From: William Knowles (wkc4i.org)
Date: Tue Jan 20 2004 - 08:08:32 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Let me be the first to say that I'm sorry this virus infected mail
leaked through, and due to poor authentication routines in majordomo,
this may happen again.

Longtime ISN subscribers know that we don't send out attachments, if
you did click on the attachment, the virus was W32.Beagle.Amm.

There is a number of programs now available to rid your
computer/network of W32.Beagle.Amm, (Check with your vendor) or you
can manually disinfect your machine by doing the following...

1. Delete the registry value and restart the computer:

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe]

or terminate the running 'bbeagle.exe' process with Task Manager

2. Delete the worm from the Windows System Directory:

%SysDir%\bbeagle.exe

Finally, if you, or Usama bin Virus want to drop the Internet to its
knees, make it a point to infect university computers on the
weekend/holiday, use those networks that have no staffed
contact/emergency/help desk numbers for the computing staff. Double
check that the university police have no POC/emergency pager numbers
if something really needs to be turned off.

Not that these guys would know anything about that...

http://www.dnsstuff.com/tools/whois.ch?ip=138.87.155.2

Its a sneaky virus, so to prevent a repeat of all of this, we're going
to post messages for a few days from this address until things calm
down a little, just in case you use isnc4i.org in your mail filters.

Thanks for your support!

William Knowles
wkc4i.org

*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*

: ---------- Forwarded message ----------
: Return-Path: <owner-isnattrition.org>
: Received: from forced.attrition.org (forced.attrition.org [66.80.146.7])
: by idle.curiosity.org (8.11.6/8.11.6) with ESMTP id i0JKaKM06331;
: Mon, 19 Jan 2004 14:36:30 -0600
: Received: (from majordomolocalhost)
: by forced.attrition.org (8.11.6/3.8.9) id i0JJfnI08776
: for isn-list; Mon, 19 Jan 2004 14:41:49 -0500
: Received: from clalbur ([138.87.155.2])
: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: by forced.attrition.org (8.11.6/3.8.9) with SMTP id i0JJfmd08773
: for <isnattrition.org>; Mon, 19 Jan 2004 14:41:49 -0500
: Date: Mon, 19 Jan 2004 13:38:57 -0600
: To: isnattrition.org
: Subject: [ISN] Hi
: From: isnc4i.org
: Message-ID: <bauaoklkoxbcoysqwtnc4i.org>
: MIME-Version: 1.0
: Content-Type: multipart/mixed;
: boundary="--------247787143784553"
: Sender: owner-isnattrition.org
: Precedence: bulk
: Reply-To: isnc4i.org
: x-unsubscribe: echo "unsubscribe isn" | mail majordomoattrition.org
: x-isn-list: x-loop, procmail, etc
: x-url: http://www.c4i.org/isn.html
:
: Test =)
: aowybbojjfjwudjx
: --
: Test, yep.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]