[NHCOLL-L:540] RE: Virus warning about e-mail to this group

Roberta Faul-Zeitler faulzeitler at ascoll.org
Thu Apr 20 11:29:58 EDT 2000 

4/20/00

Hello all - We use Microsoft Outlook (not Outlook Express). We received the
book message but no attachment. After receiving the warning, we scanned our
network and found no infected files. It was especially chilling to think
that a virus can attach to the signature block or be embedded in a message.

Since ASC and SPNHC are joint partners in NHCOLL, let me weigh in for a
second. Perhaps we need to establish a simple protocol about attaching any
attachments to email messages that get circulated on the NHCOLL listserv.
Perhaps an attachment MUST be vetted first (scanned for virus) before it is
put up on the listserv. That's a simple enough rule.

The other option is to eliminate attachments altogether -- less attractive,
but less costly than the time and repair expense if a virus leaks through
and attacks your network (spoken from unfortunate experience).

Please let us know what you think the best practice would be for the future.

Thanks for all who wrote back and explained what you found.

Bobbie
Roberta Faul-Zeitler
Executive Director
Association of Systematics Collections
1725 K Street NW, Suite 601
Washington DC 20006
Tel. (202) 835-9050
FAX (202) 835-7334
Email: faulzeitler at ascoll.org

> -----Original Message-----
> From: c-mayer2 at uiuc.edu [mailto:c-mayer2 at uiuc.edu]
> Sent: Wednesday, April 19, 2000 3:56 PM
> To: faulzeitler at ascoll.org; nhcoll-l at lists.yale.edu
> Subject: Re: [NHCOLL-L:527] RE: Virus warning about e-mail to this group
>
>
> It's a worm - see:
> http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html
>
>  From Symantec's page:
> Wscript.KakWorm
>    VBS.KakWorm spreads using Microsoft Outlook Express. It attaches
> itself to all outgoing messages via the Signature feature of Outlook
> Express and Internet Explorer newsgroup reader.
>
>    The worm utilizes a known Microsoft Outlook Express security hole
> so that a viral file is created on the system without having to run
> any attachment. Simply reading the received email message will cause
> the virus to be placed on the system.
>
>    Microsoft has patched this security hole. The patch is available
> from Microsoft's website. If you have a patched version of Outlook
> Express, this worm will not work automatically.
>
>     Also known as: VBS.Kak.Worm, Kagou-Anti-Krosoft
>

More information about the Nhcoll-l mailing list