Re: Code Red & Viruses in General - a plea

Having been a member of a number of lists like this for a few years, I have
seen a good many warnings about viruses - both hoaxes & real warnings. A
common feature of many of these warning messages is the poor quality of the
information that they propagate about the nature of the virus itself, how
it operates, and how to protect against it. This is not surprising, as in
many cases, the messages have been posted by people that are not virus
experts, who have themselves often been "informed" by non-experts.

There are a number of companies that ARE expert in the handling of viruses,
and protection against them, that also offer Web-based resources that carry
real, up-to-date, information about current virus threats & how to deal
with them. Symantec (who sell the Norton antivirus products) and Macafee
are but two examples.

PLEASE, when you wish to inform others about virus threats, point them at
those resources, rather than propagating what may prove to be uninformed
guesses based on misinformation. In the case of Code Red, the words that
Symantec have to say about it can be found at:

http://www.symantec.com/avcenter/venc/data/codered.worm.html

You will also find a write-up on the W32.sircam.worm virus at:

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@...

Symantec has a searchable encyclopedia of viruses and virus hoaxes at:

http://www.symantec.com/avcenter/vinfodb.html

Searching this encyclopedia (or the equivalent on the Macafee site, etc)
when someone warns you of a virus can save you the embarrassment of
perpetrating a hoax (probably 90% of the virus warnings I have seen in
recent years have been hoaxes - not true of the two mentioned above though)
and will allow you to either push back on the guy that sent you a hoax
warning, or provide real information to those you wish to warn of a real
threat.

Perpetrating incomplete and/or inaccurate information simply plays into the
hands of the virus writers/hoaxers by increasing the general level of
disruption and confusion. A good example here was a recent hoax warning
that I received, which, if you carried out its instructions to rid yourself
of the "virus", would actually result in you deleting a perfectly good and
useful part of your Windows operating system. The guy that sent it to me
had already damaged his system in his ignorance; looking at the
encyclopedia would have saved him the trouble, and would have also avoided
him the major embarrassment of having to tell 150 or so of his friends,
colleauges & acquaintances that he had sent them a hoax warning.

Apologies to those for whom this is "motherhood & apple pie"...

Regards,
Tony

At 06:59 01/08/2001 +0000, you wrote:

>Yesterday at 1pm (Or 1am) UK time, remembering we're around 5 - 6 hours
>ahead of the US, a new virus was released in the US called Code Red. Within
>hours Microsoft had got to work on a patch after recieving thousands of
>emails about it. The virus is designed to cause maximum damage to the
>internet, not really your computer. It waits in your MEMORY, not the disk,
>so all you need do is turn your computer off, wait a few minutes just to be
>sure, then turn it back on. I don't kno why they person didn't write it to
>store itself on the hard disk. They were worried as the virus spreads very
>easily, I'm not sure how though, probably through email. All the virus does
>is slow down your internet access. I guess it either does something to the
>modem or tries sending a bunch of pings to things like search engines to
>slow them down as well. Combine a few big servers and target one search
>engine, bombard it with useless junk and you can almost stop it. Combine a
>few hundred thousand or even millions of normal computers and you have some
>serious stopping power. Anyhow, just thought you might want to know. Since
>the virus waits in the RAM it won't need to install itself I don't think so
>avoid emails from people you don't know for a while.