Re: Piping design group

From: <Christopher>
Date: Wed Apr 26 2006 - 22:26:00 EDT

On Apr 26, 2006, at 6:44 PM, Felzien Michael wrote:

> Amazing.. Well whats the verdict you going to
> continue with the compromised newsgroup or what.
The sort answer is that we will continue in about the same mode for the time being. As always attachments will be blocked. There won't be any major purges of subscriptions posted from anonymous accounts unless there is a direct indication of problems. We won't be accepting new subscriptions from any anonymous e-mailer, though, except Yahoo, which we know is safe, but we can cut you some slack on that particular rule in special cases. And we will be enforcing the rules about filling out Yahoo profiles for all new subscriptions, just so we all know who everyone is. If your employer will let you, and I see no reason why not, subscribe from work, otherwise get a Yahoo account. Part of the control of malware is a wide awake IT function, whether you do it yourself or let your company IT droids handle disinfection. Internet cafes and universities are absolute pestholes for viruses, trojans and worms. At the moment we don't know how it got to the list or who's the carrier. I am very pleased (you might even say smug) to report that it does not affect Macs in any way shape or form--only Windows systems. So almost no one is above suspicion.

The culprit appears to be the W32/Nyxem-D worm also known as Email-Worm.Win32.VB.bi
CME-24
WORM_GREW.A
W32.Blackmal.E@mm

W32/Tearec.A.worm
Email-Worm.Win32.Nyxem.e
W32/MyWife.d@MM

Win32/Mywife.E@mm
WORM_NYXEM.E It does the following nasty things
Turns off anti-virus applications
Sends itself to email addresses found on the infected computer Deletes files off the computer
Forges the sender's email address
Uses its own emailing engine
Downloads code from the internet
Reduces system security
Installs itself in the Registry

Since the foul thing has been floating around the list you should do an immediate check on your system to see if you've picked it up. Don't wait. You can find out more from

<<a href="http://securityresponse.symantec.com/avcenter/venc/data/">http://securityresponse.symantec.com/avcenter/venc/data/</a>
<a href="/group/PipingDesign/post?postID=mTrXI6nhixrPPE07E9SdtR7P1Wt8eXuWkmv4y8MpI10bXt7wK5n9tD8W2ONf9ySG5leHG8gMiZJnIbnj">w32.blackmal.e@mm.html</a>> and <
<a href="http://www.sophos.com/virusinfo/analyses/w32nyxemd.html">http://www.sophos.com/virusinfo/analyses/w32nyxemd.html</a>> There are

instructions for how to look for it, and Symantec has a free removal tool if you need it.

Christopher Wright P.E. |"They couldn't hit an elephant at <a href="/group/PipingDesign/post?postID=pU8Oxyz1uKrG_kPp_B3SJ5mr4MMTXuLvc2nwlGUqm5rRvYChedouE6tKm4UEvvLoF_JxuQxN7Wk3zn8">chrisw@skypoint.com</a> | this distance" (last words of Gen.

.......................................| John Sedgwick, Spotsylvania

1864)
<a href="http://www.skypoint.com/~chrisw/">http://www.skypoint.com/~chrisw/</a> Received on Wed Apr 26 22:26:00 2006