Roy, thanks for the details - we are actually covered and it wasn't an HTML email this time either. We were in the middle of updating the dat files when we got hit. Investigations (aka witch hunt ??) has found this total stupidity :
consultant from sister company opens email from a friend on his lap top. Sees fancy new screen saver, and opens it (oops !) Suddenly realises what happened and puuls the network cable out PDQ. (So far so good - did the right thing, apart from opening the attachment, but ...) Hibernates laptop and goes home - without mentioning the infection to anyone. Nothing has hit our network yet. Now for the gross stupidity, and the bit that will have his b*ll*x in a sling very soon (if not already) .... Consultant goes to customer site (financial institution no less) and uses laptop there - luckily (?) he does not connect to their network. Comes back to office, and reconnects to network - all queued emails blast out and swamp the system. As we are connected to three sites, all three gat a serious infection which needed our NT bods to clean it up - took until after midnight but damage done when a customer's AV software cauld the emails coming in from us. We are now in 'consultation' with said customer who is quite willing to stop any emails from us until further notice. This is 'a bad thing' for our business. Consultant is being seriously disciplimed, and may be dismissed. The problem is, and the worst thing, we are fastidious about our AV protection and didn't even catch 'I love you' when it was doing the rounds. A bad day indeed for us. However, we are now protected again, BUT .... yesterday we had what appeared to be another outbreak of exactly the same virus. Major panic ! Turns out that some other person, just back in the office with his/her laptop, was sending the virus out, but wasn't sending the real virus, just an empty (zero bytes) file called goner.scr - and Microshaft's software in Exchange Server didn't pass the details over to the AV software because the file was zero bytes and therfore not a threat. Of course, a customer got it as well and saw the attachemnt name, made the same conclusion that we did (ie, we are infected again) and that we didn't clean up properly the first time and so we are now being ostrich sized by that customer as well. All in all, we now look like a total bunch of useless prats - not good for a business. I was ok, I work with Unix and didn't have a single occurance :o) Norman. PS. About the only attachments that will get through now are .txt and .zip - and if the .zip holds an infected file, it gets quarantined UFN. ------------------------------------- Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com ------------------------------------- -----Original Message----- From: Roy Wood [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 06, 2001 12:25 AM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus Alert >> This is all part of the stupid idea of having HTML based emails. They >> bloat the transmitted code up and provide convenient vehicles for nasty >> bits of code. This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.