I got an e-mail from a good friend of mine telling me that if I get an e-mail with the subject along the lines of World Trade Center, 9/11 or WTC Suvivor, to delete it immediately as it will wipe out your entire "C" drive. Here is the body of the email. I strongly suggest you send it to anyone and everyone you know.

Very Important


During the next several weeks be VERY cautious about opening or
launching any e-mails that refer to the World Trade Center or 9/11
in
any way, regardless of who sent it. PLEASE FORWARD TO ALL YOUR
FRIENDS AND FAMILY. FOR THOSE WHO DON'T KNOW, "WTC" STANDS FOR
THE

WORLD TRADE CENTER. REALLY DANGEROUS BECAUSE PEOPLE WILL OPEN IT
RIGHT AWAY, THINKING ITS A STORY RELATING TO 9/11!

BIGGGG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that

will erase your whole "C" drive. It will come to you in the form
of

an E-Mail from a familiar person. I repeat, a friend sent it to me,

but called and warned me before I opened it. He was not so lucky
and
now he can't even start his computer!

Forward this to everyone in your address book. I would rather
receive thi s 25 times than not at all. So, if you receive an email

called "WTC Survivor", do not open it. Delete it right away! This

virus removes all dynamic link libraries (.dll files) from your
computer.




PLEASE FORWARD THIS MESSAGE!

Wow thanks for the warning Donna. It is very considerate of you. I'll make sure I tell my friends about this.

Thanks for the info Donna. :)

http://www.snopes.com/computer/virus/wtc.htm

Looks like it's FICTION. :)

Here's another good site to check it:

Truth or Fiction? (http://ss659.fusionbot.com/cgi-bin/ss_query?sitenbr=120222903&keys=truth+or+fiction)

Ooooopppppsss, sorry. I didn't mean to put anyone in a panic. But after that LAST virus, I just thought I'd better warn people. Boy do I feel dumb!!!!!:( :( Sorry.

Originally posted by moosmom
Ooooopppppsss, sorry. I didn't mean to put anyone in a panic. But after that LAST virus, I just thought I'd better warn people. Boy do I feel dumb!!!!!:( :( Sorry.
Donna, no reason to feel dumb - better to be safe than sorry! ;) :D When I first joined PT, I posted a warning which turned out to be Fiction, this was when I found out about this site. ;)

BUT, there is a new one around:

Virus name: Sobig.F
Status: Real.

Origins: Sobig.F is the latest variant of
yet another mass-mailing worm which exploits a vulnerability in the Microsoft Outlook e-mail client on Windows 95, 98, ME, NT, 2000, and XP platforms to replicate itself by mailing out messages with forged return addresses. The payload is contained in attachments to messages bearing one of the following subject lines:

My Details
Your Details
Thank you!
That movie
Approved
Application
Wicked screensaver
Re: My Details
Re: Your Details
Re: Thank you!
Re: That movie
Re: Details
Re: Approved
Re: Your application
Re: Wicked screensaver

The file name of the infected attachment will match one of the following:

wicked_scr.scr
movie0045.pif
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
Trend Micro provides a system cleaner on their web site which will remove Sobig.F.

Additional information: WORM_SOBIG.F
(Trend Micro)
Last updated: 19 August 2003

What is the world coming to, all these viruses' and SPAM!! :mad:

Thanks Randi!!

Originally posted by Randi
Donna, no reason to feel dumb - better to be safe than sorry! ;) :D When I first joined PT, I posted a warning which turned out to be Fiction, this was when I found out about this site. ;)

BUT, there is a new one around:

Virus name: Sobig.F
Status: Real.

Origins: Sobig.F is the latest variant of
yet another mass-mailing worm which exploits a vulnerability in the Microsoft Outlook e-mail client on Windows 95, 98, ME, NT, 2000, and XP platforms to replicate itself by mailing out messages with forged return addresses. The payload is contained in attachments to messages bearing one of the following subject lines:

My Details
Your Details
Thank you!
That movie
Approved
Application
Wicked screensaver
Re: My Details
Re: Your Details
Re: Thank you!
Re: That movie
Re: Details
Re: Approved
Re: Your application
Re: Wicked screensaver

The file name of the infected attachment will match one of the following:

wicked_scr.scr
movie0045.pif
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
Trend Micro provides a system cleaner on their web site which will remove Sobig.F.

Additional information: WORM_SOBIG.F
(Trend Micro)
Last updated: 19 August 2003

What is the world coming to, all these viruses' and SPAM!! :mad:

Yep hubby's whole company's email is down due to this one!

Here's the story on this one:
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030819/ap_on_hi_te/e_mail_virus_1

We just got 2 different ones from Ag support here at Penn State. Those are the only ones I take seriously.

The following virus has been identified within the College of Ag
Sciences. This virus affects the following computer systems:

- Microsoft Windows 2000
- Microsoft Windows XP

W32.Welchia.Worm is a worm that exploits multiple vulnerabilities:
* It exploits the DCOM RPC vulnerability (described in Microsoft
Security Bulletin MS03-026) using TCP port 135. The worm specifically
targets Windows XP machines using this exploit.
http://www.microsoft.com/security/security_bulletins/ms03-026.asp
* It exploits the WebDav vulnerability (described in Microsoft Security
Bulletin MS03-007) using TCP port 80. The worm specifically targets
machines running Microsoft IIS 5.0 using this exploit.
http://www.microsoft.com/security/security_bulletins/ms03-007.asp

If you have not already applied the 'Security Update for Windows -
(823980)', YOUR COMPUTER CAN BE INFECTED BY SIMPLY ACCESSING THE
INTERNET.

NOTE: This virus (and it is STILL A VIRUS) attempts to "fix" the
W32.Blaster.Worm. It will try to download the 'Security Update for
Windows - (823980)' patch from Microsoft's Windows Update Web site,
install it, and then reboot the computer. The worm will also attempt to
remove W32.Blaster.Worm from your machine. It will then remain active on
your computer and will continuously check for other machines to "infect"
with its code which will result in increased network traffic.

Recommended Actions:
1. Verify that you have applied the 'Security Update for Windows -
(823980)'
* Open your Control Panels folder. Open the Add or Remove Programs
control panel.
* Look for "823980" in your list of installed patches. This may be
different depending on your Operating System.
Example: in Windows XP look for: Windows XP Hotfix - KB823980
* If you see this patch listed, you are protected from this worm
infecting your system. Close the control panel.

If you do not see the 823980 patch, close the control panel. You
should download and apply this patch IMMEDIATELY. Open Internet
Explorer.
From the Tools menu choose Windows Update. Install all the Critical
Updates. This should include the 823980 Security Update. After
applying the critical updates, re-start if needed. Continue to go
back to http://windowsupdate.microsoft.com/ until all critical
updates are applied.

2. Update your virus definitions (Version 8/18/2003, rev. 16, or
greater will detect this threat.)

3. Scan your hard disk.

Resources:
For information on updating your virus definitions, see the ICT Computer
Support web site at <http://ict.cas.psu.edu/Support/> and click
Anti-Virus Information.

The following web site has additional information on the
W32.Welchia.Worm :
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html

Virus Name:
W32.Welchia.Worm

Also known as:
W32/Nachi.worm [McAfee]

Threat:
High

Platform:
Windows 2000, Windows XP

Method of Infection:
If a user has not applied the 'Security Update for Windows - (823980)'
patch and is using one of the above operating systems, the machine is
vulnerable. It can be infected simply by accessing the Internet to check
mail or view web pages.

What Will It Do?
Causes system instability. Creates unneeded network traffic.

What do I do if the computer is infected?
You must apply the 823980 Security Update from Microsoft first. See Step
1 above. If you are unable to get to the Windows Update site, the
College has placed the Security Update on one of their servers. A
Windows XP and Windows 2000 version if the patch are available here:

ftp://ftp.cas.psu.edu/Windows/Updates-Patches/Win_SecurityUpdate_823980/

You can download the needed update to your desktop. Double-click to open
it. Then follow its prompts to install the patch.

Once the patch is installed, Symantec Security Response has developed a
removal tool to clean infections of W32.Welchia.Worm. This is the
easiest way to remove this threat if you are infected.

Go to this page: http://www.symantec.com/avcenter/tools.list.html and
click the W32.Welchia.Worm link. Then PRINT this web page and follow the
instructions in the 'Obtaining and running the tool' section. If needed,
you may download the tool on a non-infected machine. Then transfer the
file via E-mail to the affected machine and follow the Symantec
instructions. Once you have the tool on the machine, you should
disconnect it from the network if possible while running the tool.

NOTE: Until you apply the security update, you REMAIN VULNERABLE!! Do
not assume that since the Symantec tool was run and the infection
cleaned that you are OK. You may become re-infected in a very short
time.

This is the second one. The director of our lab recieved this virus in an email the day before we got the warning. But she was suspicious and didn't open it.

The following virus has been identified within the College of Ag
Sciences. This virus affects the following computer systems:

- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT
- Microsoft Windows 2000
- Microsoft Windows ME
- Microsoft Windows XP

W32.Dumaru@mm is a mass-mailing worm that drops an IRC (Internet Relay
Chat) Trojan onto the infected machine. The worm gathers email addresses
from you computer and uses its own SMTP engine to email copies of itself
to these addresses. The email has the following characteristics:

From: "Microsoft" <[email protected]>
Subject: Use this patch immediately !
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe or patch1.exe

Recommended Actions:
1. Do NOT double-click or attempt to run the file associated with the
e-mail. Delete the e-mail message.
2. Update your virus definitions (Version 8/19/2003 rev 3, or greater
will detect this threat.)
3. Scan your hard disk.

Resources:
For information on updating your virus definitions, see the ICT Computer
Support web site at <http://ict.cas.psu.edu/Support/> and click
Anti-Virus Information.

The following web site has additional information on the
W32.Dumaru@mm:
http://www.symantec.com/avcenter/venc/data/[email protected]

Virus Name:
W32.Dumaru@mm

Also known as:
W32/Dumaru@MM [McAfee]

Threat:
Medium

Platform:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Method of Infection:
Virus is sent via an e-mail attachment. If a user clicks on it and
executes the virus, his or her computer becomes infected.

What to Watch For:
From: "Microsoft" <[email protected]>

Subject: Use this patch immediately !

Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

Attachment: patch.exe or patch1.exe


What Will It Do?
W32.Dumaru@mm is a mass-mailing worm that spreads by email. Sends itself
to all the email addresses it finds in the .htm, .wab, .html, .dbx,
.tbb, .abd files.

What do I do if the computer is infected?
Symantec Security Response has developed a removal tool to clean
infections of W32.Dumaru@mm. This is the easiest way to remove this
threat if you are infected. Go to this page:
http://www.symantec.com/avcenter/tools.list.html and click the
W32.Dumaru@mm link. Then PRINT this web page and follow the
instructions in the 'Obtaining and running the tool' section. If needed,
you may download the tool on a non-infected machine. Then transfer the
file via E-mail to the affected machine and follow the Symantec
instructions. Once you have the tool on the machine, you should
disconnect it from the network if possible while running the tool.


More information:
Internet Relay Chat or IRC
IRC is a multi-user chat system, where people meet on "channels" (rooms,
virtual places, usually with a certain topic of conversation) to talk in
groups, or privately.
http://www.mirc.com/ircintro.html

IRC Trojans
Some viruses install an IRC client (example: mIRC) somewhere on your
computer and start it every time you switch on your computer. Well known
examples of such viruses are the I LOVE YOU, SirCam, and Klez viruses.
http://www.mirc.co.uk/help/virus.html

Here's is an update to this post.

This morning I checked my e-mails. In it was an e-mail from someone called "Pam S Grasso". The subject line said something to the effect of "2c489t17 the worm".

What tipped me off about this particular e-mail is that my best friend from CT is named Pam L. Grasso. But her e-mail address is NOT Pam S Grasso. I IMMEDIATELY deleted it and emptied my trash.

I also sent Pam an e-mail about it and told her if it WAS from her, which I highly doubt, to please send it again, as I deleted it and told her exactly why.

I'll keep you posted as to what she says.

False Alarm! It was Pam e-mailing me from work. It seems they set up her e-mail with the wrong middle initial. Phew!!