FUN-Books.com and unschooling.org web sites attacked
Billy or Nancy
Just an update. The web sites listed in the subject line do not present any
danger of infection. Although the server was partially infected by the
W32-Nimda worm, only the script that is supposed to deliver the payload was
active. The file that causes the damage (readme.exe or an outlook e-mail
file containing it) was not present.
If you visit the sites, you may notice a minimized second browser window
that opens with a "file not found error." If the worm had been fully
functional, that browser window would have linked to the virus file and you
would have had a message asking you if you wanted to download and run a file
name readme.exe or *.eml.
If you have up-to-date anti-virus software running, it will detect the
script and give you a virus warning, but since the infectious file is not
present, there is no danger. If you do not have any anti-virus protection,
you may notice the minimized second browser window, but again there is no
danger of infection. On a PC, the browser window can be closed by right
clicking on the icon in the task bar and choosing "Close."
You should never download and run a file from any web site you visit unless
you know exactly what it is.
I am pleased to say that there is currently no danger of infection from
visiting our web sites and we hope to have all traces of the worm removed
soon.
Billy Greer
www.FUN-Books.com
www.unschooling.org
==== previous message =======
One of the servers I lease space on fell victim to the W32-Nimda worm. The
above sites were knocked off-line on Tuesday and came back on-line today
infected with the W32-Nimda worm. All major anti-virus software companies
have updates to avoid infection and you can go to http://www.sarc.com for
more information or to run a free check on your system.
If you visit the above sites you may be prompted to download an eml file. Do
not download the file! If you download the file, then open it, you can
become infected. Just visiting the web site should not infect your computer.
Your anti-virus software may detect the virus script and give you a warning.
Just do not download and open any eml (OutLook format email file) and you
should be fine.
This worm normally is spread by e-mail and the email form has the nasty
capability to infect you using a MIME exploit that allows the virus to be
executed just by reading or previewing the file. Information and a patch for
this exploit can be found at
<http://www.microsoft.com/technet/security/bulletin/MS01-020.asp>
If you have visited any site that prompted you to download and open an eml
file, and you did so, you may be infected. Please visit the SARC site
(http://www.sarc.com) and check your system. I apologize for any
inconvenience you may have experienced from visiting one of our sites.
Technicians are working to eliminate the virus and restore the server to
normal operation.
Billy Greer
www.FUN-Books.com
www.unschooling.org
danger of infection. Although the server was partially infected by the
W32-Nimda worm, only the script that is supposed to deliver the payload was
active. The file that causes the damage (readme.exe or an outlook e-mail
file containing it) was not present.
If you visit the sites, you may notice a minimized second browser window
that opens with a "file not found error." If the worm had been fully
functional, that browser window would have linked to the virus file and you
would have had a message asking you if you wanted to download and run a file
name readme.exe or *.eml.
If you have up-to-date anti-virus software running, it will detect the
script and give you a virus warning, but since the infectious file is not
present, there is no danger. If you do not have any anti-virus protection,
you may notice the minimized second browser window, but again there is no
danger of infection. On a PC, the browser window can be closed by right
clicking on the icon in the task bar and choosing "Close."
You should never download and run a file from any web site you visit unless
you know exactly what it is.
I am pleased to say that there is currently no danger of infection from
visiting our web sites and we hope to have all traces of the worm removed
soon.
Billy Greer
www.FUN-Books.com
www.unschooling.org
==== previous message =======
One of the servers I lease space on fell victim to the W32-Nimda worm. The
above sites were knocked off-line on Tuesday and came back on-line today
infected with the W32-Nimda worm. All major anti-virus software companies
have updates to avoid infection and you can go to http://www.sarc.com for
more information or to run a free check on your system.
If you visit the above sites you may be prompted to download an eml file. Do
not download the file! If you download the file, then open it, you can
become infected. Just visiting the web site should not infect your computer.
Your anti-virus software may detect the virus script and give you a warning.
Just do not download and open any eml (OutLook format email file) and you
should be fine.
This worm normally is spread by e-mail and the email form has the nasty
capability to infect you using a MIME exploit that allows the virus to be
executed just by reading or previewing the file. Information and a patch for
this exploit can be found at
<http://www.microsoft.com/technet/security/bulletin/MS01-020.asp>
If you have visited any site that prompted you to download and open an eml
file, and you did so, you may be infected. Please visit the SARC site
(http://www.sarc.com) and check your system. I apologize for any
inconvenience you may have experienced from visiting one of our sites.
Technicians are working to eliminate the virus and restore the server to
normal operation.
Billy Greer
www.FUN-Books.com
www.unschooling.org