I have some additional information on the virus that has been reported to have been transmitted from email from the list.
The virus name is VBS_KakWorm.A-M. It works by inserting itself into the message body (or, in one variant, the signature line) of messages sent from Outlook Express. It is activated simply by VIEWING THE MESSAGE IN THE PREVIEW PANE OF OUTLOOK EXPRESS. Please note the last two items carefully: This virus DOES NOT REQUIRE AN EMAIL ATTACHMENT TO PROPAGATE and DOES NOT REQUIRE YOU TO DO ANYTHING OTHER THAN LOOK AT THE MESSAGE TO INFECT YOUR COMPUTER! As such, this is a particularly insidious virus which has the potential to spread rapidly, especially through an email list.
More information on this (and other) viruses is available at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWO RM.A-M
(You may have to re-enter the name VBS_KAKWORM.A-M in the Search Again box)
Fortunately, it's not particularly destructive, mainly just annoying (displaying messages and possibly shutting down your computer). Nevertheless, it's imcumbent on all of us to take the time to implement precautions to insure that we don't continue propogating this virus!
What you can do:
1) Install and regularly run an effective virus checking program. McAfee, Norton and several other companies provide good virus protection software at a reasonable price. Be sure you regularly update the "virus definition files" to ensure your software can recognize and deal with the most recent versions of these "computer plagues".
Alternatively, use one of the free online virus scanning programs, such as Housecall from Trend Micro (http://housecall.antivirus.com/).
2) Get the latest updates for your Outlook Express (or Outlook) and Internet Explorer programs. Microsoft regularly issues updates for these (and other) products designed to prevent viruses and other security problems from spreading. Just click on the Help button and select Online Support to go to the Microsoft updates page(s) on the web. Or - better yet - install and use Live Update (if you have this feature available) to be informed automatically of security fixes and other updates for your MS products.
3) Send all messages using the Plain Text mode rather than Rich Text or HTML or other format embedded modes. This particular virus (and others like it) exploit the built-in programming capabilities of the HTML scripting language in Outlook. Sending your messages using Plain Text mode will prevent the spread of these types of viruses. (It will not prevent the spread of viruses included in attachments though; you will need to continue to use common sense and not run attachments of uncertain pedigree sent via email.)
To send an email message as plain text, just click on the Format button on the message toolbar and select Plain Text.
To configure Outlook Express to send emails as plain text by default, go to the Outlook Express toolbar and select Tools/Options/Send and select Plain Text under the Mail Sending Format section.
As I've said before, Rich Text/HTML messages are not appropriate for the list in any case, since not all email clients can read them properly. Couple that with the substantial - and growing - risk of spreading destructive viruses via HTML and Rich Text/HTML mode becomes downright unsociable. Expect to get a little "reminder" email from me if we continue to see HTML postings to the list!
And please, continue to email me directly (including a copy of the offending email) if you receive suspect email from the list. Please be sure to include all the original email header information (original poster, date/time, etc.) to assist in tracking the source.
My email address is: [EMAIL PROTECTED]
Be sure to clearly identify the email as being Waflyfishers List Virus Related Email, so I don't accidentally infect my PC while trying to address the problem!
Many thanks to list member Bill Brown (and others) for providing much of the information above. And special thanks to Jim Medick for first bringing this problem to my attention several weeks ago. I'm sorry Jim that I didn't have enough information at that time to pursue it further.
It's now up to us to clean up our machines and email practices and help stave off this growing - and potentially very destructive - problem.
-Wes
_________________________
Date forwarded: Thu, 25 May 2000 08:06:45 -0700
From: "Wes Neuenschwander" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date sent: Thu, 25 May 2000 08:05:54 -8
Subject: Viruses on the List
Priority: normal
Forwarded by: [EMAIL PROTECTED]
Send reply to: [EMAIL PROTECTED]
> I've received a couple of messages from list members over the last few
> days about receiving Waflyfishers email that contained viruses.
> According to one of the messages the virus was identified (by Norton
> Antivirus) as WSCRIPT.KAKWorm.
>
> This follows a message I received a few weeks ago from another list
> member indicating that his email server had detected a virus in a list
> message; since then I have received periodic responses from that
> server that emails have been detected containing a virus called
> VBS_KAKWORM.A-M.
>
> I personally have not received any virus warnings on incoming email and
> virus scans of my PC have come up clean (using Norton AntiVirus).
>
> Frankly, I'm perplexed. For one, these virus warnings have been
> infrequent and very sporadic in nature; days or weeks have transpired
> between offending messages. This suggests that the source is limited
> to only one or two posters.
>
> Also, very, very few list messages have had attachments. I'm not an
> expert on this subject, but my understanding is that email viruses must
> reside in an email attachment - not the email message itself - to be
> transmitted from machine to machine. No attachment - no file to run (or
> Word document or Excel file macro to run) - no infection to the receiving
> PC.
>
> Here's what I suggest:
>
> - First, anyone who receives a list message that contains a virus,
> please forward the entire message to me directly, at
> [EMAIL PROTECTED] Please include on the subject line "WaFlyfishers
> List Virus Attached", so that I know what I'm receiving before I open it.
> Include in your message body any additional information about the
> offending email, including who the original poster was, name and nature
> of the virus, date and time the message was received, etc. Messages
> saying "I received an alert from my email server that a message from
> [EMAIL PROTECTED] contained a virus" are not enough, since
> they don't idenfify the original source - the person who posted the
> offending message to waflyfishers in the first place. Hopefully the
> additional detail will allow me to identify the source of the viruses and
> work with the "offender(s)" to correct the problem.
>
> - Second, please configure your email programs to send ALL postings
> to the list as Plain Text (in Outlook Express this can be done by
> clicking on the Format button and selecting Plain Text). This should
> eliminate any possibility of a virus being transmitted via (potentially
> executeable) HTML Text. (You should be using Plain Text for email list
> postings anyhow, since HTML and other embedded format modes
> cannot be read by some member's PC's).
>
> - And last, please, please, please INSTALL AND USE REGULARLY a
> decent virus checker program with regularly updated virus definition files.
> Seriously, if you're not checking for viruses, you're headed for a world of
> misery - and risking inflicting misery for your friends and associates.
> Viruses are everywhere and they're getting nastier and more virulent
> every day!
>
> Let's work together to stamp this problem out!!
>
> Any questions or comments about this virus issue, please email me
> directly at [EMAIL PROTECTED]
>
> -Wes
>
> Wes Neuenschwander
> Seattle, WA
> [EMAIL PROTECTED]
>
Wes Neuenschwander Seattle, WA [EMAIL PROTECTED]
