Virus much worse than Melissa

Dag_Forssell3 · May 4, 2000, 6:52pm

[From Dag Forssell (000504 11.45)]

A new virus is spreading like wildfire by commandeering the address book in
the Microsoft Office program Outlook to send itself to the first 300
addresses located there. 30 percent of e-mail systems in Britain, 80
percent in Sweden have crashed. Systems are now crashing all over the U.S.

I have helped a friend recover this morning by reinstalling his Eudora. He
thought he had lost four years of business correspondence. A mighty error
signal was reduced to zero in the end.

I have received the virus myself, but trashed it and erased the trash.

My copy was From: APP, Subject: ILOVEYOU.

One of the many places you can read all about it is at www.sfgate.com.

BTW, I checked my attachment file. There was no attachment. The virus is in
the e-mail itself. You become a victim by opening it to read it.

Best, Dag

Forssell Translation Team
Christine and Dag Forssell
team@forsselltrans.com, www.forsselltrans.com
23903 Via Flamenco, Valencia CA 91355-2808 USA
Tel: +1 661 254 1195 Fax: +1 661 254 7956

Bill_Powers1 · May 4, 2000, 8:47pm

[From Bill Powers (2000.05.04.1413 MDT)]

Dag Forssell (000504 11.45)--

A new virus is spreading like wildfire by commandeering the address book in
the Microsoft Office program Outlook to send itself to the first 300
addresses located there. 30 percent of e-mail systems in Britain, 80
percent in Sweden have crashed. Systems are now crashing all over the U.S.

I have helped a friend recover this morning by reinstalling his Eudora. He
thought he had lost four years of business correspondence. A mighty error
signal was reduced to zero in the end.

I have received the virus myself, but trashed it and erased the trash.

My copy was From: APP, Subject: ILOVEYOU.

Thanks for the alert. Wonder if this has anything to do with the mysterious
3.7M zipped attachment I received (and remarked about) a few days ago. I
looked at it with PKZip for Windows, and saw what seemed to be a
self-starting or self-installing program -- a batch file containing
something like

open = <filename>.

Needless to say, I trashed it.

I don't run any of Microsoft's interlocked programs like Outlook. Just
Word, standalone. My Eudora automatically decodes attachments, but I don't
think there's any way they can run themselves without the user telling them
to, or opening them with some other program like Word. Just reading a
Eudora message can't infect the system, as far as I know. Do you have
information to the contrary?

I delete all attachments I can't account for and all messages that look
like ads, as well as all messages that aren't recognizable as coming from
someone involved with PCT (or from someone I know otherwise). So far no
problems.

Does anyone know how to turn off the automatic invokation of Internet
Explorer? I use Netscape and would just as soon use it exclusively -- my
bookmarks are all in Netwcape, for one thing. For another, I don't know
what kind of hooks to other programs get installed when you use IE. I
really hate not knowing what's going on in my own computer.

BTW, I checked my attachment file. There was no attachment. The virus is in
the e-mail itself. You become a victim by opening it to read it.

I hope you're referring to Outlook. I've been assuming that reading an
email file can't start any programs from Eudora.

Best,

Bill P.

Norman_T_Hovda1 · May 4, 2000, 11:15pm

[From Norman Hovda (2000.05.04.1615 MST)]

[From Bill Powers (2000.05.04.1413 MDT)]

I hope you're referring to Outlook. I've been assuming that reading an
email file can't start any programs from Eudora.

Bill, you may want to "UN-check" the following... (from the Tucson
Computer Society listserv.)

Fortunately, some e-mail products, like Eudora, can be told to forgo
implementing the HTML-invoked JavaScript-driven executables

embedded in

the message. Outlook users are more vulnerable since that product is
more dependent on the executable content to, for example, update the
Outlook calendar to schedule a meeting requested via an
Outlook-generated e-mail.

For those Eudora users who weren't around when we covered this

before,

click Tools/Options/Viewing Mail/ and then UN-check "Allow
executables in HTML content".

Best,
nth

Bill_Powers1 · May 5, 2000, 1:33am

[From Bill Powers (2000.05.04.1930 MDT)]

Norman Hovda (2000.05.04.1615 MST)--

For those Eudora users who weren't around when we covered this

before,

click Tools/Options/Viewing Mail/ and then UN-check "Allow
executables in HTML content".

That does sound nasty! Fortunately, I'm running Eudora Light 3.06, which
doesn't offer that option, so maybe I'm safe. Thanks for the info...

Best,

Bill P.