[Alsfastball] Two Important notices: eScribe is down AND watch for new worm
Al Doran
aldoran at pmihrm.com
Thu Jul 22 13:14:31 EDT 2004
From: Al Doran <fastball at pmihrm.com>)
Subject: Two Important notices: eScribe is down AND watch for new worm
spreading, NOT from us
Well we finally got eScribe back and none too soon, but alas, its been down
since last evening.
Scott is working on it (Scott is the eScribe owner who lives in California
and spends his spare time and money keeping eScribe alive for thousands of
lists, not just Al's Fastball, although we are running 1 or 2 in the world
for hits in any given month and have been in the top 10 for over two years).
No telling when eScribe will be back up but hopefully soon.
Thanks to our good friend Jim Flanagan at http://www.fastpitchwest.com we
have a back up site for the news.
At this time of year, with the ISC World Tournament and the ISC II
Tournament of Champions fast approaching, we want to be sure everyone is
getting the news. We use eScribe to supplement the scores and stats posted
to http://www.iscfastpitch.com/
So, if over the next month eScribe is down,
http://www.escribe.com/sports/alsfastball/
please go to http://www.fastpitchwest.com
Now for item Number 2, a very important one.
We do post regular announcements on eScribe about worms and virus problems
spreading around. Hopefully everyone reads them religiously!
We have received roughly 300 worm attachments in the past few days, several
of them from various versions of my own email accounts. Most of these come
from IP addresses in the USA but some from Asia and from Europe. We use
SpamCop to find the originator and all are reported.
We share this with you as we do not want you to think that we have sent you
a virus/worm attachment.
ALL of these are forged, so do NOT blame the originating email address, it
was NOT them and certainly NOT us... they are ALL forged.
Please read:
New Bagle Variant Called 'Worst of the Year'
(we have received at least 50 of these in the last 24 hours, most Spoofed
(forged) with the email addresses of people we know - but the emphasis is
on FORGED - they did not come from the address that appears as the sender -
so don't blame them - OR me.)..
http://www.eweek.com/article2/0,1759,1624970,00.asp?kc=ewnws072004dtx1k000059
Another version of the tenacious Bagle virus is on the loose, and some
security experts and administrators say it is among the more persistent
viruses they've seen all year.
Bagle.AI, which was discovered Monday, is quite similar to the
<http://www.eweek.com/article2/0,1759,1623365,00.asp>dozens of other
variants in its family, and there seems to be little reason for its success
rate. It arrives via e-mail, usually with a subject line of "Re:" and a
spoofed sending address. The body text is random, as is the name of the
attachment.
The attachment has one of several file extensions, including .scr, .exe,
.zip, .cpl and .com. In some instances, the Zip file is password-protected,
in which case the body of the infected e-mail includes a password, pass and
key, all of which are random numbers, according to McAfee Inc.'s analysis
of the worm. The name of the attachment often contains the term MP3 in one
form or another.
Once it executes, Bagle.AI copies itself to the Windows System directory in
a file named WinXP.exe and opens TCP port 1080 and UDP port 1040. It
appears that the worm uses these ports to communicate with its creator and
report back each time it infects a new machine.
McAfee, based in Santa Clara, Calif., said it received more than 150
submissions of Bagle.AI on Monday. Bill Franklin, president of Miami-based
Zero Spam Network Corp., which provides a managed e-mail security and
anti-spam service, said his company's servers have been bombarded by copies
of the new variant all day.
"This is by far the worst one of the year," Franklin said.
The latest member of the Bagle family is the fourth variant to be released
since Thursday, when
<http://www.eweek.com/article2/0,1759,1624336,00.asp>Bagle.AF hit the Internet.
Check out eWEEK.com's Security Center at
<http://security.eweek.com>http://security.eweek.com for security news,
views and analysis.
Als Fastball List
*Email: fastball at pmihrm.com
http://www.alsfastball.com/
http://www.ISCfastball.com/
NEWS: http://www.escribe.com/sports/alsfastball/
TEMP: http://www.fastpitchwest.com/alsfatball.htm
More information about the Alsfastball
mailing list