The latest virus alert, with an editorial comment by my wife when I forwarded it home.
Craig Begin forwarded message: Date: Thu, 2 Feb 2006 10:48:36 -0700 Subject: Fw: Re: Fw: Fwd: Computer Worm Scheduled To Activate February 3rd Hi, Hubby: I am SO glad we don't use Windows! What a disaster this will be. Should we forward this to people or what? I assume that wouldn't be good, but figured I'd ask anyway. I know Bob & Janice use Windows. On Wed, 1 Feb 2006 09:57:44 -0700 Craig McCluskey wrote: > Subject: Fwd: Computer Worm Scheduled To Activate February 3rd > > > >The worm identified in the message below is scheduled to activate > >February 3rd. Please make sure your virus definitions are up to date, > >and perform a full virus scan of your system today. As always, do not > >open attachments you are not expecting. > > > >>== Message from CCN-5 CSIRT (Computer Security Incident Response > >>Team) == > >> > >>Please alert all appropriate LANL computer users: > >> > >>The "blackmal" worm, aka "nyxem.e" or "kama sutra" worm, spreads > >>primarily through email as an excutable attachment. It also > >>attempts to spread through open shares. It has infected more than > >>700,000 Windows computers on the Internet, according to some > >>estimates. Infections have been verified on several LANL computer > >>systems. > >> > >>Blackmal has a dangerous payload that executes on the 3rd of each > >>month. It deletes data files and disables security software. > >> > >>There is disagreement in the security community as to the extent of > >>the threat posed by this worm. Some are hyping it the most > >>dangerous malicious code infection of 2006. Others question the > >>validity of the estimate of machines infected. It has generated > >>concern because of its destructive qualities, and because it is > >>set to execute and delete data and spread this Friday, February > >>3rd. > >> > >>The LANL Computer Security Incident Response Team (CSIRT) > >recommends that Windows users download the latest antivirus > >>definition files and run a full system scan. It should be noted > >>that while most computer systems have up-to-date definition > >>files, not all systems are configured to run full scans on a > >>routine basis. This should be completed prior to February 3rd. > >> > >>As a general best practice, computers should be backed up by an > >>automatic system such as the CCN-7 managed Tivoli Storage Manager. > > > >>The CSIRT recommends that users manually backup their data before > >>February 3rd if they do not have automated backup configured for > >>their computer systems. > >> > >>If there are difficulties operating an antivirus application, users > >>should contact their system administrator. This may be an indicator > >>of infection. > >> > >>If you have questions or concerns, or believe a system has been > >>contaminated with blackmal, please contact the CSIRT. > >> > >>Thank you, > >> > >>Computer Security Incident Response Team
