"Norton Anti-Virus Programs"
or it is at: http://www.symantec.com/avcenter/hoax.html

"CIAC"
or the page is at: http://www.ciac.org/ciac/CIACHoaxes.html

Another reliable one is: "MYTHS"
or it is at: http://www.kumite.com/myths/

Another very good and well known one: "DATAFELLOWS"
or it is at: http://www.datafellows.com/news/hoax/

And last but not least.. Dr. Solomon's (another well known one) at: "DR. SOLOMON'S"
or it is at: http://www.drsolomon.com/vircen/index.cfm

HACKERS INFORMATION
http://antionline.com/fight-back/
"HACKERS INFORMATION" Everyone should check this site out!

******************************************************

"ATTENTION! NEW VBS ATTACHEMENT NASTY VIRUS!!!! May 19th, 2000"

The VBS.NewLove.

A virus emerged yesterday. It's a bit like the recent LOVEBUG virus but more dangerous and destructive. It can wipe out your entire hard drive contents. If you performed the tasks urged during the last episode, then you do have a measure of protection already. If not, please take measures to protect your valuable files immediately.

First, do not open any executable email attachment; especially .vbs, and make sure your security settings in your browser are set to disable running unknown scripting. Second, you should have a good anti virus program. Go to www.mcafee.com or www.symantec.com and get one today. If you already have one, get the new virus definitions NOW. Both have updates for the newest threat. At McAfee, you can subscribe to an online program to check and remove viruses.

Third, ensure that your critical files are backed up safely and periodically. As we have always urged, DO NOT OPEN executable attachments to email; even from your mother or your best friend. They may not even know they sent it.

Notes:(from Symantec)VBS.NewLove.
ALast updated 5/18/00 5:34pm PST
SARC, in conjunction with other anti-virus vendors, has renamed this worm from VBS.LoveLetter.FW.A to VBS.NewLove.A.

The VBS.NewLove.A is a worm, and spreads by sending itself to all adressees in the address book when it is activated. The attachment name is randomly chosen, but will always have a .Vbs extension. The subject header will begin with "FW: " and will include the name of the randomly chosen attachment (excluding the .VBS extension) Upon each infection, the worm introduces up to 10 new lines of randomly generated comments in order to prevent detection.

Also known as: VBS/Loveletter.ed, VBS/Loveletter.Gen, VBS_SPAMMER, VBS.Loveletter.FW.A

The above information was received through Straight Talk Across the Fence.

For more information on this please see these websites.....
"USA TODAY"
"MSNBC"
"ZDNET"

******************************************************

"ATTENTION INTERNET EXPLORER USERS! May 19th, 2000"

For Users of Internet Explorer Summary

Microsoft has released a comprehensive patch that eliminates three security vulnerabilities in Microsoft(r) Internet Explorer 4 and 5:

- The "Frame Domain Verification" vulnerability, which could allow a malicious web site operator to read, but not change or add, files on the computer of a visiting user.

- The "Unauthorized Cookie Access" vulnerability, which could allow a malicious web site operator to access "cookies" belonging to a visiting user.

- The "Malformed Component Attribute" vulnerability, which could allow a malicious web site operator to run code of his choice on the computer of a visiting user.

Issue

The three security vulnerabilities eliminated by this patch are unrelated to each other except by the fact that they all occur in the same .dll. We have packaged them together for customer convenience.

The vulnerabilities are:

- "Frame Domain Verification" vulnerability. When a web server opens a frame within a window, the IE security model should only allow the parent window to access the data in the frame if they are in the same domain. However, two functions available in IE do not properly perform domain checking, with the result that the parent window could open a frame that contains a file on the local computer, then read it. This could allow a malicious web site operator to view files on the computer of a visiting user. The web site operator would need to know (or guess) the name and location of the file, and could only view file types that can be opened in a browser window.

- "Unauthorized Cookie Access" vulnerability. By design, the IE security model restricts cookies so that they can be read only by sites within the originator's domain. However, by using a specially-malformed URL, it is possible for a malicious web site operator to gain access to another site's cookie and read, add or change them. A malicious web site operator would need to entice a visiting user into clicking a link in order to access each cookie, and could not obtain a listing of the cookies available on the visitor's system. Even after recovering a cookie, the type and amount of personal information would depend on the privacy practices followed by the site thatplaced it there.

- "Malformed Component Attribute" vulnerability. The code used to invoke ActiveX components in IE has an unchecked buffer and could be exploited by a malicious web site operator to run code on the computer of a visiting user. The unchecked buffer is only exposed when certain attributes are specified in conjunction witheach other.

The patch also eliminates a new variant of the previously-addressed WPAD Spoofing vulnerability
'WPAD SPOOFING VULNERABILITY'
(http://www.microsoft.com/technet/security/bulletin/ms99-054.asp).

Affected Software Versions

- Microsoft Internet Explorer 4.0- Microsoft Internet Explorer 4.01
- Microsoft Internet Explorer 5.0- Microsoft Internet Explorer 5.01

Patch Availability
"PATCH AVAILABILITY"
- http://www.microsoft.com/windows/ie/download/critical/patch6.htm

Note: The patches require IE 4.01 Service Pack 2 or IE 5.01 to install. Customers using versions prior to these may receive a message reading "This update does not need to be installed on this system". This message is incorrect. Previous browsers are still vulnerable and should be updated. More information is available in KB article Q262509.

Note: Additional security patches are available at the MicrosoftDownload Center

More Information
Please see the following references for more information related tothis issue.

- Frequently Asked Questions: Microsoft Security Bulletin MS00-033,
"FREQUENTLY ASKED QUESTIONS"
http://www.microsoft.com/technet/security/bulletin/fq00-033.asp

- Microsoft Knowledge Base article Q262509 discusses the overall patch and will be available soon.

- Microsoft Knowledge Base articles Q251108 and 255676 discuss the "Frame Domain Verification" vulnerability and will be available soon.

- Microsoft Knowledge Base article Q258430 discusses the "Unauthorized Cookie Access" vulnerability and will be available soon.

- Microsoft Knowledge Base article Q261257 discusses the "Malformed Component Attribute" vulnerability and will be available soon.

- Microsoft Knowledge Base (KB) article Q247333, Web Proxy Auto-Discovery "Spoofing" May Change Proxy Settings,
"SPOOFING"
http://www.microsoft.com/technet/support/kb.asp?ID=247333

- Microsoft TechNet Security web site,
"TECHNET SECURITY WEB SITE"
http://www.microsoft.com/technet/security/default.asp

Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at
"MICROSOFT TECHNICAL SUPPORT"
http://support.microsoft.com/support/contact/default.asp.

******************************************************

"UPDATE May 12th, 2000"

*****************************************************

WScript/Kak.worm

Several of our past alerts have stressed the importance of downloading the 4051 DAT security patch for Internet Explorer from Microsoft. The WScript/Kak.worm makes it a matter of the utmost importance. This is an Internet worm which uses ActiveX and Windows Scripting Host to propagate itself through email using MS Outlook.

At the present time, Avert gives this virus a risk assessment of "medium". Our polling procedures have caused us to issue our own risk assessment of "high". We believe and have evidence of the fact that this virus is spreading faster than was initially realized.

Follow this link to learn more about this virus and the security patch that you need to download in order to protect yourself.

"SECURITY PATCH"
http://vil.nai.com/villib/dispVirus.asp?virus_k=10509

******************************************************

"UPDATE ON LOVE BUG... May 9th, 2000"

The Love Bug story continues. Received from "Straight Talk Across the Fence"......

This malicious virus has already done more damage than the famous Melissa Virus. Why is it that so many people opened the initial attachment to the worm when normally they would not have done so? Simply because it sounded so innocent. Who wouldn't want to read a love letter sent to them by a friend? It was an easy mistake to make but certainly one we should learn from. Fortunately, many have learned form this experience as one reader wrote to us with the comment, "I don't care if an attachment appears to have come from my mother. I'm still not opening it until I find out for sure that she sent it." It was a tough lesson to learn but it is one well worth remembering.

We encountered problems caused by the Love bug everywhere we turned. All of our servers were either knocked down or slowed to a point that we couldn't get the alerts out quick enough. This didn't cause us major concern due to the fact that the worm was covered by what seemed to be every news service in the world. We received over 500 notices of it via e-mail from various sources so we were confident that most of our readers also had been inundated with notices about it's existence. It was rather frustrating to receive over 2000 e-mails from members asking us if the virus was real after we had issued our alerts. This was how we discovered the slow down it had already caused our servers. The main frustration we experienced (and this does not seem to have changed) is the amount of undeliverable mail that was returned to us. It seems many servers began immediate filtering to block any e-mail containing the word "love". With the mutations that have surfaced, these servers are now filtering out e-mail with the words "mother" and "joke" as well.

What these ISPs don't realize is that while this may effectively protect their customers from the virus, it also prevents them from receiving information about it as well. Not only that, but how can they justify stopping mail with the word "mother" at this time of year. And while love may surely be what makes the world go 'round, you surely won't hear any messages of love from these servers for a while.

Following is a small list of some of the better reports on this worm. Within these links, you will find it's history from beginning to present and even info on what to do if you were infected.

From Wired News May 4th
Now That Was A Nasty Worm
"NOW THAT WAS A NASTY WORM"
http://www.wired.com/news/technology/0,1282,36119,00.html

From Wired News May 5th
"Mother's Day Worm Worse?"
http://www.wired.com/news/technology/0,1282,36152,00.html

From ZDNET News May 5th
'Love' Bug Bites
http://www.zdnet.com/zdnn/special/lovebites.html

From Wired News May 6th
Love Bug: The Conspiracy
http://www.wired.com/news/culture/0,1284,36166,00.html

From Wired News May 8th
"Worm Suspect Arrested"
http://www.wired.com/news/technology/0,1282,36187,00.html

From CNN May 9th
" Philippine officials release computer virus suspect"
http://www.cnn.com/2000/TECH/computing/05/09/ilove.you/index.html

******************************************************

"UPDATE May 6th, 2000"

"Copy cats" are after you. Here is a list of variants to the ILOVEYOU virus published by McAfee . Look out for them, and new ones, too.

SUBJECT: "ILOVEYOU"
MESSAGE: "kindly check the attached LOVELETTER coming fromme."
ATTACHMENT: "LOVE-LETTER-FOR-YOU.TXT.vbs"

SUBJECT: "Virus ALERT!!!"
MESSAGE: A long message that pretends to be information from Symantec Corp. about VBS/LoveLetter.worm
ATTACHMENT: "protect.vbs"

SUBJECT: "Dangerous Virus Warning"
MESSAGE: "There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it."
ATTACHMENT: "virus_warning.jpg.vbs"

SUBJECT: "Joke"
MESSAGE: NONE
ATTACHMENT: "VeryFunny.vbs"

SUBJECT: "Important ! Read carefully !!"
MESSAGE: "Checked the attached IMPORTANT coming from me !"
ATTACHMENT: "IMPORTANT.TXT.vbs"

SUBJECT: "Mothers Day Order Confirmation"
MESSAGE: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day!
"ATTACHMENT: " mothersday.vbs"

SUBJECT: "Susitikim shi vakara kavos puodukui..."
MESSAGE: "kindly check the attached LOVELETTER coming fromme."
ATTACHMENT: "LOVE-LETTER-FOR-YOU.TXT.VBS"

*****************************************************

"STAR TREK SCREENSAVER!!" APRIL 9TH, 2000"

HLLT.Irok.10000

This virus was posted by Avert Research Center on March 29, 2000, with a risk assessment of medium. We have reported some of it's activity in that we have received the virus approximately 30 times from different members computers. Once again in slight disagreement with Avert, we feel the risk assessment should be raised to high.

Protect yourself. You may receive mail with an attachment even from someone you know with the subject line "I thought you might like to see this". If the message in the body of the e-mail is: "I thought you might like to see this. I got it from paramount pictures website. It's a startrek screen saver."

DO NOT OPEN THE ATTACHMENT! Delete it and then delete it from your deleted files if your mail program allows this.

For more info on this virus, Avert Research Center has it listed at

"AVERT VIRUS RESEARCH CENTER"
http://vil.nai.com/villib/dispVirus.asp?virus_k=98552

(Info received from Straight Talk Across the Fence)

 ***********************************************