well just to follow up (kinda sorta) this is an email I received from BC IT about MSBLASTER (seems like old news at this point)
dated 8/12
Quote:
To:_ Microsoft Windows XP, 2000, and NT4 users
Boston College is currently suffering from a new computer worm called
"MSBlaster". This virus only infects the Windows systems listed above. Note that if the worm does infect your computer, it WILL NOT damage your data or your operating system.
This worm takes advantage of a vulnerability in Windows which has been characterized as the most serious problem with Windows computers in years. IT IS CRITICAL THAT ALL BC WINDOWS USERS CHECK ALL THEIR COMPUTERS AND ENSURE THAT THIS VULNERABILITY IS ELIMINATED. In order to protect your computer, you MUST perform a three step process as described and documented at http://www.bc.edu/msblaster
Faculty and staff should contact their TC if they have trouble with the process, and students should contact the SLSC.
Finally, many of you have home computers or are students who are still
off-campus. We are almost certain that BC became infected by this worm
via a home computer that was infected first, and spread the worm into
BC._ PLEASE also check your home computers running Windows NT, 2000, or
XP to ensure that they are not compromised by this worm or other "malware."
they couldn't have meant that somehow your sister transmitted a virus from a home computer she has to BC could they? Admittedly, they are pretty dumb... but i doubt they would really think that...
I realize that this is coming on the tail end of this, but someone over at MacOSXHints. I haven't tried it myself because my college has been incredible at blocking them, and I've only gotten two to date.
Quote:
Authored by: jason.flores on Wed, Aug 20 '03 at 07:00PM
[snip]... I look for a paticular part of the mime encoded attachment. If it is there I delete the message.
So I set to check message content for the following string:
TVqQAAMAAAAEAAAA
Look at the raw source of the message, that string above is the first part of the encoded attachment.
My wife has been getting a message for the last couple of days with a lot of different subjects, from addresses, and attachment file names and extensions (so far .scr, .pif and .exe). Searching for the above has grabbed everyone so far (over 200 now).
Comments
Originally posted by LoCash
dated 8/12
To:_ Microsoft Windows XP, 2000, and NT4 users
Boston College is currently suffering from a new computer worm called
"MSBlaster". This virus only infects the Windows systems listed above. Note that if the worm does infect your computer, it WILL NOT damage your data or your operating system.
This worm takes advantage of a vulnerability in Windows which has been characterized as the most serious problem with Windows computers in years. IT IS CRITICAL THAT ALL BC WINDOWS USERS CHECK ALL THEIR COMPUTERS AND ENSURE THAT THIS VULNERABILITY IS ELIMINATED. In order to protect your computer, you MUST perform a three step process as described and documented at http://www.bc.edu/msblaster
Faculty and staff should contact their TC if they have trouble with the process, and students should contact the SLSC.
Finally, many of you have home computers or are students who are still
off-campus. We are almost certain that BC became infected by this worm
via a home computer that was infected first, and spread the worm into
BC._ PLEASE also check your home computers running Windows NT, 2000, or
XP to ensure that they are not compromised by this worm or other "malware."
they couldn't have meant that somehow your sister transmitted a virus from a home computer she has to BC could they? Admittedly, they are pretty dumb... but i doubt they would really think that...
here is the help website about virii at BC http://www.bc.edu/offices/help/accounts.shtml
note the .mac rip-off look and brushed metal...
Authored by: jason.flores on Wed, Aug 20 '03 at 07:00PM
[snip]... I look for a paticular part of the mime encoded attachment. If it is there I delete the message.
So I set to check message content for the following string:
TVqQAAMAAAAEAAAA
Look at the raw source of the message, that string above is the first part of the encoded attachment.
My wife has been getting a message for the last couple of days with a lot of different subjects, from addresses, and attachment file names and extensions (so far .scr, .pif and .exe). Searching for the above has grabbed everyone so far (over 200 now).