Bristol Area Birders:: The mass-mailing worm W32.Novarg.A@mm was discovererd on January 26, 2004 and is causing a serious problem for e-mail users. I am not aware of any such messages making it to the TN-Birds list. It is reported as a worm that does not damage your computer but it will spread by e-mail and send massive messages to persons in your address books. YOU CAN PREVENT THE PROGRESS OF THIS WORM BY NOT OPENING THE ATTACHMENT. THIS IS EXTREMELY IMPORTANT TO PROTECT THOSE IN YOUR ADDRESS BOOK. If your computer system is: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP are not affected by this worm. It does not affect the systems: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3. The messages usually arrive in your e-mail with one of the following subject lines: test hi hello Mail Delivery System Mail Transaction Failed Server Report Status Error The actual body of the message that you can see and read without opening the attachment has one of the following messages: Mail transaction failed. Partial message is available. The message contains Unicode characters and has been sent as a binary attachment. The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. So far I have received a few messages with the worm but my Symnantec Security antivirus program appears to be catching and deleting them as far as I can determine. W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor can download and execute arbitrary files. The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. We may see the internet and e-mail delivery slow down considerably in the next few days as this virus spreads. If any of you have the ability to go online and update your virus protection software, please do so as soon as possible. Most software vendors are up and running online with updates at this hours. You can also download a tool which will clean the worm from your system if you determine it has been infected. I hope this helps subscribers better deal with this worm and that everything returns to normal soon. Let's go birding...... Wallace Coffey Bristol Birds Moderator Bristol, TN ************************************************* BRISTOL BIRDS NET LIST This is a regional birding list sponsored by the Bristol Bird Club to facilitate communications between birders and bird clubs of Southwest Virginia and Northeast Tennessee. It serves the Russell County Bird Club, Herndon TOS Chapter, Blue Ridge Birders Club, Butternut Nature Club, Buchanan County Bird Club, Bristol Bird Club, Clinch Valley Bird Club and Cumberland Nature Club. -------------------------------------------------- You are subscribed to Bristol-Birds. To post to this mailing list, simply send an email to: bristol-birds@xxxxxxxxxxxxxx To unsubscribe, send an email to bristol-birds-request@xxxxxxxxxxxxx with the one word 'unsubscribe' in the Subject field. -------------------------------------------------- Wallace Coffey, Moderator wallace@xxxxxxxxxxxxxxxxxxx (423)764-****