Help With Virus Worms

There's an eRumor circulating around the Internet saying that Pepsi will soon be coming out with some new patriotic-themed soft drink cans. Various versions of the rumor state that the cans include an image of the Empire State Building as well as the words to the Pledge of Allegiance. The Pledge, however, supposedly does not include the words "under God" so as not to offend anyone. Some eRumors refer to Dr Pepper as the producer of these new cans. Many of the e-mail versions also provide an 800 number to Dr Pepper as well as text encouraging people to send an e-mail of protest to the company.

The eRumors regarding both the supposedly new Pepsi can and the supposedly new Dr. Pepper can are HOAXES. Do NOT forward these eRumors on to your friends. If you receive the eRumor from a friend, advise them that the information is a HOAX.

The Details...

A link found on Pepsi's homepage (http://www.pepsi.com/) entitled "FALSE RUMOR ALERT: PATRIOTIC CANS," clarifies what they refer to as the "erroneous report that has been circulating around cyberspace for the past several months." The web page explains that Pepsi has not created any packaging which contains an edited version of the Pledge of Allegiance and that the patriotic packaging produced by Dr Pepper last year was inappropriately tied to this rumor. It then refers people to a link on the Dr Pepper website (http://www.dpsu.com/drpepper_can.html) for further explanation.

The Dr Pepper/Seven Up, Inc. web page referred to above explains that patriotic-themed packages were indeed produced for a short period beginning in February 2002 by Dr Pepper. (A picture of the packaging can be viewed on their web page.) The special can included an image of the Statue of Liberty and three words from the Pledge of of Allegiance, "One Nation...Indivisible." Dr Pepper further explains..."The special packaging was designed to reflect our pride in this country's determination to stand together as one. The Statue of Liberty and Pledge of Allegiance were chosen as two of the greatest symbols of American freedom. Only three words were used from the Pledge of Allegiance. Those three words were in concert with the patriotic mood of the nation."

Many people receiving and forwarding the eRumor believed that the entire Pledge had been quoted on the cans with only the words "under God" left out. However, only three of the thirty-one words from the Pledge of Allegiance were used.

See below an example of an actual New Pepsi Can HOAX being circulated around the Web:

Pepsi has a new patriotic can coming out with pictures of the Empire State Bldg. and the Pledge of Allegiance on them. But Pepsi forgot two little words on the pledge, "Under God." Pepsi said they did not want to offend anyone.

If this is true, then we do not want to offend anyone at the Pepsi corporate office. If we do not buy any Pepsi product then they will not receive any of our monies. Our money, after all, does have the words "Under God" on it.

Please pass this word to everyone you know. Tell your Sunday School classes and tell your ministers so that they can tell the whole congregation. Christians stand up and let your voices be heard. We want the words "under God" to be read by every person who buys a can.

Again, the "New Pepsi Can" and "Dr Pepper Can" e-mails floating around the Internet are HOAXES. Do NOT forward them to your friends.

There's been a recent resurgence in the circulation of an old e-mail hoax...only now it's been updated. For several years, there has been a rumor circulating via e-mail stating that the United States Congress was considering a five cent tax on e-mail. This is an E-MAIL HOAX.

Below is an example of the recent e-mail hoax circulating across the World Wide Web:

Postage went up at the end of June 2002 from 34 cents to 37 cents. This was a 9% to 12% rate increase.

But this isn't all. No more free E-mail! We knew this was coming - Bill 602P will permit the Federal Government to charge a 5-cent charge on every delivered E-mail.

Please read the following carefully if you intend to stay online and continue using E-mail. The last few months have revealed an alarming trend in the Government of the United States attempting to quietly push through legislation that will affect our use of the Internet.

Under proposed legislation, the US Postal Service will be attempting to bill E-mail users out of "alternative postage fees." Bill 602P will permit the Federal Government to charge a 5-cent surcharge on every e-mail delivered, by billing Internet Service Providers at source. The consumer would then be billed in turn by the ISP.

Washington DC lawyer Richard Stepp is working without pay to prevent this legislation from becoming law. The US Postal Service is claiming lost revenue, due to the proliferation of E-mail, is costing nearly $230,000,000 in revenue per year. You may have noticed their recent ad campaign: "There is nothing like a letter."

Since the average person received about 10 pieces of E-mail per day in 1998, the cost of the typical individual would be an additional 50 cents a day or over $180 per year -- above and beyond their regular Internet costs. Note that this would be money paid directly to the US Postal Service for a service they do not even provide. The whole point of the Internet is democracy and noninterference. You are already paying an exorbitant price for snail mail because of bureaucratic inefficiency.

It currently takes up to 6 days for a letter to be delivered from coast to coast. If the US Postal Service is allowed to tinker with E-mail it will mark the end of the "free" Internet in the United States. Congressional representative, Tony Schnell (R) has even suggested a "$20-$40 per month surcharge on all Internet service" above and beyond the government's proposed E-mail charges. Note that most of the major newspapers have ignored the story the only exception being the Washingtonian which called the idea of E-mail surcharge "a useful concept who's time has come" (March 6th, 1999 Editorial)

Do not sit by and watch your freedom erode away!

Send this E-mail to EVERYONE on your list, and tell all your friends and relatives to write their congressional representative and say "NO" to Bill 602P. It will only take a few moments of your time and could very well be instrumental in killing a bill we do not want.

PLEASE FORWARD!

If you receive the above e-mail from a friend, do NOT forward it. It is a HOAX. There is no Congressional bill called "Bill 602P." In fact, House of Representative Bills are prefaced with an "HR" and bills in the Senate are prefaced with an "S." There is no Washington, DC lawyer named Richard Stepp. There is no Congressman named Tony Schnell.

Again, the above is an E-MAIL HOAX. If you receive the above e-mail message, we encourage you NOT to forward it on to your friends.

The Jdbgmgr.exe File E-mail Virus Hoax was discovered a couple of months ago and continues to be forwarded by unsuspecting Internet users across the World Wide Web. If you receive an e-mail from a friend or relative which tells you to find and then delete the "Jdbgmgr.exe File" from your computer because it is (supposedly) a virus, IGNORE the warning and delete the e-mail message. The Jdbgmgr.exe e-mail message is a HOAX. There is NO virus called the "Jdbgmgr.exe Virus."

Here is how the E-Mail Virus Hoax works: You receive an e-mail from a friend telling you that you may have an e-mail virus called the "Jdbgmgr.exe Virus." The friend's e-mail encourages you to do a search on your computer for a file called "Jdbgmgr.exe" which has a "teddy bear icon" above it. If you find the teddy bear, the message says, then you have the virus. The message then goes on to explain how to delete the file from your computer. It also encourages you to forward the e-mail warning to everyone in your address book because if you found the Jdbgmgr.exe on your computer, then everyone in your address book has been infected by this virus as well.

Here is the hoax...Jdbgmgr.exe is a standard windows component that is found in every Windows installation. This file has a teddy bear next to it. If you run a Windows operating system, obviously you are going to find this file (and the associated teddy bear icon) because it is part of the system. (The file is used as a Java Debugger Manager by Microsoft.) When you delete this file from your computer, you are not deleting a virus, but rather a file from your operating system.

You may have already received this E-mail Hoax and deleted the Jdbgmgr.exe file from your computer. The good news is that the Jdbgmgr.exe is not a critical file within your operating system, so restoring the file is optional. Java applets may not run correctly without it, however. (See the "Ask The Help Desk" section below for a definition of Java applets.) To restore Jdbgmgr.exe to your system, you can go to this Microsoft support page for instructions: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993 Go to the "Recovery" section and complete the appropriate steps.

Word of Caution: The Jdbgmgr.exe file located on your computer's operating system, like any other file, can become infected by a virus. If you receive a Jdbgmgr.exe via e-mail as an attachment, the file may contain a virus. If, however, you find the Jdbgmgr.exe within your operating system when doing a search for it, it is probably a clean file. Do NOT delete it.

Do you have a friend that has recently complained about his or her printer suddenly printing out reams of gibberish? If so, there's a very good chance that your friend's computer has been infected by the recently discovered Bugbear Virus.

The Bugbear Virus continues to be one of the fastest spreading e-mail worms currently making its way across the Internet. The mass mailing computer virus is spread by unsuspecting e-mail recipients who open e-mail attachments they believe to be from their friends. The worm then goes to the recipient's inbox of Outlook or Outlook Express, grabs a file located on the recipient's computer (possibly a confidential one) and randomly e-mails this file along with a copy of the worm (so it actually sends two attachments with each e-mail) to people listed in the recipient's inbox. The worm also disguises the actual source of the e-mail by randomly selecting e-mail addresses from the inbox to be shown as the "sender" of the e-mail. So if a person receives this e-mail worm from a friend or relative, chances are the person it shows being sent from is probably not the person who actually sent it. Additionally, the worm can a) choose randomly from a list of preselected text to insert into the subject line of the message before it is sent, b) create a new message as a reply e-mail, or c) forward an existing e-mail message from the infected computer. All of this makes it pretty difficult for an e-mail recipient to identify an infected e-mail message prior to opening its attachment.

Bugbear also has a backdoor feature which allows the hacker to take control of the computer -- allowing the attacker to remotely perform tasks on the infected computer including the deletion of files, the copying of files and the termination of processes. In addition, the worm attempts to disable processes of firewall and anti-virus software programs.

The Bugbear Worm only infects Windows based operating systems that utilize Outlook or Outlook Express e-mail software. (The worm only infects PCs via an old flaw in unpatched versions of Microsoft Outlook and Outlook Express.) Macintosh, Unix and Linux operating systems as well as users of Netscape are not affected by this worm.

Note: Although Bugbear may also cause printers to spit out reams of printed code, the printers themselves are not actually infected.

Remember NOT to open an attachment, even from friends and relatives, unless you've first verified that they sent it to you. We also encourage our Internet customers to utilize anti-virus scanning software and to download updates frequently to lessen the possibility of computers being infected by e-mail viruses. As always, simply using caution and some common sense when opening e-mail attachments can be the best recourse in preventing the spread of e-mail worms and viruses.

You may have heard about the widespread e-mails recently circulating around the Internet that invite users to pick up an e-card from one of several websites including CoolDownloads.com, Friend-Greetings.com and FriendGreetings.com. These e-mail messages are personalized to the recipient from a friend (within both the subject line and the message) and the messages contain a link which direct the recipients to one of the aforementioned websites. Upon going to one of these linked sites, recipients are asked to install a software program onto their computer in order to grab their e-card. Just prior to the installation process, a couple of lengthy end-user license agreements (EULAs) are displayed. The second agreement states that the installation of the software gives the site permission to automatically send the same greeting the recipient received to everyone in the user's Outlook address book. Clicking "yes" to this agreement results in this very occurrence -- personalized messages being sent to the e-mail addresses listed in the address book of the person who downloaded the software. This software program can be installed only on Windows based computers. Mac, Unix and Linux users are not affected.

Technically, these "greeting e-mail messages" are not viruses or worms because they have no attachments. However, they can be nuisances because of the large amount of unsolicited e-mail messages they can generate. It also points to the importance of carefully reading EULAs prior to downloading software applications.

E-cards are a great way to spread some cheer to friends and family this holiday season but remember to use caution regarding the e-card website that you utilize to send your greetings. Also, never install software onto your computer before first carefully reading the site's EULA and privacy agreement, and scanning it for viruses.

You may have heard about or even seen the e-mail containing a photograph of a soldier being attacked by a leaping shark as the soldier attempts to climb a ladder which leads to the safety of a hovering military helicopter. The background of the photograph shows a section of the Golden Gate Bridge in San Francisco.

This photograph is a hoax. Here's a version of the text that has been included with the photograph:

AND YOU THINK YOU'RE HAVING A BAD DAY AT WORK!!

Although this looks like a picture taken from a Hollywood movie, it is in fact a real photo, taken near the South African coast during a military exercise by the British Navy.

It has been nominated by National Geographic as "THE photo of the year."

The photo is actually the digital manipulation of two photographs. The first photo is that of the soldier climbing the ladder of a U.S. Air Force HH-60G Pave Hawk helicopter as it hovers over the San Francisco Bay. The second photograph (the one with a shark jumping out of the water with its sharp teeth looking, well, very sharp) was taken by a photographer at False Bay, South Africa. The creator of this e-mail hoax digitally combined the two pictures and sent it out over the Web. The hoax claims that the photo was nominated by National Geographic as their "Photo of the Year." It wasn't. The hoax also claims the picture was taken off the coast of South Africa but we're not quite sure how the Golden Gate Bridge made it down to South Africa.

You may have come across web pages that have banners at the top or bottom of them that say something like "Your Computer Has A Virus" or "You May Have A Virus" or "Security Alert" or even a flashing "Your Computer Is Under Attack!" These banners, many times, are so official looking that it may cause you to think that somehow your browser has detected a virus on your computer and is providing you with a warning notice. This is not true.

Although not necessarily a hoax, banners located on web pages that say something like "You May Have A Virus" are actually banner ads. They are a marketing technique used by some advertisers to scare Internet users into clicking on the banners. Once the Web surfer clicks on the banner ad, he or she is usually sent to a website which attempts to sell the surfer some type of product or service.

We strongly believe that every Internet user should have some type of virus scanning software installed (and frequently updated) on their computer as a protective measure against viruses. Remember, however, that just because you see a flashing banner ad on a web page that says something like "We've Detected A Virus On Your Computer - Click Here," it is not a true indication of whether you actually have a computer virus infection.

There are a couple of variations of the "Poisonous Spiders Under Toilet Seats Hoax" that have been circulating around the Internet for some time. Here's an example of how one of the hoaxes begins:

"In an article by Dr. Beverly Clark, in the Journal of the United Medical Association (JUMA), the mystery behind a recent spate of deaths has been solved. If you haven't heard about it in the news, here is what happened.

Three women in Chicago turned up at hospitals over a five day period, all with the same symptoms. Fever, chills and vomiting followed by muscular collapse, paralysis and finally death. There were no outward signs of trauma. Autopsy results showed toxicity in the blood."

The e-mail hoax goes on to say that the women did not know each other and had nothing in common with one another other than visiting a restaurant called "Big Chappies" located at Blare Airport in Chicago within days of their deaths. The story details how the Civilian Aeronautics Board eventually discovered the source of the toxicity. It was supposedly from spider bites caused by South American Blush Spiders nesting under toilet seats of planes originating from South America. The hoax e-mail concludes by warning the e-mail recipients that the spiders could now be anywhere but they especially like to nest in cold, dark, damp places -- like under toilet rims. The hoax encourages people to lift up and inspect toilet seats before using a restroom facility and to forward the e-mail warning to everyone they know.

Of course, the entire "South American Blush Spider" e-mail warning is a hoax. There is no publication called the "Journal of the United Medical Association." There is no "Big Chappies" restaurant nor a "Blare Airport" in Chicago. There is also no such organization called the "Civilian Aeronautics Board" in the United States. The e-mail also contains the biggest tip that this message is a hoax when it encourages recipients to "forward the message to everyone they know." If you receive an e-mail from someone and in the message it encourages you to send the message to everyone you know, you can be pretty certain that the message is an e-mail hoax. Resist the temptation of forwarding the message to your friends.

A more recent twist to this hoax began circulating during the fall of 2002. It claims that three women, all of whom recently visited an Olive Garden restaurant in northern Florida, died from spider bites. This time the Civilian Aeronautics Board discovered that the bites were inflicted by Two-Striped Telamonia Spiders that arrived in the U.S. via airplanes originating from India. The spiders, as the story goes, like to "nest in cold, dark, damp places" -- like under toilet rims. Sound familiar? This revised spider story is also an e-mail hoax.

In late September of 2001, the "WTC Survivor E-mail Virus Hoax" began making its way around the Internet. The e-mail message warned people not to open any e-mail messages that contained the words "WTC Survivor" in the subject line. ("WTC" is short for World Trade Center.) The unlucky person who did so would see their entire "C" drive erased off their computer. This e-mail warning was nothing more than an e-mail hoax. There was no truth to it.

Now there is an updated version of the "WTC Survivor" hoax that has been making its way around the Internet in recent weeks. The increase in its circulation in the last few weeks is probably due to the heightened concern about the recent Middle East situation.

Following is the actual text of one version of the updated "World Trade Center - 911 E-mail Hoax" that you may have already received or may soon receive via e-mail:

During the next several weeks, be VERY cautious about opening or launching any e-mails that refer to the World Trade Center or 9/11 in any way, regardless of who sent it. PLEASE FORWARD TO ALL YOUR FRIENDS AND FAMILY. FOR THOSE WHO DON'T KNOW, "WTC" STANDS FOR THE WORLD TRADE CENTER. REALLY DANGEROUS BECAUSE PEOPLE WILL OPEN IT RIGHT AWAY, THINKING ITS A STORY RELATING TO 9/11!

BIGGGG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-mail from a familiar person. I repeat, a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer!

Forward this to everyone in your address book. I would rather receive this 25 times than not at all. So, if you receive an email called "WTC Survivor", do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer.

If you receive this e-mail message, do NOT forward it to your friends. This is an e-mail virus hoax.

One of the identifying traits of an e-mail worm is that it reproduces or "replicates" itself independent of any human activity or aid. A virus, on the other hand, requires human assistance to be passed along by e-mail or file sharing, etc. Some worms replicate by going into an infected computer's e-mail address book and sending messages (with a copy of the worm attached) to the contacts listed in that address book. Some worms will try to cover their tracks by listing someone from the infected computer's address book as the sender rather than the actual owner of the infected computer. So what's the big deal? Worms rob computers of processing power. They also rob users and Internet Service Providers of Internet bandwidth by sending themselves out via e-mail. They can also damage or corrupt essential system files potentially wreaking e-havoc either by accident or by the malicious intent of the person who created the worm. In short, they waste time and resources.

Here's an example of how an e-mail worm works: Person A sends an e-mail worm to Person B. Person B's computer becomes infected. The worm copies and sends itself to Person C's computer (who was listed in Person B's address book) but shows the sender as Person D (who was also listed in Person B's address book). Therefore, Person C believes Person D sent the e-mail worm when it was actually from Person B's infected computer. Person D's only involvement was having his/her e-mail address listed within Person B's address book.

So, if you get an e-mail message sent to you from a friend, business associate or family member that contains an attached worm, don't automatically assume it was the sender that actually sent the worm to you. Rather, it may very well have been someone else whose computer was infected and e-mailed you the message.

Additionally, if you get an e-mail from a friend who tells you that you've sent him/her a message containing a worm, this may not necessarily be the case. Rather, a mutual friend may have sent the worm to your friend but the message showed you as the sender because you were listed in the mutual friend's infected address book.

In closing, be sure to update your computer's virus filtering software on a regular basis for optimum protection against e-mail worm and virus attacks.

The "W32.Sobig.B@mm" mass mailing e-mail worm discovered last month is another example of why we encourage our Internet users to install virus scanning software on their computers and to frequently update this security software.

The "W32.Sobig.B@mm" was a mass-mailing worm that sent itself as an attachment to all e-mail addresses found within infected computers. The person who created this worm luckily programmed the worm to de-activate on May 30, 2003. The reason this worm spread very quickly across the Web last month was because the address shown as the sender of these messages was "support@microsoft.com." Recipients, believing the e-mail was from the Microsoft Support Center, would open up the attachment, thereby infecting their computer and sending the worm to everyone in their address book.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. Also, the ultimate responsibility in protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks and networks, as well as when downloading software. We encourage each of our users to install and utilize virus-scanning software, to update this software on a regular basis and to scan all incoming attachments before opening them, even if the attachment shows coming from a reliable source.

It's that time of the year for the infamous "Sunscreen Causes Blindness" e-mail hoax to begin circulating throughout the Web. This e-mail hoax has been around since 1999 but seems to resurface most fervently each summer.

The parent of a 2-year-old child supposedly writes the e-mail. The parent describes how he/she recently applied waterproof sunscreen to Zack (the child) and that Zack somehow got some of it in his eyes. When the parent supposedly attempted to flush out Zack's eyes, the irritation and pain became much worse. When the parent called the poison control center, they told him/her to "RUSH Zack to the ER Now!" In one version, the text continues as follows: "I got him there and they rushed me back without a second to spare. They started flushing his eyes out with special medications. Anyway, I found out for the first time that MANY kids each year lose their sight to waterproof sunscreen. It burns the eye and they lose complete sight!"

This e-mail is a hoax. The Food and Drug Administration has jurisdiction over the formulation and labeling of sunscreen products. The FDA's website (http://www.fda.gov/) has an online database of information about sunscreens. However, it includes nothing about sunscreen lotions causing blindness in children. In fact, federal law would require either an appropriate warning label or the withdrawal of FDA approval until a product in question is safely reformulated.

Sunscreen products do contain chemicals that can irritate the eye and the label on sunscreen products typically states this fact. Parents are recommended to take reasonable precautions when applying sunscreen products to their children's hands and face. If a sunscreen lotion does cause eye irritation, Prevent Blindness America (see http://www.preventblindness.org) recommends that you flush the eye with water for fifteen minutes or until the irritation subsides. If the irritation continues, you are to seek medical attention.

If you receive the "Sunscreen Causes Blindness" e-mail sometime this summer, do not forward it to your friends. It is a hoax.

You have no doubt heard about the recent discovery of the new "Sobig" e-mail worm variant known as the "W32.Sobig.F@mm" worm. The mass-mailing effects of this worm have caused the slow-down of Internet connection speeds and network performances across the globe. In fact, this worm, which was first discovered on August 18, 2003, is said to be the fastest spreading e-mail worm ever on record!

"W32.Sobig.F@mm" is a mass-mailing worm that sends itself as an attachment to all e-mail addresses found within an infected machine. (The worm only infects Windows based systems - not Macintosh, Unix or Linux systems.) The worm has a "spoofing" feature that disguises the actual source of the e-mail by randomly selecting e-mail addresses from the infected computer's system to be shown as the "sender" of the e-mail. So, if a person receives this e-mail worm from a co-worker or relative, chances are the person it shows being sent from was probably not the person who actually sent it.

Additionally, once a recipient of the e-mail opens the infected attachment, the worm can download files onto the infected computer's system in order to steal confidential information from the infected computer, i.e. passwords, spreadsheets, etc. "W32.Sobig.F@mm" can also set-up spam relay servers on the infected computer from which to then remotely send large amounts of spam e-mails.

An e-mail message that contains the "W32.Sobig.F@mm" worm as an attachment will have one of the following text messages within its subject line:

Re: Details
Re: Your details
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Approved
Re: Wicked screensaver
Thank you!
Your details

The infected attachment will be either a .pif extension file or show as an .scr file. The body of the e-mail message says either "See the attached file for details" or "Please see the attached file for details."

Although the person who created this worm luckily programmed it to de-activate its mass-mailing functions on September 9, 2003, the worm is still programmed to continue its attempts to download files within the infected machine after this date. The infected computer can also still be used as a spam relay server from which to send spam e-mail messages.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. Also, the ultimate responsibility of protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks, CDs and networks, as well as when downloading software from the Internet. We encourage each of our users to install and utilize virus scanning software, to update this software on a regular basis and to scan all incoming attachments before opening them, even if the attachment shows coming from a reliable source.

Microsoft has inadvertently left openings or "holes" in many of its Windows-based computer operating systems, i.e. Windows 2000, Windows XP. Creators of viruses and worms have the ability to then exploit these vulnerabilities by creating "malware" (short for malicious software) to attack people's computers -- gaining access to users' operating systems through these holes.

The recent spread of the Blaster Worm was a wake-up call for everyone using a computer that utilizes a Windows operating system. Microsoft is aware of the problems these holes cause and has gone to great lengths to notify its customers of remedies -- even going so far as buying full-page ads in recent issues of the USA Today newspaper.

Microsoft encourages its customers (as do we) to go to http://www.microsoft.com/security/protect/ to learn more about how to protect your computer against future outbreaks of worms such as Blaster. The site provides information on:

Hardware and Software Firewalls
Suggestions are provided for older versions of Windows. Windows XP already has a firewall as part of its software. This site provides a tutorial on how to activate it.
Operating System and Security Updates
Microsoft no longer provides support for Windows 95, Windows 98, Windows 98 SE or Windows NT. (If you do not know what operating system your computer is using, the site provides a link to assist you in figuring this out.) Microsoft encourages you to upgrade your operating system to a current version of Windows XP. If you have a newer version of Windows, the site gives you step-by-step instructions on how to download recent security updates (patches).
Up-To-Date Antivirus Software
Although we've taken steps at our shop to help protect you from worms, viruses and spam, the ultimate responsibility remains with each individual user. Viruses and worms are not only spread via the Internet but also through computer networks, floppy disks, CDs, etc. Both Microsoft and we, your ISP, recommend that you install antivirus software onto each of your computers and that you download the most recent updates on a consistent basis. If you've ever been infected by a computer virus or worm, you know it's well worth the investment.

We're here to assist you in making your Internet experience both enriching and fun. We encourage you to simply take a few safety measures on a regular basis so that you'll be able to continue to utilize and enjoy the Internet.

You may have heard about the recent spread of both the W32/Swen@MM E-mail Worm/Trojan Horse and the W32.Dumaru@mm E-mail Worm/Trojan Horse that have been making their way around the Web. That's right. Not only are they worms (they replicate themselves and send copies of themselves to other computers), but they are also Trojan horses. A Trojan horse is a malicious program that pretends to be a benign application but then does something the user does not expect. Here's how they work.

Computers are infected by either the W32/Swen@MM Worm/Trojan Horse or the W32.Dumaru@mm Worm/Trojan Horse when users open an accompanying attachment of an "official looking" e-mail supposedly from Microsoft. The subject of the e-mail usually says something like "Latest Microsoft Critical Patch," "Use This Patch Immediately!" or "New Microsoft Upgrade." The text of the e-mail encourages the recipient to open the attachment to apply a security patch for their Windows operating system. (That's the Trojan horse part of this malicious e-mail.) However, when the attachment is opened, the worm replicates itself on the infected computer, harvests e-mail addresses from the victim's machine and then automatically sends itself to e-mail addresses that it has found on the machine.

If a friend forwards an e-mail to you (or the e-mail appears to come directly from Microsoft) which discusses a patch remedy and has an accompanying attachment, do NOT open the attachment. Microsoft NEVER includes attachments with its e-mail security bulletins. Instead, Microsoft provides security bulletins on its website which then include steps to install security updates. (For a list of Microsoft's latest security bulletins, go to: http://www.microsoft.com/security/security_bulletins/.)

For more information on how to determine whether a Microsoft security-related e-mail message is genuine, go to: http://www.microsoft.com/security/antivirus/authenticate_mail.asp.

For additional information on how to protect your computer against viruses and worms, Microsoft encourages its customers (as do we) to go to http://www.microsoft.com/security/protect/. This is especially important in protecting yourself from the W32/Swen@MM E-mail Worm/Trojan Horse as this worm also has the ability to infect machines when a recipient simply views the e-mail message via the preview pane — without even opening the accompanying attachment!

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean that they were the actual senders of the message and attachment. Also, the ultimate responsibility of protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks, CDs and networks, as well as when downloading software from the Internet. We encourage each of our users to install and utilize virus-scanning software, to update this software on a regular basis and to scan all incoming attachments before opening them, even if the attachment shows coming from a reliable source.

There are a couple of different versions of a "PayPal E-mail Scam" circulating around the Internet. (PayPal is an eBay owned company. It provides a method for any individual or business with an e-mail account to securely transfer funds to each other -- most notably when making purchases at eBay's online auction site.) Both PayPal e-mail scams fraudulently show PayPal as the sender of the e-mail messages.

In one version of the scam, the message within the fraudulent e-mail states that the recipient's PayPal account is going to close in five days if the recipient does not respond immediately. It urges the recipient to update his/her credit card information through an attached "secure application." When opening the attachment, a window (which includes a PayPal logo) appears and asks for credit card data and other financial information including the recipient's social security number, account password, bank account and PIN numbers, etc. Instead of going to PayPal, however, this information is sent to the scammers who then use the data for illegal activities.

In the other version of the scam, the e-mail message says that PayPal is doing routine online verification of information for security reasons and asks the recipient to click on a link to update the information. Again, the information goes to the scammers rather than PayPal.

For more information about this e-mail scam, details on how to protect yourself from the PayPal E-mail Scam or steps to take if you feel that you've been a victim of this e-mail scam, go to: http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/email-security-outside.

You may have heard about the recent outbreak of the M32/Mydoom@MM Worm (a.k.a. W32.Novarg.A@mm Worm). This mass-mailing e-mail worm, discovered late last month (1.26.04), is another example of why we encourage our Internet users to install virus scanning software on their computers and to frequently update this security software.

The 32/Mydoom@MM Worm is a mass-mailing worm that sends itself as an e-mail attachment to all e-mail addresses found within an infected computer. Many times these infected e-mail messages appear as spoofed "return" or "bounce-back" e-mails. The recipient believes he/she has received a bounced back e-mail message, opens the e-mail and then opens the accompanying attachment. The recipient's machine is then infected, which causes replicated e-mails to automatically be mass-mailed to the e-mail addresses found on the recipient's computer. Although the subject line, text within the message, and the sender's address can vary greatly (making detection more difficult), the subject line will commonly say something like "Returned mail:see transcription for details" or "Mail Transaction Failed." The sender of the e-mail message may show as coming from "Mail Delivery Subsystem" (but this also varies). The text within the message itself may read something like this: "The message contains Unicode characters and has been sent as a binary attachment."

The 32/Mydoom@MM / W32.Novarg.A@mm Worm also includes a "backdoor" feature which opens ports on the infected machine and potentially allows hackers to have remote access to the computer. Although the creator of this worm programmed the worm to stop self-replicating and mass-mailing on February 12, 2004, (thank you), hacker vulnerability of infected computers continues beyond this date.

The 32/Mydoom@MM / W32.Novarg.A@mm Worm only infects Windows-based operating systems (not Macintosh, Linux or UNIX systems) and also appears to ignore e-mail addresses ending in "edu," "mil," and "gov."

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. Also, the ultimate responsibility in protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks and networks, as well as when downloading software. We encourage each of our users to install and utilize virus-scanning software, to update this software on a regular basis, and to scan all incoming attachments before opening them, even if the attachment shows coming from a reliable source.

The most recent worm to cause a major stir around the Internet is the "32.Netsky.B@mm Worm" which was first discovered on February 18, 2004. The 32.Netsky.B@mm Worm is a mass-mailing worm that sends itself as an attachment to e-mail addresses found within an infected machine. (The worm only infects Windows-based systems – not Macintosh, Unix or Linux systems.) Once launched on the infected computer, an error dialog box appears that states that "The file could not be opened!" The worm also copies itself onto computer subdirectories that contain "share" or "sharing" in the directory name. This could allow copies of the worm to be spread through Instant Messaging clients, file-sharing networks, or via any folders that contain the words "share" or "sharing."

Like most worms circulating around the Web, the 32.Netsky.B@mm Worm has a "spoofing" feature that disguises the actual source of the e-mail by randomly selecting e-mail addresses from the infected computer's system to be shown as the "sender" of the e-mail. So, if a person receives this e-mail worm from a co-worker or relative, chances are the person it shows being sent from was probably not the person who actually sent it.

An e-mail message that contains the 32.Netsky.B@mm Worm as an attachment will have one of the following text messages within its subject line:

hi
HI
hello
read it immediately
something for you
warning
information
stolen
fake
unknown

The message body will randomly contain any one of about four dozen short phrases. The attachment will also appear as one of dozens of randomly selected names.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. Also, the ultimate responsibility of protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks, CDs and networks, as well as when downloading software from the Internet. We encourage each of our users to install and utilize virus scanning software, to update this software on a regular basis, and to scan all incoming attachments before opening them, even if the attachment shows coming from a reliable source.

If you have an e-mail address, it is very likely that you've received a hoax message via e-mail. Promises of free Outback Steakhouse coupons, the assurance of $1,000 in prize money from Microsoft's Bill Gates, instructions for killing mosquitoes using Proctor and Gamble's Lemon Fresh Joy, warnings of an immediate and severe toilet paper shortage due to the destruction of a large toilet paper manufacturing plant located in California during last summer's forest and brush fires, ... and the list goes on. Many of the same e-mail hoaxes have been circulating around the Internet for years.

Some "creators" of e-mail hoax messages start these "eRumors" to harass people or companies. Others are written by spammers who gather the carbon copied e-mail addresses from forwarded e-mails they come across to then send new spam to or sell to fellow spammers. Most writers of e-mail hoaxes, however, do so simply to watch how quickly their "creations" spread. Sometimes hoaxes can spread across the globe literally overnight. It's easy to see how. If one e-mail hoax is forwarded to just ten friends and those friends forward the message to ten of their friends and so on, after only six forwarded messages in this fashion, the result is one million e-mail hoax recipients.

Not only can e-mail hoaxes be a nuisance to the recipients, the cumulative effect is a general slowing down of e-mail servers around the world. If specific companies are targeted, hoaxes can be public relations nightmares for those entities. E-mail hoaxes not only waste people's time, but they can scare recipients into taking incorrect or even harmful actions.

So what to do? One of the best methods of finding out whether or not an e-mail message is a hoax (when the message refers to a product or company) is to first go to the website of the company or institution mentioned within the message. For example, when an e-mail began circulating in August of 2003 espousing the benefits of the new "Mayo Clinic Grapefruit Diet," Rochester, Minnesota's Mayo Clinic immediately posted a link on its website telling people that the information was false. (See http://www.mayoclinic.com/invoke.cfm?objectid=8E199485-EB00-418B-B6BF8BED83C675E7.) The same is true regarding the "Four Free Cases of Coke" e-mail hoax that has made its rounds throughout the World Wide Web more than once. The Coca-Cola Company immediately posted information on its site (http://www2.coca-cola.com/contactus/faq/promotions.html) about the hoax and asked people to disregard the hoax. If you are unsure of the company's website, type the name of the company into most any search engine, i.e. Google, and the company's site will no doubt be listed. In fact, the first website on the resulting search list will most likely be the company's "official" website. You can be assured that if you have received an e-mail hoax that hundreds, if not thousands, of others have also received the same hoax message and the matter will be addressed somewhere on the targeted company's website.

There are also some websites that are dedicated to alerting Internet users of hoaxes circulating around the Web. These sites include search tools to research archived hoaxes by name or subject. Hoax information sites to bookmark in the Favorites list of your browser include:

http://truthorfiction.com/
http://vmyths.com/
http://urbanlegends.com/ulz/

In short, the next time you receive an e-mail message that you believe to be a hoax, do some quick research before forwarding the message on to family and friends. If you receive an e-mail message that was forwarded to you from a friend and you've confirmed the message to be a hoax, let your friend down gently when telling him/her not to be expecting $1,000 from Bill Gates anytime soon.

You may have heard about the recent outbreak and subsequent spread of an e-mail worm that appears to be sent by the recipient's ISP (Internet Service Provider). The name of this worm is "Beagle" but it has multiple variants which work in a similar manner.

In addition, the Beagle worm is a type of "Trojan horse." A Trojan horse worm contains a message that promises one thing but actually does something else. Here's how the Beagle worm works:

The e-mailed Beagle worm shows-up in a user's inbox. Although the sender of the e-mail containing the worm was actually an infected computer, the sender's e-mail address is spoofed to show it as coming from the recipient's ISP, not the actual sender. One of the following words are utilized within the arriving e-mail address:
◊administration
◊ management
◊ no reply
◊ staff
◊ support

The Subject Line randomly shows one of over thirty messages. Common verbiage includes:
◊Warning about your e-mail account
◊ E-mail technical support message
◊ Notify about using the e-mail account
◊ E-mail account utilization warning

The text of the e-mail message varies on a random basis as well. A few common lines include:
◊ Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
Please, read the attached for further details.
In order to read the attached, you have to use the following password: 56538.
◊ Our anti-virus software has detected a large amount of viruses outgoing from your e-mail account. You may use our free anti-virus tool to clean-up your computer software.
For further details see the attached.
Attached file is protected with the password for security reasons. Password is 1601.
◊ We warn you about some attacks on your e-mail account. Your computer may contain viruses. In order to keep your computer and e-mail account safe, please follow the instructions.
Please, read the attached for further details.
For security purposes, the attached file is password protected. Password is "81235".

The messages are spread when the user opens the accompanying attachment (usually an ".exe" file). The worm infects the recipient's computer, grabs the e-mail addresses from his/her address book and then sends the worm to these addresses. The "from" addresses are spoofed to show the sender as the recipient's ISP, not the e-mail address of the infected computer. Needless to say, it's a very clever trick and lots of people around the globe have fallen for it.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. Also, the ultimate responsibility of protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks, CDs and networks, as well as when downloading software from the Internet. We encourage each of our users to install and utilize virus scanning software, to update this software on a regular basis, and to scan all incoming e-mail attachments before opening them, even if the attachment shows coming from a reliable source - - like your own Internet Service Provider!

In November 2003, Microsoft Corp. launched an Anti-virus Reward Program, (initially funding it with five million dollars) to be used as bounty money for people who offered information leading to the arrest and conviction of creators of e-mail viruses and worms. Well, apparently money talks.

Last month, informants tipped off Microsoft officials in Germany with the name of the author of the Sasser worm. Microsoft Corp. then worked with the U.S. Federal Bureau of Investigations, the U.S. Secret Service and German officials. The end result? Less than a week after the release of the Sasser worm, German authorities arrested an eighteen-year-old high school student suspect, named Sven Jaschan, who lives at home with his parents near the small German hamlet of Rotenburg. (Not surprisingly, he was sitting at his computer at the time of the arrest.) Jaschan confessed to German officials that he did in fact create the Sasser worm along with its four variants. Investigators said Jaschan's confiscated computer contained source code from the Sasser worm.

Additionally, authorities believe Jaschan to also be the author of the Netsky worm (and its 28 variants) which was released in February 2004. One of the latest Netsky variants stated in its source code, in part, "Hey AV (anti-virus) firms, do you know that we have programmed the Sasser virus?!? Yeah, that's true ..."

Jaschan is being investigated on suspicion of computer sabotage, which carries a maximum sentence of five years in prison.

The Sasser worm attacks Windows 2000 and Windows XP machines through the port vulnerability discussed in Microsoft's Security Bulletin it posted on its website back on April 13, 2004. If you run either Windows 2000 or Windows XP on your computer and have yet to download this free security patch, do so immediately at:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Symptoms of an infection include the continual crashing and rebooting of your computer system. If you believe that the Sasser worm has already infected your computer, go to the following Microsoft web page for assistance:
http://www.microsoft.com/security/incident/sasser.asp

A note of irony -- The mother of the eighteen-year-old high school student suspect runs a computer store in the small town of Waffensen, Germany. No doubt he was sent to bed early without supper.

Windows XP Service Pack 2 - Update Information And Precautions
In last month's eNewsletter, we discussed the release of Microsoft Corp.'s Windows XP Service Pack 2 -- better known as SP2. Microsoft's purpose for this free security software is to make users of Windows XP safer from cyberattacks. The plan is to release the software update gradually to Windows XP users across the globe over a several month time period.

Microsoft has since added some new helpful resources for XP users who plan to download or have already downloaded SP2 from the Microsoft website. (Note that Windows XP Service Pack 2 is still a work-in-progress. Download the early version of SP2 at your own risk.)

Helpful Windows XP SP2 Resources:

Microsoft's SP2 Support Center - Microsoft has developed an online Support Center for Windows XP users who have already or who are considering downloading SP2. Use this link to reach the Support Center: http://support.microsoft.com/default.aspx?pr=windowsxpsp2

What Happens If Your Computer Won't Start After Installing SP2? - Apparently this happens. Uh oh! Microsoft provides information to assist users when this occurs. Go to: http://support.microsoft.com/default.aspx?kbid=875355&product=windowsxpsp2

Firewall Information - Windows XP users have the option to continue to use their current firewall protection and turn off the firewall software (called "Windows Firewall") that comes with SP2. To find out more about Windows Firewall and how to adjust the settings after downloading SP2, go to: http://support.microsoft.com/default.aspx?kbid=843090&product=windowsxpsp2

Ordering Windows XP Service Pack 2 (SP2) On CD - Microsoft now has a specific link for ordering SP2 on CD. To order, click on this link: http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx The web page says to allow 4-6 weeks for delivery.

Precautionary Items Regarding Windows XP Service Pack 2:

You may want to consider waiting to download this early version of SP2. Keep in mind that SP2 is a work-in-progress. Microsoft's goals for SP2 are admirable but, as is the case with the release of any new software, there are bound to be bugs. SP2 is no exception. Download the early version of SP2 at your own risk.
Windows XP Service Pack 2 DOES NOT REPLACE the need for third-party a) Virus Protection, b) E-mail Filtering, or c) Firewall Protection. If you use third party anti-virus software programs from companies like Symantec and McAfee, for instance, you'll still need to continue to regularly update your software and scan e-mail attachments for viruses as you've done in the past. SP2 does not include robust protection in these three areas.
Some software programs may not work after downloading SP2. Microsoft admits that SP2 has caused compatibility issues with other software programs -- even some Microsoft programs. We suggest that you contact your software vendors before you download SP2 to make sure their software is compatible. For a list of dozens of software programs which may incur performance issues once a user downloads SP2, go to: http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2
The firewall installed when you download SP2 is automatically "turned on." An Internet firewall helps to protect against intruders gaining access to (hacking into) your computer via the Internet. Unlike the Windows XP program you have now, SP2 makes the firewall feature "turned on" by default. This new firewall protection is actually the cause of many of the performance issues of software programs mentioned in item #3 above.
SP2 may take a long time to download. Users of Windows XP may find challenges when attempting to download SP2 via the Internet. Microsoft estimates that download file sizes could range anywhere from 80 megabytes to 270 megabytes. That's big. Depending on your Internet connection speed, the download process could become very lengthy. The alternative is to order a free installation CD-ROM from Microsoft. (See above for more information.)

An ever-increasing number of "phishing" scams are targeting online consumers each month. In fact, such scams are said to have risen by an average of 50% a month during the first half of this year alone! The term "phishing," also referred to as "brand spoofing," or "carding," is a variation of the word "fishing" -- the idea being that "bait" is thrown out with the hopes that while most people will ignore the "bait," some will be tempted into biting. Phishing is the act of sending an e-mail to an Internet user and falsely claiming to be an established legitimate enterprise with the intent of scamming the user into surrendering confidential information that will then be used for identity theft. Here's how a typical phishing scam works:

A con artist sends a bogus e-mail message to a list of e-mail addresses. The phony spam e-mail message purports to be from a bank, for instance, and asks the e-mail recipient to provide account information to assist the bank in its efforts to crack down on identity theft. The e-mail message is usually very authentic looking and includes company logos and copyright information. These messages typically state something about the recipient's account being temporarily suspended if account information is not provided. A link is provided within the e-mail message which takes the consumer to an official-looking website. The site asks for personal information such as account numbers, pin numbers, social security numbers, birth dates, etc. Participation in the scam by the consumer results in identity theft -- and bad consequences.

Businesses that are commonly targeted by "phishers" include banks, credit card companies, brokerage firms, ebay, PayPal, Internet service providers, as well as a variety of online retail e-commerce sites.

Tips On How To Avoid Getting Hooked By Phishing Scams

Legitimate companies don't ask for financial or personal information via e-mail. If you get an e-mail or pop-up message that asks for this type of information, do not reply or click on the link in the message. If you are questioning the legitimacy of an e-mail regarding your account, contact the organization in the e-mail using a telephone number you know to be genuine.
NEVER send personal or financial information via e-mail. E-mail is not a secure method of transmitting personal information.
Initiate online transactions by typing in the organization's web address into your browser's Address Bar rather than clicking on a link provided within an e-mail message that supposedly takes you to the organization's site. Con artists can spoof an organization's web address shown on an e-mail message's link and send you to a bogus site instead.
When you are asked to provide personal or financial information through an organization's website, be sure to look for indicators that the site is secure like a lock icon on the browser's status bar or a web address that begins with "https:" -- the "s" stands for "secure." Be sure to follow #3 above before doing this step.
Review bank account and credit card statements as soon as you receive them to determine whether there are any unauthorized charges.

Be sure to report any suspicious activity to the Federal Trade Commission (FTC). If you receive spam that is fraudulently phishing for information, forward the message to spam@uce.gov.

If you believe you've been scammed by a phishing scheme, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft.

E-mail can be a great tool for relaying information to friends, relatives, and business associates. However, the Internet can also be the source for the proliferation of misinformation. One recent example is a tsunami-related hoax that has been rapidly spreading across the globe. It's been referred to as the Zulican Virus E-mail Hoax.

The message of the Zulican Virus E-mail Hoax warns consumers not to eat fish or seafood products. The reason — the December 26, 2004 tsunami, which laid waste to a number of coastal areas in the Indian Ocean region, resulted in dead and diseased fish. The diseased fish, so the e-mail claims, contain a virus call Zulican. If consumers eat the fish, they will be exposed to the Zulican Virus.

The Zulican Virus e-mail message is a hoax. There is no known seafood virus called Zulican. The U.S. Food and Drug Administration, the Canadian Food Inspection Agency, or the Centers for Disease Control and Prevention located in Atlanta, Georgia, don't give any credence to this bogus virus.

The next time you receive an e-mail message that you think may be a hoax, do some quick research before forwarding the message on to family and friends. There are sites on the Web dedicated to alerting Internet users of Internet hoaxes. A few hoax information sites to bookmark in the Favorites list of your browser include:

http://truthorfiction.com/
http://vmyths.com/
http://urbanlegends.about.com/

Each of the above sites includes search tools to research archived hoaxes by name or subject.

Mydoom E-mail Worm Returns
The "Mydoom" e-mail worm has returned. First discovered in January 2004, Mydoom became one of the top ten most prolific virus/worms of last year. Now anti-virus companies have reported a new variant of this mass-mailing worm. The variant is called "W32.Mydoom.AX@mm" and its discovery is one more example of why we encourage all our Internet users to install virus-scanning software on their computers and to frequently update their security software. (Note: Mydoom infects only Windows-based operating systems — not Macintosh, Linux, or UNIX systems.)

The W32.Mydoom.AX@mm e-mail worm (also known as W32/Mydoom.bb@MM) is a mass-mailing worm that sends itself as an e-mail attachment to e-mail addresses found within an infected computer. Although the sender's address, the subject line, and the text within the message of the e-mail can vary greatly (making detection more difficult), the "from" address is usually spoofed to show coming from places like "Postmaster," "Mail Administrator," "The Post Office," "Mail Delivery Subsystem," "MAILER-DAEMON," or "Bounced mail." The subject line will commonly say something like "Returned mail: see transcript for details," "Returned mail: Data format error delivered," "Message could not be delivered," or "Mail System Error - Returned Mail." The message body text varies but may say something like this:

"Dear user of (your ISP domain here),

We have received reports that your e-mail account has been used to send a large amount of unsolicited e-mail messages during this week. We suspect that your computer was compromised and now runs a hidden proxy server.

We recommend you to follow our instruction in the attached file in order to keep your computer safe.

Virtually yours,
(your ISP domain here) support team."

The message leads users to believe they have received a bounced back e-mail message notification from their Internet service provider. When opening the accompanying attachment, however, the recipient's machine becomes infected with the Mydoom worm. This results in replicated e-mails being automatically mass-mailed to the e-mail addresses found on the recipient's computer.

The W32.Mydoom.AX@mm worm also includes a "backdoor" feature that opens TCP port 1034 on the infected machine. This allows hackers to potentially have remote access and control of the infected computer.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean they were the actual senders of the message and attachment. We encourage each of our users to install and utilize virus-scanning software, to update this software on a regular basis, and to scan all incoming attachments before opening them, even if the attachment shows coming from a trusted source. The ultimate responsibility of protecting your computer against worms and viruses lies with you. In addition, many viruses and worms spread not only via e-mail, but also through the sharing of files when using floppy disks, zip disks, and networks, as well as when downloading software. Be sure to scan these files for infections as well.

Although the "Nigerian Advance Fee Scam" has circulated across North America for many years,
it continues to be one the highest median dollar loss Internet scams around. According to the FBI's 2004 Internet Fraud Crime Report, the average dollar loss for Internet users who reported being victimized by the Nigerian Advance Fee Scam was $3,000. Only Internet check fraud scams had a higher average loss ($3,600).

Also known as the "Nigerian 419 Scam," referring to the Nigerian law for fraud, the scam has propagated for years through regular mail, fax transmissions, telephone solicitations, and, in recent years, most prolifically via e-mail.

There are hundreds of variations of the Nigerian Advance Fee Scam; however, the storyline is similar in each instance. The scam goes something like this: A person from a third world country, usually claiming to be either a very important business person or from royal lineage, sends you an e-mail saying he/she has access to huge amounts of money which is sitting idle from a recent inheritance, government action, or business deal. For some strange, fateful reason this person has selected you to assist him/her in getting the funds out of his/her country. Once you've grabbed the "bait," the scammer asks you to either provide him/her with a "transaction advance" (which you'll never see again) or personal bank account information for the purpose of sending millions of dollars to your account for a temporary holding period. The individual promises to share the proceeds with you (usually anywhere from 10%-25%) after the transfer of funds occurs. The e-mail message normally utilizes incorrect grammar and spelling to further the notion that the sender is indeed from an impoverished, far-off country.

Below is the exact text of an actual Nigerian Advance Fee Scam that has been recently circulating the Internet:

"Subject: PARTNERSHIP

FROM: Michael Shaw
E-MAIL: michaelshaw99@myway.com

Good day,
With warm heart I offer my friendship and greetings. I hope this mail meets you in good time. However strange or surprising this contact might seem to you as we have not met personally or had any dealings in the past, I humbly ask that you take due consideration of its importance and immense benefits. I duly apologize for infringing on your privacy if this proposal is not acceptable to you.

First and foremost, I wish to introduce myself properly to you. I am Mr. Michael Shaw, the son of the former Liberia finance minister (Mr. Emmanuel Shaw) under the past government of Charles Taylor. I presume you are aware of the political crisis in my country which affected my father's health. At the end of Charles Taylor's regime, he was exiled to Nigeria where he currently resides. Majority of his officers including ministers like my father, are having their accounts frozen by the present government because they were uncomfortable with the past regime. We then jointly decided within the family to relocate the family funds outside Liberia for investment.

I am contacting you because of a good friend of my father (Dr. Thomas Clark) who visited your country sometime ago made recommendations about your country to my family. Following the above reason, I have been subsequently advised to seek and invest this money abroad. So,I am soliciting for your co-operation and confidential assistance to take custody of twenty six million united states dollars (US$26.000.000). And also front for me in areas of business which you desire profitable. Left alone, this would prove extremely difficult if not impossible due to the bureaucratic nature of the western world.

In preparedness and appreciation to conduct this business with you, I shall give you 15% of the total funds and 5% commission on any profit that we might realise in the process of investing the funds. 5% shall be set aside for any eventual cost that may occur in the process of this transaction. Please,I need your entire support and co-operation for the success of this business venture,and also your utmost confidentiality. Be rest assured that,this is absolutely safe with no risk involved. I do hope my proposal is acceptable to you.

Thanking you in anticipation, while looking forward to hearing from you soon.

Best Regards,

Michael Shaw.
E-MAIL:-michaelshaw99@myway.com"

The above message is an Illegal Scam! If you believe that you have been victimized by the Nigerian Advance Fee Scam or any other type of Internet fraudulent scheme, contact your local law enforcement officials and file an online report with the FBI's Internet Fraud Complaint Center located at: http://www.ifccfbi.gov/index.asp

There's an e-mail worm that recently began to circulate around the Internet called the "W32.Sober.N@mm worm." (The worm only infects Windows-based systems - not Macintosh, Unix, or Linux systems.) Also known as the W32/Sober.o@MM worm, this new variant of the Sober worm was first discovered on April 19, 2005, and includes a tricky Trojan horse feature. The text of the deceptive e-mail message promises the recipient a benefit if he/she opens the accompanying attachment but something quite different occurs when the attachment is opened.

Below is the exact text of an actual W32.Sober.N@mm e-mail worm currently circulating the Web:

As you can see, the goal of the worm is to trick you into thinking that the sender has received some of your private e-mail messages and is simply returning them to you within a zipped attachment. When you open the attachment, you are infected with the W32.Sober.N@mm worm. Pretty slick!

The W32.Sober.N@mm worm is a mass-mailing e-mail worm. Once the attachment is opened, it sends itself as an attachment to e-mail addresses found within the infected machine. Like most worms circulating around the Internet, the W32.Sober.N@mm worm also has a "spoofing" feature that conceals the actual sender of the e-mail message by randomly selecting e-mail addresses from the infected computer's system to disguise the source of the e-mail. So, if a person receives this e-mail worm from a co-worker or relative, chances are that the person it shows being sent from was probably not the person who actually sent it.

Remember, receiving an e-mail attachment from a trusted friend or a reliable source may not necessarily mean that they were the actual senders of the message and attachment. Also, the ultimate responsibility of protecting your computer against worms and viruses lies with you. Many viruses and worms not only spread via e-mail, but also through the sharing of files when using floppy disks, zip disks, CDs and networks, as well as when downloading software from the Internet. We encourage each of our users to install and utilize virus-scanning software, to update this software on a regular basis, and to scan all incoming e-mail attachments before opening them, even if the attachment shows coming from a reliable source.