[Alsfastball] Two Important notices: eScribe is down AND watch for new worm

Al Doran aldoran at pmihrm.com
Thu Jul 22 13:14:31 EDT 2004 

From: Al Doran <fastball at pmihrm.com>)
Subject: Two Important notices:  eScribe is down AND watch for new worm
   spreading, NOT from us



Well we finally got eScribe back and none too soon, but alas, its been down 
since last evening.

Scott is working on it (Scott is the eScribe owner who lives in California 
and spends his spare time and money keeping eScribe alive for thousands of 
lists, not just Al's Fastball, although we are running 1 or 2 in the world 
for hits in any given month and have been in the top 10 for over two years).

No telling when eScribe will be back up but hopefully soon.

Thanks to our good friend Jim Flanagan at http://www.fastpitchwest.com we 
have a back up site for the news.

At this time of year, with the ISC World Tournament and the ISC II 
Tournament of Champions fast approaching, we want to be sure everyone is 
getting the news.  We use eScribe to supplement the scores and stats posted 
to http://www.iscfastpitch.com/

So, if over the next month eScribe is down, 
http://www.escribe.com/sports/alsfastball/
please go to http://www.fastpitchwest.com

Now for item Number 2, a very important one.

We do post regular announcements on eScribe about worms and virus problems 
spreading around. Hopefully everyone reads them religiously!

We have received roughly 300 worm attachments in the past few days, several 
of them from various versions of my own email accounts. Most of these come 
from IP addresses in the USA but some from Asia and from Europe.  We use 
SpamCop to find the originator and all are reported.

We share this with you as we do not want you to think that we have sent you 
a virus/worm attachment.

ALL of these are forged, so do NOT blame the originating email address, it 
was NOT them and certainly NOT us... they are ALL forged.

Please read:




New Bagle Variant Called 'Worst of the Year'

(we have received at least 50 of these in the last 24 hours, most Spoofed 
(forged) with the email addresses of people we know - but the emphasis is 
on FORGED - they did not come from the address that appears as the sender - 
so don't blame them - OR me.)..

http://www.eweek.com/article2/0,1759,1624970,00.asp?kc=ewnws072004dtx1k000059


Another version of the tenacious Bagle virus is on the loose, and some 
security experts and administrators say it is among the more persistent 
viruses they've seen all year.

Bagle.AI, which was discovered Monday, is quite similar to the 
<http://www.eweek.com/article2/0,1759,1623365,00.asp>dozens of other 
variants in its family, and there seems to be little reason for its success 
rate. It arrives via e-mail, usually with a subject line of "Re:" and a 
spoofed sending address. The body text is random, as is the name of the 
attachment.


The attachment has one of several file extensions, including .scr, .exe, 
.zip, .cpl and .com. In some instances, the Zip file is password-protected, 
in which case the body of the infected e-mail includes a password, pass and 
key, all of which are random numbers, according to McAfee Inc.'s analysis 
of the worm. The name of the attachment often contains the term MP3 in one 
form or another.


Once it executes, Bagle.AI copies itself to the Windows System directory in 
a file named WinXP.exe and opens TCP port 1080 and UDP port 1040. It 
appears that the worm uses these ports to communicate with its creator and 
report back each time it infects a new machine.


McAfee, based in Santa Clara, Calif., said it received more than 150 
submissions of Bagle.AI on Monday. Bill Franklin, president of Miami-based 
Zero Spam Network Corp., which provides a managed e-mail security and 
anti-spam service, said his company's servers have been bombarded by copies 
of the new variant all day.

"This is by far the worst one of the year," Franklin said.

The latest member of the Bagle family is the fourth variant to be released 
since Thursday, when 
<http://www.eweek.com/article2/0,1759,1624336,00.asp>Bagle.AF hit the Internet.


Check out eWEEK.com's Security Center at 
<http://security.eweek.com>http://security.eweek.com for security news, 
views and analysis.

  Als Fastball List
*Email: fastball at pmihrm.com
http://www.alsfastball.com/
http://www.ISCfastball.com/
NEWS: http://www.escribe.com/sports/alsfastball/
TEMP: http://www.fastpitchwest.com/alsfatball.htm

More information about the Alsfastball mailing list