachments alone will not be
enough to protect your system from infection & subsequent damage by this
type of "WORM".Symantec's anti-virus web site will give you further information:
specifically, you can search their virus database for WScript.KakWorm
and it's variants to get up to speed on the capabilities of this type of
'worm'.Norton Antivirus 2000 detected the presence of this virus on incoming
mail & would not let it get onto the system, but in the process of
dealing with it, the email download process would hang. It took a bit of
time to get everything back to normal, to clear the email queue.Be Careful! & Be Well!!
Bruce
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`Ralph Hartwell wrote:
>
> > I have received several posts with an attachment which I delete
> every time it
> > appears because I am uncertain so won't take a chance. May lose some
> > important info that way but what else can we do.
>
> As a rule, I NEVER ! ! open an attachment. I have my email program
> set to NOT OPEN attachments. Most attachments get unceremoniously
> deleted. Sorry folks, but it's MY system, and I'd like to keep it
> running. <G>
>
> If I decide I want to take a further look at the attachment, I save it
> to disk, and look at the file name when I save it. If it has a
> "double-dot" extension, i.e., "filename.jpg.pif" or somesuch, I
> consider it a virus and delete it. When the file is saved to disk, it
> is scanned my virus scanner, and is usually caught at that point if it
> is a nastygram. If it passes that test, I open it in Notepad or
> Wordpad, neither one of which will allow an executable file to run.
>
> Ralph W5JGV
>
> ICQ 8514638
> [email protected]
> [email protected]
> http://home.att.net/~ralph.hartwell
> Home of the Rife Biomedical Research Web Ring
>
> ___________________________________________________________
> T O P I C A The Email You Want. http://www.topica.com/t/16
> Newsletters, Tips and Discussions on Your Favorite Topics___________________________________________________________
T O P I C A The Email You Want. http://www.topica.com/t/16
Newsletters, Tips and Discussions on Your Favorite Topics
--- End Message ---
