The BEST and KINDEST thing you can do for your friends in NOT to use
Microsoft email clients.  (Microsoft Exchange / OutLook.)  MOST of the
viri
and worms that exploit the Address Book do so using Microsoft's
"integrated"
Office suite.  They do this using Visual Basic Script.  Because MS
Office is
integated using VBS, the "advantages" to the integrated-ness of the
suite of
products marketed under Office are exploited.  This exploitation allows
the
virus / worm "author" to take advantage of the MS OutLook / Exchange
Address
Book.

Also, MS OutLook / Exchange has a cute little "feature" that AutoLoads
the
application an attachment requires whenever you pull up a message,
whether
in Preview or Read mode.  The application is AutoRun in the background
to
allow OutLook / Exchange to draw that cute / useless little "thumbnail"
of
the attachment.  Well, when this happens, the VBS that "drops" the
"payload"
of the virus / worm into the VBS of the application is activated.
BOOM!!!
You are infected and then, every person in your MS OutLook / Exchange
Address Book is vulnerable to infection the very next time you launch
the
now infected Office app..

This works in the following way.  The Payload Drop portion of the VBS is
part of the AutoOpen part of the VBS in the attachment.  This is run
whenever the attachment is launched, in foreground OR background mode.
THIS
then rewrites the VBS in the application that was launched by the
infected
attachment.  Usually the Save or SaveAs procedures of the VBS in the
application, such as MS Word, is rewritten.  THIS actually releases the
payload on to YOUR machine AND sends it out to all in your MS Address
Book.
(And then you have REALLY MAD friends / co-workers / relations.)

The BEST defense is to use a NON-MS email client.  I, personally use
Netscape Mail.  I have NOT been infected by a worm or virus of the VBS
variety, never mind infected everyone in my Address Book.  Two reasons.
First, Netscape Mail does NOT AutoLaad the registered application for
the
extension type of the attachment.  (I have to make the CONCSIOUS
DECISION to
click on the attachment for it to launch any app.  And even then, it
usually
asks me if I REALLY want to do that.)  Second, Netscape Mail does NOT
use
the MS OutLook / Exchange Address Book format, so if I DID become
infected,
the virus / worm could NOT sent itself out to everyone I know.  (Happy
friends / co-workers / relatives.  At least blissfully UN-infected
ones.)

Now, I am somewhat of a Microsoft Hater.  But, this has NOT colored the
facts I have stated above.  I have read a great deal about the "anatomy"
of
a VB Script Virus / Worm in "trade rags".  And all the VBS "experts" say
the
SAME thing.  The "integration" of the Microsoft Office products is the
BEST
thing to happen for virus / worm authors.  It and the ease of writing
VBS
has made it WAY too easy for them to release some NASTY stuff that
spreads
VERY quickly.  (Some of us have HUGE address books.  We get on a couple
of
lists and the number of potential infected goes up astronomically.)  The
best defense is a good offense.  And knowledge is power.

Mary Blanton  (Blisssfully UN-infected for almost 3 YEARS!!!)

Fitzgerald-pisp wrote:

> Here's a computer trick that's really ingenious in
> its simplicity. As you may know, when/if a worm
> virus gets into your computer it heads straight for
> your email address book and sends itself to
> everyone in there, thus infecting all your friends
> and associates. This trick won't keep the virus
> from getting into your computer, but it will stop it
> from using your address book to spread further,
> and it will alert you to the fact that the worm has
> gotten into your system.
>
> Here's what you do
>
> 1) first, open your address book and click on
> "new contact" just as you would do if you were
> adding a new friend to your list of email addresses.
>
> 2) In the window where you would type your
>  friend's first name, type in !000 (that's an
> exclamation mark followed by 3 zeros).
>
> 3) In the window below where it prompts you to
> enter the new email address, type in WormAlert.
>
> 4) Complete everything by clicking add, enter, ok, etc.
>
> Now, here's what you've done and why it works:
>  the "name" !000 will be placed at the top of your
> address book as entry #1. This will be where
> the worm will start in an effort to send itself to all
> your friends.
> But when it tries to send itself to !000, it will be undeliverable
> because of the phony email address
> you entered (WormAlert). If the first attempt
> fails (which it will because of the phony address),
> the worm goes no further and your friends will
> not be infected.
>
> Here's the *** second great advantage *** of
> this method: if an email cannot be delivered, you
> will be notified of this in your InBox almost
> immediately.  Hence, if you ever get an email
> telling you that an email addressed to
> WormAlert could not be delivered, you know
> right away that you have the worm virus in
> your system. You can then take steps to
> get rid of it!
>
> Pretty slick.
> (I sent my cc to my [Modified] Worm Stomper
> - works fine!)
>
> I thought this might be of interest to everyone, just in case.
> Willie
>
> VICUG-L is the Visually Impaired Computer User Group List.
> To join or leave the list, send a message to
> [log in to unmask]  In the body of the message, simply type
> "subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
>  VICUG-L is archived on the World Wide Web at
> http://maelstrom.stjohns.edu/archives/vicug-l.html


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html