Well what do you know - another new bit of self-propagating malware has appeared today that self-propagates itself via Bluetooth, needs no user assistance and targets Mac OS X 10.4:
http://news.com.com/Bluetooth+worm+targets+Mac+OS+X/2100-7349_3-6041091.html Again, it is more a proof-of-concept and exploits an old vulnerability, but it is a worrying development nonetheless. Okay everyone. I think it is time to pick your favourite Anti-virus program and stop assuming Macs are immune. Again, we don't need to panic as we are still far better off than our Windows brethren, but I'm afraid we're not in Kansas anymore Toto. > From: subscribe <[EMAIL PROTECTED]> > i Dont think this is the motherload virus the Apple community has been > dreading, i think its alot of the same hype we have seen before with > opener et al, as i have stated previously, it requires alot of user > interaction for a *virus* and i hesitate to call it that., I would like to believe you Nat, but my investigations of this beastie point me in the opposite direction. I've also read Andrew Welch's investigation on the Ambrosia site and his description does make it sound like it is a large number of hoops to jump through. Unfortunately the very same steps can be written as: - Receive a message from a TRUSTED buddy in iChat - Click accept to download the interesting looking jpeg file they have sent - double-click the innocent looking zip file - double-click what looks like a jpeg file (can you seriously tell me you haven't done all these things before yourself? Again remember that most users will NOT be asked for a password for the script to run) and whammo, many of your applications get infected and then corrupted and suddenly all your local buddies have been sent the worm via iChat as well. This is far more sophisticated than the simple trojan files which had no way of infecting other apps or other users unless a human passed them on which we faced with Opener et al. Even if there are bugs in the code that stop it from fully working a lot of the time - how long will it be before the author or other nasty people fix the bugs and send out something worse? > by and large > i would expect that Apple will patch this thing pretty quickly: Whether Apple patches it or not is irrelevant. Heck Microsoft patches Windows against a lot of malware on that side of the fence all the time - does it mean Windows users should deny that the viruses/worms/trojans exist or that they shouldn't take appropriate measures to mitigate the problems? This is malware of a nature we haven't faced before - we needn't be scared of it as this current version isn't particularly nasty, but the next version could be. -Mart > as for antivius software: i like Clam AV, run it on 5 of my Servers > here at Elproducto, it has a low overhead and is patched and updated > regularly, i have also run it on Machines when i was at ECU, all in all > i'm not convinced the CME-4, OSX/Leap trojan/worm/virus thing is > anything new or anything to be overly concerned about, i would be more > concerned that other malicious code writers will see all the hype and > media about this thing and start to work out ways to exploit OS X, and > during that process somebody will actually write something that is very > dangerous and does serious damage to an OS X system. > > from the ambrosia site: > > You cannot be infected by this unless you do all of the following: > > 1) Are somehow sent (via email, iChat, etc.) or download the > "latestpics.tgz" file > > 2) Double-click on the file to decompress it > > 3) Double-click on the resulting file to "open" it > > ...and then for non-Admin users, it fails to infect most applications. > > You cannot simply "catch" the virus. Even if someone does send you the > "latestpics.tgz" file, you cannot be infected unless you unarchive the > file, and then open it. > > A few important points > > -- This should probably be classified as a Trojan, not a virus, because > it doesn't self-propagate externally (though it could arguably be > called a very non-virulent virus) > > -- It does not exploit any security holes; rather it uses "social > engineering" to get the user to launch it on their system > > -- If you're not running as an admin user, it will silently fail to > infect most applications > > -- It doesn't actually do anything other than attempt to propagate > itself via iChat, and then only via Bonjour! (it does not sent itself > over the Internet, rather just to your local Bonjour user list) > > -- It has a bug in the code that prevents it from working as intended, > which has the side-effect of preventing infected applications from > launching > > -- It's not particularly sophisticated > > > cheers > > Nat > > On Feb 17, 2006, at 3:31 PM, Martin Hill wrote: > >> Nat, as I mentioned, I agree with some of your points (though we might >> agree >> to disagree on the corruption vs destruction point!), but I think the >> main >> point is that here is the first evidence of Mac OS X malware that: >> - does NOT in most cases need a password to run, >> - that infects (and then because of a bug corrupts) other applications >> - that attempts to self-replicate using Apple-specific IM software (the >> virus author also apparently planned to implement eMail propagation as >> well, >> "but never got around to writing that code") >> and thus displays some of the features of a virus and a worm as well >> as a >> trojan horse. >> >> Whether it is terribly effective or not I think the fact remains that >> this >> represents a significant new development in the small world of malware >> for >> OS X. We are now not talking about a simple trojan which lacks an >> automated >> infection vector. >> As such, I have finally decided to install Nortons AV on my Mac (it's >> site >> licensed software here at Curtin) and realise that although the >> chances of >> being infected by OS X malware is very low, the chances are now not >> zero >> (particularly if you use iChat at the moment). >> >> More to the point, proof-of-concept code such as this can be modified >> to >> carry a much nastier payload down the road, so I think we need to be a >> little more cautious now as Mac users - though of course we needn't be >> as >> paranoid as PC users need to be. >> >> Unfortunately we can't now brag that OS X has Zero Viruses/worms >> because it >> is not really true anymore (semantic arguments notwithstanding!). >> However >> we *can* brag about the 140,000 to 1 ratio of such malware when >> comparing >> Windows to OS X and the fact that there are still zero recorded >> instances of >> spyware and adware which all still adds up to a huge selling point for >> the >> Mac. >> >> -Mart >> >>> From: subscribe <[EMAIL PROTECTED]> >>> Date: Fri, 17 Feb 2006 14:22:51 +0800 >>> To: WAMUG Mailing List <[email protected]> >>> Subject: Re: First self-propagating worm targeting Mac OS X >>> >>> Mart >>> >>> the only self mounting compressed files are SEA from OS9 and .dmg OS X >>> >>> this only affects PPC running 10.4, it does not effect 10.3 or Core >>> Duo >>> based machines >>> >>> and it self propagates to other users in the iChat buddy list *if* >>> its >>> shell script is executed >>> >>> it does not destroy or modify anything, nor does it delete anything, >>> degrade performance, cause system instability or compromise any >>> security settings >>> >>> so no i would not agree that corrupting any application you run is >>> destructive >>> >>> when you crash an application on OS X, is that destructive??? >>> >>> thats corruption, its different >>> >>> >>> cheers >>> >>> Nat >>> >>> On Feb 17, 2006, at 1:11 PM, Martin Hill wrote: >>> >>>>> From: Martin Hill <[EMAIL PROTECTED]> >>>>>> (2) unpack the tar.gz >>>>>> (3) run the shell script that is inside >>>>> >>>>> I understand these steps all happen automatically without requiring >>>>> human >>>>> intervention. I don't think it negates the self-replicating dangers >>>>> of the >>>>> beast. >>>> >>>> Actually, thinking more about this (not being an iChat user much >>>> myself), >>>> you probably are correct on this count, the user would have to >>>> double-click >>>> the compressed file and then open the terminal script file manually >>>> with >>>> current versions of Mac OS X. I would hope Auto-decompress and >>>> auto-open >>>> shouldn't be enabled with iChat and the de-compression engine these >>>> days! >>>> >>>> As such you would hope this would give many users a warning that this >>>> is no >>>> ordinary file, but no password will be required normally and the >>>> self-replication vector is still there so I think this is still a >>>> serious >>>> issue. >>>> >>>>>> (4) type in an administrator password when the shell script asks >>>>>> for >>>>>> it. >>>>> >>>>> It also does NOT require a password if your account has admin >>>>> privileges >>>>> (root privileges NOT required). Most Mac users I know are running >>>>> with >>>>> admin privileges enabled (the default option when OS X is installed) >>>>> so they >>>>> won't have the warning of having to type in a pwd. >>>>> >>>>>> hardly a virus , >>>>> >>>>> As various commentators have indicated, it is really a blended >>>>> threat: >>>>> "Leap.A (CME-4) acts like a combination of a Trojan, virus and worm. >>>>> It acts >>>>> like a Trojan because it masquerades as a JPEG file, a virus because >>>>> it >>>>> attempts to infect executables, and a worm because it attempts to >>>>> send >>>>> copies of itself to others via iCHAT. This last action is similar to >>>>> that of >>>>> an instant messaging worm on the Windows platform." >>>>> >>>>> I wouldn't brush it off quite so quickly, particularly as it now >>>>> provides a >>>>> platform for more nasties to use as a base to do worse things. >>>>> >>>>>> Malware..?, yes its malicious but not destructive, >>>>> >>>>> Corrupting any application you run is not destructive? It may not >>>>> be >>>>> as >>>>> nasty as deleting your home directory, but it still qualifies as >>>>> destructive >>>>> in my book. >>>>> >>>>>> it >>>>>> requires so much user interaction, it looks like more of a social >>>>>> engineering exercise or a proof of concept like opener was. >>>>> >>>>> The only user interaction it requires is to accept the download of >>>>> the file >>>>> in iChat from what I've read. If your trusted buddy on iChat sends >>>>> you what >>>>> looks like a jpeg file with the title "Mac OS X 10.5 screen shots" >>>>> the >>>>> chances are you will click accept. Yes? We're not talking email >>>>> from some >>>>> unknown source here. >>>>> >>>>>> thoughts? >>>>> >>>>> I've been the first to set the record straight on false Mac virus >>>>> scares in >>>>> the past, but it doesn't mean we should necessarily take this one >>>>> lightly. >>>>> >>>>> The stats still stand at the following: >>>>> >>>>> Microsoft Windows: >>>>> Viruses and Worms = 140,000 (Symantec Security Focus) >>>>> Spyware and Adware programs = 78,000 (www.pestpatrol.com) >>>>> Burrowers = 40 (www.pestpatrol.com) >>>>> 80% of PCs infected with spyware (webroot.com) >>>>> 2004 alone: >>>>> - 500 new Trojans (www.pestpatrol.com) >>>>> - 500 new keyloggers (www.pestpatrol.com) >>>>> - 1,287 new adware apps (www.pestpatrol.com) >>>>> - 7,360 new viruses and worms (symantec.com) >>>>> >>>>> Mac OS X: >>>>> Viruses and Worms = 1 >>>>> Spyware programs = 0 >>>>> Adware = 0 >>>>> Keyloggers = 0 >>>>> Burrowers = 0 >>>>> Trojans = 3 (symantec.com) >>>>> 2004: >>>>> - 1 Rootkit (symantec.com) >>>>> >>>>> With many of the thousands of Windows viruses and worms being far >>>>> more >>>>> nasty compared to this fairly innocuous Mac worm, it is by no means >>>>> the end >>>>> of the world, but this is nonetheless the first truly credible >>>>> self-propagating threat to OS X. I think we should finally start >>>>> looking at >>>>> firming up our malware strategies on the Mac just to be safe. >>>>> >>>>> -Mart >>>>> >>>>>> cheers >>>>>> >>>>>> Nat >>>>>> >>>>>> On Feb 17, 2006, at 9:18 AM, Martin Hill wrote: >>>>>> >>>>>>> Well it has finally happened after all these years of commentators >>>>>>> crying >>>>>>> wolf. >>>>>>> >>>>>>> The first bit of malware that attempts to spread itself to other >>>>>>> Mac >>>>>>> users >>>>>>> has finally arrived on the scene. Note this is not technically a >>>>>>> virus as >>>>>>> many articles are saying but it is also not just a simple trojan >>>>>>> as >>>>>>> some Mac >>>>>>> users are saying. >>>>>>> >>>>>>> To get infected a user has to click on what looks like a jpeg file >>>>>>> in a >>>>>>> message sent through Apple's iChat program so it requires user >>>>>>> intervention, >>>>>>> but as it then attempts to infect other applications - they get >>>>>>> corrupted >>>>>>> due to a bug. It then attempts to send copies of itself to all >>>>>>> users >>>>>>> in the >>>>>>> buddy list of the infected user if they use the iChat software. >>>>>>> >>>>>>> This malware also does not require the affected user to enter a >>>>>>> password if >>>>>>> they are an admin user (or if they are a root user) - it only asks >>>>>>> for >>>>>>> a >>>>>>> password if they have been intentionally set up as a user without >>>>>>> admin >>>>>>> privileges. As a default install of OS X automatically gives the >>>>>>> main >>>>>>> user >>>>>>> admin privs, most users will not be asked for a password as this >>>>>>> worm >>>>>>> installs itself. >>>>>>> >>>>>>> Although it does not delete files or do any other nasty things, it >>>>>>> looks >>>>>>> like other nasty hackers could modify this initial code to cause >>>>>>> more >>>>>>> damage. >>>>>>> >>>>>>> Looks like we had all finally better start installing and using >>>>>>> anti-virus >>>>>>> software on our Macs (particularly if you use (Apple's iChat >>>>>>> software). >>>>>>> >>>>>>> Symantec's Description of this worm (which they call "OSX.Leap.A" >>>>>>> also >>>>>>> known >>>>>>> as the "Oompa Loompa" worm): >>>>>>> http://securityresponse.symantec.com/avcenter/venc/data/ >>>>>>> osx.leap.a.html >>>>>>> >>>>>>> The stats still stand at the following: >>>>>>> >>>>>>> Windows Viruses/worms = 140,000 >>>>>>> Mac OS X worms = 1 >>>>>>> >>>>>>> With many of the thousands of Windows viruses and worms >>>>>>> particularly >>>>>>> nasty >>>>>>> compared to this fairly innocuous Mac worm, it is by no means the >>>>>>> end >>>>>>> of the >>>>>>> world, but this is nonetheless the first truly credible threat to >>>>>>> OS X. >>>>>>> >>>>>>> Here are the details from MacFixit: >>>>>>> http://www.macfixit.com/article.php?story=20060216075452766 >>>>>>> >>>>>>> "Protective method: Setting iChat to not automatically accept >>>>>>> incoming >>>>>>> files >>>>>>> In order to protect against the unintended acquisition of this >>>>>>> malware, it >>>>>>> is recommended that you set iChat to notify the user before >>>>>>> accepting a >>>>>>> file. This is accomplished by opening iChat's preferences, then >>>>>>> clicking the >>>>>>> "Messages" tab, and selecting "Confirm before sending files." This >>>>>>> is >>>>>>> the >>>>>>> default setting for a fresh Mac OS X installation. >>>>>>> >>>>>>> And remember, be very cautious with supplying your administrator >>>>>>> password to >>>>>>> system prompts. You should never be asked to enter your >>>>>>> administrator >>>>>>> password to open a .jpg file (as in the above case). Provide your >>>>>>> administrator password only to trusted applications. >>>>>>> >>>>>>> In fact, you should avoid being logged in as an administrator >>>>>>> whenever >>>>>>> possible. Instead, use a standard user account for daily tasks. >>>>>>> >>>>>>> Andrew Welch of Ambrosia Software has discovered and described a >>>>>>> new >>>>>>> piece >>>>>>> of malware for Mac OS X dubbed the "Oompa-Loompa Trojan >>>>>>> (OSX/Oomp-A)" >>>>>>> >>>>>>> The malware was posted as "latestpics.tgz" to a Mac rumors web >>>>>>> site, >>>>>>> claiming to be pictures of "Mac OS X Leopard" (an upcoming version >>>>>>> of >>>>>>> Mac OS >>>>>>> X. >>>>>>> >>>>>>> Andrew writes: >>>>>>> >>>>>>> "When unarchived (it is a gzip-compressed tar file), which can be >>>>>>> done >>>>>>> by >>>>>>> simply double-clicking on the file, it appears to be a JPEG file >>>>>>> because >>>>>>> someone pasted the image of a JPEG file onto the file. >>>>>>> >>>>>>> "After it's been unzipped, tar will tell you there are two files >>>>>>> in >>>>>>> the >>>>>>> archive: >>>>>>> >>>>>>> * ._latestpics >>>>>>> * latestpics >>>>>>> >>>>>>> "The ._latestpics is just the resource fork of the file, which >>>>>>> contains the >>>>>>> pasted in custom icon meant to fool people into double-clicking on >>>>>>> it >>>>>>> to (in >>>>>>> theory) open the JPEG file for viewing. In actuality, >>>>>>> double-clicking >>>>>>> on it >>>>>>> will launch an executable file. >>>>>>> >>>>>>> "The file 'latestpics' is actually a PowerPC-compiled executable >>>>>>> program, >>>>>>> with routines such as: >>>>>>> >>>>>>> * _infect: >>>>>>> * _infectApps: >>>>>>> * _installHooks: >>>>>>> * _copySelf: >>>>>>> >>>>>>> "A few important points >>>>>>> >>>>>>> * This should probably be classified as a Trojan, not a virus, >>>>>>> because >>>>>>> it doesn't self-propagate externally >>>>>>> * It does not exploit any security holes; rather it uses >>>>>>> "social >>>>>>> engineering" to get the user to launch it on their system >>>>>>> * It requires the admin password if you're not running as an >>>>>>> admin >>>>>>> user >>>>>>> * It doesn't actually do anything other than attempt to >>>>>>> propagate >>>>>>> itself >>>>>>> via iChat >>>>>>> * It has a bug in the code that prevents it from working as >>>>>>> intended, >>>>>>> and has the side-effect of preventing infected applications from >>>>>>> launching >>>>>>> * It's not particularly sophisticated >>>>>>> >>>>>>> "Here's what it does if a user double-clicks on the file, or >>>>>>> otherwise >>>>>>> executes it: >>>>>>> >>>>>>> 1. It copies itself to /tmp as "latestpics" >>>>>>> 2. It recreates its resource fork in /tmp (with the custom icon >>>>>>> in >>>>>>> it) >>>>>>> from an internally stored gzip'd copy, then sets custom icon bit >>>>>>> for >>>>>>> the new >>>>>>> file in /tmp >>>>>>> 3. It then tar + gzips itself so a pristine copy of itself in >>>>>>> .tgz >>>>>>> format >>>>>>> is left in /tmp >>>>>>> 4. It renames itself from "latestpics.tar.gz" to >>>>>>> "latestpics.tgz" >>>>>>> then >>>>>>> deletes the copied "latestpics" executable from /tmp (This gives >>>>>>> it >>>>>>> a >>>>>>> pristine copy of itself, for later transmission) >>>>>>> 5. It extracts an Input Manager called "apphook.bundle" that is >>>>>>> embedded >>>>>>> in the macho executable, and copies it to /tmp >>>>>>> 6. If your uid = 0 (you're root), it creates >>>>>>> /Library/InputManagers/ , >>>>>>> deletes any existing "apphook" bundle in that folder, and copies >>>>>>> "apphook" >>>>>>> from /tmp to that folder; If your uid != 0 (you're not root), it >>>>>>> creates >>>>>>> ~/Library/InputManagers/ , deletes any existing "apphook" bundle >>>>>>> in >>>>>>> that >>>>>>> folder, and copies "apphook" from /tmp to that folder >>>>>>> 7. When any application is launched, Mac OS X loads the newly >>>>>>> installed >>>>>>> "apphook" Input Manager automatically into its address space (This >>>>>>> allows it >>>>>>> to have the code in the "apphook.bundle" injected into any >>>>>>> subsequently >>>>>>> launched application via the InputManager mechanism) >>>>>>> 8. When an application is subsequently launched, the >>>>>>> "apphook.bundle" >>>>>>> Input Manager then appears to try to send the pristine >>>>>>> "latestpics.tgz" file >>>>>>> in /tmp to people on your buddy list via iChat (who will then >>>>>>> presumably >>>>>>> download the file, double-click on it, and the cycle repeats) (It >>>>>>> looks like >>>>>>> the author intended to get it to send the "latestpics.tgz" file >>>>>>> out >>>>>>> via >>>>>>> eMail as well, but never got around to writing that code) -- This >>>>>>> lets >>>>>>> it >>>>>>> send itself to people on your buddy list via iChat; this appears >>>>>>> to >>>>>>> be >>>>>>> the >>>>>>> only way it self-propagates externally >>>>>>> 9. It then uses Spotlight to find the 4 most recently used >>>>>>> applications >>>>>>> on your machine that are not owned by root >>>>>>> 10. In an apparent "Charlie and the Chocolate Factory" >>>>>>> reference, >>>>>>> it >>>>>>> then >>>>>>> checks to see if the xattr 'oompa' of the application executable >>>>>>> is >>>>>>>> >>>>>>> 0... >>>>>>> if so, it bails out, to prevent it from re-infecting an already >>>>>>> infected >>>>>>> application >>>>>>> 11. If not, it sets the xattr 'oompa' of the application >>>>>>> executable >>>>>>> to be >>>>>>> 'loompa' (this does nothing, it is just a marker that it has >>>>>>> infected >>>>>>> this >>>>>>> app) >>>>>>> 12. It then copies the application executable to its own >>>>>>> resource >>>>>>> fork, >>>>>>> and replaces the executable with itself -- It has thus effectively >>>>>>> injected >>>>>>> its code in the host application >>>>>>> 13. When an application is launched from then on, the trojan >>>>>>> code >>>>>>> is >>>>>>> executed, and it tries to re-infect and re-propagate every time >>>>>>> that >>>>>>> application is launched >>>>>>> 14. It then does an execv on the resource fork of the >>>>>>> executable, >>>>>>> which is >>>>>>> the original application, so the application launches as it >>>>>>> normally >>>>>>> would >>>>>>> (in theory... see below) >>>>>>> >>>>>>> [...] >>>>>>> >>>>>>> "In the end, it doesn't appear to actually do anything other than >>>>>>> try >>>>>>> to >>>>>>> propagate itself via iChat, and unintentionally prevent infected >>>>>>> applications from running >>>>>>> >>>>>>> "It seems that this is more of a 'proof of concept' implementation >>>>>>> that >>>>>>> could be utilized to actually do something in the future, >>>>>>> depending >>>>>>> on >>>>>>> how >>>>>>> successful it is, or it was simply done to garner attention/press. >>>>>>> Which I'm >>>>>>> sure it'll get. >>>>>>> >>>>>>> As noted by Andrew, this particular piece of malware requires >>>>>>> user-initiated >>>>>>> action to run, and also requires the user to enter an >>>>>>> administrator >>>>>>> password >>>>>>> (if you are logged in as a non-admin user) -- something that >>>>>>> should >>>>>>> never be >>>>>>> required for opening a .jpg file. Its effects also seem to be >>>>>>> innocuous." >>>>>>> >>>>>>> -Mart >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- The WA Macintosh User Group Mailing List -- >>>>>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>>>>>> Guidelines - >>>>>>> <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>>>>>> Unsubscribe - <mailto:[EMAIL PROTECTED]> >>>>>>> >>>>>>> WAMUG is powered by Stalker CommuniGatePro >>>>>> >>>>>> >>>>>> -- The WA Macintosh User Group Mailing List -- >>>>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>>>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>>>>> Unsubscribe - <mailto:[EMAIL PROTECTED]> >>>>>> >>>>>> WAMUG is powered by Stalker CommuniGatePro >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- The WA Macintosh User Group Mailing List -- >>>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>>>> Unsubscribe - <mailto:[EMAIL PROTECTED]> >>>>> >>>>> WAMUG is powered by Stalker CommuniGatePro >>>>> >>>>> >>>> >>>> >>>> >>>> -- The WA Macintosh User Group Mailing List -- >>>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>>> Unsubscribe - <mailto:[EMAIL PROTECTED]> >>>> >>>> WAMUG is powered by Stalker CommuniGatePro >>> >>> >>> -- The WA Macintosh User Group Mailing List -- >>> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >>> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >>> Unsubscribe - <mailto:[EMAIL PROTECTED]> >>> >>> WAMUG is powered by Stalker CommuniGatePro >>> >>> >> >> >> >> -- The WA Macintosh User Group Mailing List -- >> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >> Unsubscribe - <mailto:[EMAIL PROTECTED]> >> >> WAMUG is powered by Stalker CommuniGatePro > > > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Unsubscribe - <mailto:[EMAIL PROTECTED]> > > WAMUG is powered by Stalker CommuniGatePro > >
