since these viruses go after micro$loth, there's no requirement that you open an attachment or executre a program. this security hole was reported a couple of months ago. see below.
1. if at all possible lose microsoft email clients. outlook express is the worst. these viruses prey on microsoft email clients. www.eduora.com PLEASE. there's a new sponsored version. it only costs about 30$ if you don't want that. you can crack the sponsored version if you search for the crackz at
http://astalavista3.box.sk/cgi-bin/astalavista/robot?srch=eudora+pro+&submit
in other words, you can get it for free. it's easy.
yes, I KNOW this is illegal. arrest me. DILLIGAFF?
2. outlook has a security holes that are actually a result of a built in feature in outlook: it reads code. [more complicated explanations, ask] moreover, esp. in express, you don't have to open a mail for the email client to read the code and execute the program or attachment.
so, according to security focus and CERT at Carnegie Mellon, if someone send you malicious code via an attachment or embedded in an html mail then you could be fscked . virus is malicious code that tells your 'fuser to do something.
the warning about microsloth came out a couple of months ago (it's also an issue with hotmail and using IE for web based mail.) they're working on a patch, i'll send it along when i get a mo' to find it in my back log of security focus reports.
3. don't use html --generally the default in microsoft. change to plain text.
4. finally, the DDoS attacks use hijacked "zombie" 'fusers. how are they hijacked? well sometimes they're hijacked when a virus is sent your way. anyone want more info i'll send along how this works, but the author of the virus instructs it to search him or her out at a chat room and s/he can get info about the machine that the virus infected.
this is how the DDoS attacks supposed ly worked last month
5. they just disclosed details about Mstream, the lates DDoS attack tool, posted on Security Focus and elsewhere.
The source code was posted to BugTraq Sat. Apr 29, 2000 by <Anonymous>. Reference: http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-04-29&msg=200004291748.TAA13203@lobeda.jena.thur.de
Details that I am referencing can be found at: http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-04-29&msg=Pine.GUL.4.21.0005011456280.16155-100000@red3.cac.washington.edu
FYI here's what came off a hacker list as to how the sucker works:
<forwarded> Here's what it does as far as I can tell ...
1) Sets time-out for scripting host to 0 (unlimited)
2) Copies itself as MSKernel32.vbs, Win32DLL.vbs, LOVE-LETTER-FOR-YOU.TXT.vbs to your win, system, and temp directories respectively.
2) Sets to be run everytime system is rebooted from >TWO< registry run entries as MSKernel32.vbs & Win32DLL.vbs
-"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32",dirsystem&"\MSKernel32.vbs"
- "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL",dirwin&"\Win32DLL.vbs"
3) Determines if running winfat32 (why winfat32?) and if so will randomly set your IE start page to one of four web pages that will install a file called "win-bugsfix.exe"
4) If 'win-bugsfix.exe' exists, sets up win-bugsfix.exe to run next time the PC is rebooted & sets IE start page blank
4) builds an HTML page that contains the script file. This is saved as LOVE-LETTER-FOR-YOU.HTM (it looks like this is just used for the MIRC forwarding)
5) to everybody in all of your address lists in outlook it sends an email with the subject "ILOVEYOU" and atached is the LOVE-LETTER-FOR-YOU.TXT.vbs from your system directory.
6) Begins to go through all of your drives and folders and if the file extension is:
vbs or vbe: opens and replaces with own script
js, jse, css, wsh, sct, hta: replaces with self & renames to have extenion .vbs (so it
will be run again when someone expecting to find file test.js with test.vbs)
jpg, jpeg: replaces with self & renames to be original file + .vbs (so it will be run again when someone expecting to find file test.jpg with test.jpg.vbs - on most sytems the person will end up only seeying test.jpg with the .vbs hidden)
mp3, mp2: creates new file of name originalfile.mp3.vbs with contents of self and sets the attributes of the original file to hidden.
7) If the files extension is associated with mirc32.exe, mlink32.exe, mirc.ini, script.ini, mirc.hlp then it will replace it with MIRC script (what looks like it will do is send the file to people in IRC channels when you join a room).