SOG-UK-L Archives

Archiver > SOG-UK > 2001-08 > 0997032031


From: "Christopher Richards" <>
Subject: Re: [SoG] Genealogical viruses?
Date: Sun, 5 Aug 2001 18:21:50 +0100
References: <3.0.1.32.20010805130714.017234c0@POP3.demon.co.uk>


Thanks Geoffrey: I take Barney's point about the nuisance value of viruses
when they take up a thread on their own. But in this case the SirCam virus
is a nuisance and maybe people will read about it on this list who wouldn't
otherwise know what it is. Symmantec have a short program available on
their website to remove the virus and all its effects. I ran it just in
case and seem to have been sucessful in keeping the virus out.
Christopher Richards
----- Original Message -----
From: "Geoffrey" <>
To: <>
Sent: Sunday, August 05, 2001 1:07 PM
Subject: Re: [SoG] Genealogical viruses?


> Christopher,
>
> >I've received a number of emails over the last few days with what look
like
> >enticing titles. They have attachments with double file extensions and
> >there is no actual indication of who they are from. Norton Anti-Virus is
> not
> >picking them up as infected with viruses but I am assuming they are.
> >It also look as if they are being directly targeted at people with a
> >genealogical bent.
> >Is anybody else getting them? I have of course deleted them without
> >opening them.
>
> There are two viruses doing the rounds at the moment that I am aware of
> which generate those double file extensions. The first is called BadTrans
> and this replies to emails found in the infected person's Inbox. The
> second is known as SirCam [without getting into more technical
> descriptions] and that sends out files with a note like :-
>
> Hi! How are you?
>
> I send you this file in order to have your advice
>
> See you later. Thanks
>
> If you think about it nobody would dend you a file for advice without
> saying in the email what advice they want. So scrap any such files.
> Delete it from your inbox or equivalent and then delete it from the
Recycle
> Bin if you use Windows.
>
> SirCam is very recent therefore if you have not updated your virus
software
> in the last couple of weeks then you could be exposed. Some people don't
> realise that anti-virus software has to be regularly updated to keep
> abreast of the latest viruses, which are becoming more 'clever' in their
> approach.
>
> The reason that they look as though they are targetted at genealogists
> [which is not true] is because the virus [or worm] uses addresses found in
> the infected PC and sends messages and files from that machine. Your
most
> frequent contacts are probably other genealogists and therefore your
> address will be on the machine of other genealogists.
>
> As Listowner to the two Society Lists, estimate that I am in the address
> books of up to 3500 genealogists. This means that I get a regular stream
> of viruses [though not as many as Peter Amsden says that he has],
> especially that annoying Hahaha with variations on the Snow White theme.
> The first of the latest virus was a genuine family tree for the MOTH
> family, so if anybody here knows of them please let me know. My private
> Compuserve account is almost free of viruses.
>
> The facts that I have given above also makes it look as though the virus
is
> coming from a List which is simply not true. It looks that way because
> another list-member has been infected. To the best of my knowledge
> Compuserve forums and Rootsweb lists are 100% safe from viruses because
> they only relay plain text. This cannot be said of some of the other
> suppliers.
>
> Regards,
>
> Geoff
>
>
>
>
> Geoffrey T. Stone,
> SoG Mailing List Administrator.
>
>

This thread: