[Bordermarch] Virus

Ron Bentley whitewolf at sabinenet.com
Thu Aug 28 11:51:04 PDT 2003


I know computer virus are not a SCA topic for the list, but I fill that we
need to make sure that everyone on the list is aware of the number of
computers that just one virus sent though the list could affect. That is why
I have forwarded this letter from ISP.

Aaron Whitewolf




----- Original Message -----
From: <admin at sabinenet.com>
Sent: Wednesday, August 27, 2003 10:38 AM
Subject: IMPORTANT !!! Worm in our system


Ron C.

Since last Thursday the Internet has been swamped with new virus and worm
attacks. What our Email Virus software has blocked can be seen at the end of
this email.

        We have several of our customers who have one or more worms,
infecting their computer, that are trying to communicate by using what is
called a ping. ( This is not email but a network protocol) In fact we have
blocked 2.4 million packets since 4:00 pm yesterday from leaving our system
to try and infect others on the Internet. These are being generated by
infected computers on our system. In addition we have blocked 1.5 million
packets that were inbound from the Internet to protect our connected
customers.  Those that are infected are not aware that this is coming from
their machines. They have contracted these infections because they did not
apply the Microsoft patches that were available and either do not have virus
protection or have failed to keep their program up to date with current
definitions. There are so many pings going out and coming in that we are
near what is called a denial of service. In laymen's terms these pings are
so prolific that the whole Internet is slowing down.

    What can you do? To make the testing of your computer easier, I have
downloaded and built an FTP server locally to get you the programs to check
your system. Click on these links and an automatic download window will
start. When the download window opens, select 'open' and it will execute
automatically and check your system for infection.
ftp://public@members.sabinenet.com/f-lovsan.exe
ftp://public@members.sabinenet.com/f-welchi.exe  ( we have found this one in
a customer's system already)

        In addition You will need to get and install a virus protection
package to prevent this from happening to you in the future. In all
sincerity if you cannot afford the cost of virus protection you really
cannot afford to be on the Internet anymore. The cost to remove a virus by a
repair shop can be as high as $400.00 and may require losing all of your
data. Viruses and worms are coming from websites, music download sites, chat
rooms, game sites, as well as email so you need personal protection for your
computer.
       We are using two different virus protection software products and
they are F-Prot and AVG.
http://www.f-prot.com     Cost for Single user is $ 29.00 for 1 year of
updates and can be purchased online.
http://www.grisoft.com   Cost for Pro single user with 2 years of
definitions and program updates is $33.30. I have recently contracted with
Grisoft to distribute AVG so you can purchase your copy from Sabine Internet
as well as directly from them online.
      In addition I recommend installing a personal firewall on your
computer. We use ZoneAlarm Pro on all of our network computers and highly
recommend it to you. They can be checked out at:
http://www.zonelabs.com/store/content/home.jsp

Virus Summary by Count Since last Thursday August 21
Count          Inbound/Outbound     Name

26,144         26,144 / 0                  W32/Sobig.F at mm
198               198 / 0                       W32/Dumaro.A at mm
96                 96 / 0                         W32/Klez.H at mm
25                 25 / 0                         W32/Mimail.A at mm
23                 23 / 0                         W32/Bugbear.B at mm
17                 17 / 0                         W32/Bugbear.B at mm
(corrupted)
11                 11 / 0                         W32/Sobig.A at mm
6                   0 / 6                           W32/MTX.9244.worm.A
6                   6 / 0                           W32/Lentin.H at mm
4                   4 / 0                           W32/Hybris.worm.B
3                   3 / 0                           W32/Magistr.28672 at mm
1                   1 / 0                           W32/Hybris.worm.D
1                   1 / 0                           W32/Fearso.C
1                   1 / 0                           JS/Fortnight.C

Butch & Jalane Andrews
Sabine Internet






More information about the Bordermarch mailing list