ebase listers, My apologies for misstating the case earlier -- I'd only seen yesterday's assessment from Symantec. Now, new information is available at the URL in #1 below. Apparently this worm _can_ infect & execute from the preview panel of Outlook/Outlook Express, or from simply viewing an infected email. This is due to a vulnerability in certain versions of Internet Explorer for Windows. Since Internet Explorer is used by Outlook/Outlook Express (and perhaps other mail clients), vulnerabilities in Internet Explorer can sometimes be exploited within email clients. This makes the worm far more dangerous, as many users will spread it without ever knowing they've received it, and without ever opening an infected attachment.
I believe this makes it imperative for Windows users to do two things: 1.) Update virus definitions and do a full system scan. You may want to detach your computer from the LAN it's on if you are on a local network. Follow directions at http:[EMAIL PROTECTED] to remove the worm if you find that you are infected. If you are infected, you absolutely should detach from the Local Area Network, both to prevent further infections from occurring and to prevent the worm from emailing your keystroke logs to hackers, before going on to fix the computer. (If you don't have antivirus software, you are likely to infected by this or other worms/viruses, and you should plan to get some software ASAP. Once you get it installed, update the definitions first thing, and then follow the directions in #1 above. Note: users of free, web-based email services may be less likely to receive the worm, as those services sometimes provide automatic scanning of email) 2.) If you are running an older version of Internet Explorer (go to Help>About Internet Explorer to find out your version), you should upgrade to version 5.5 service pack 2 or to version 6. These newer versions are not vulnerable to this security exploit. If you have version 5.5xxxxx (where xxxxx is a bunch of digits, the "ABOUT" window must also say sp2 in the version info, or you are not running 5.5 service pack 2. Upgraded versions of IE can be downloaded at microsoft.com, but could be a significant (20MB) download. Ask for help if you've got a slow connection to the internet, but have a friend with broadband. A good solution for an office is to download an all-in-one updater (I downloaded one for W95, W98, WNT4, WMe, and W2000 -- it was 50 MB), put it on a CD or zipdisk, and then work around an office updating all machines as necessary. I cannot emphasize strongly enough how important it is to get (& properly use) antivirus software, be suspicious of attachments, and upgrade to IE 5.5sp2 or IE 6. There have been a number of very damaging viruses/worms in the past months, and we're likely to see more of them, not fewer, in the future. Eric Johnson Colorado Environmental Coalition 1536 Wynkoop #5C Denver, CO 80202 Keep up with CEC news & goings-on at http://www.ourcolorado.org ------------------ Reminder to each recipient: To change your list account preferences, go to http://email.sparklist.com/scripts/lyris.pl?enter=support and enter the email address you used to subscribe to the ebase support list:: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] --------------------------------------------------------------------- ebase - Relationship Management for Nonprofits, http://www.ebase.org ---------------------------------------------------------------------
