UPDATED: VIRUS ALERT

[Jason Perlow]

Please do NOT open any emails from "management@egullet.com". This is a fake email address that some party is using to spam our membership and attempting to get them to open a Virus infected email attachment. If you get an email such as this, or anything similar, delete it immediately.

Hello user of Egullet.com  e-mail server,

Our  main mailing server will be temporary  unavaible for next  two days, to continue receiving mail in these days you have to configure our  free auto-forwarding service.

For  further details see the  attach.

For security reasons attached  file is password protected. The password is "51287".

Cheers,

     The  Egullet.com team                                http://www.egullet.com

If you have any doubts about the validity of any email you receive came from actual eGullet management or personnel, please contact us at our official email address at egulletteam at egullet.com. I can also be emailed directly at jason at egullet.com. You can also PM any member of eG management as well to inform us about this.

[Jason Perlow]

Updated: The virus in question, W32.Beagle.K@mm, is detailed here:

http://www.symantec.com/avcenter/venc/data...eagle.k@mm.html

[Jason Perlow]

In the wake of the receipt of the virus mentioned above by some eGullet users, the eGullet team would like to help battle some of the very understandable confusion many have developed during the recent rounds of mail-emailing viruses which have flooded the Internet in the past several months.

First, we'd like to put to rest any specific misunderstandings about the origin of this particular manifestation, as well as it's scope. The W32.Beagle.K@mm virus is not the most widespread of these mail emailer viruses at this point, but like most of the most recent breeds it is capable of some extremely targeted aggressive behavior when someone does become infected. Basically, as with most of this newest generation of viruses, it digs into a variety of places on an infected machine and pulls information to help itself spread. Anything on that machine which even remotely looks like an email address becomes an opportunity for it.

While this is indeed pretty bad news, the reason we want to be specific in explaining this point is to help ease any lingering fears that anything on the eGullet server itself is putting you in danger. The eGullet email server which we use for internal and external correspondence with members and for sending PM notifications is screened with very sophisticted Linux antivirus software from Kaspersky Labs (click for link) and it is updated with the latest definitions on an hourly basis - so you can be assured that no viruses are ever being passed thru our server and they are removed from the system instantaneously if anyone at eGullet tries to send a virus-infected email.

If you've been one of the unfortunate few who have received one of these emails, and it's seemed to come from eGullet management, it's simply a consequence of the fact that at some time, in some place, someone who got infected had an eGullet email address in their browser cache, their Windows address book, a text file, possibly almost anywhere on their PC, and perhaps that person may have also had your email address as well. If you sign your posts with your email address, for example, and it's kept in someone's browser cache, that alone may have been all that was required.

With some viruses it might even be enough for two totally separate people to get the virus--one having some reference to some eGullet address and one to you--since some of these viruses have been culling email addresses and sending them off to various places around the Internet.

Anyway, the net result of this is that while it's possible you may get one of these emails, it's more than likely that most of you won't. The clever references which try and make it seem "official" (the reference to the "eGullet Team" for example) are part of a formula that the hacker who wrote this figured out--clever enough that our OWN official emails do tend to use very similar language, as do that of many websites.

Something else we'd like to reinforce is that no matter how many of these bogus emails you receive, no matter which virus variant, it's pretty hard to get infected if you adopt a standard policy of not viewing or opening file attachments, except in cases where you have specific knowledge ahead of time that the attachment was coming. You may get hundreds of these emails a day--from MyDoom or Beagle or NetSky or whatever the virus flavor of the day is--but the same basic precautions usually apply, and the number you receive has much more to do with how many people on the Internet in general have been infected than anything having to do with your specific machine.

More basic precautions:

-If you aren't already doing so, consider switching to a web-based email solution like Yahoo or Hotmail. While it's still possible to receive infected emails through one of these accounts, there are extra levels of protection in place because of their own aggressive anti-virus strategies, as well the fact that it's much more difficult for viruses to pick up email addresses from a web client than one which stores addresses on your local PC. Despite almost constant patching, the native Windows Address Book, Outlook, Eudora and similar email products have all been compromised for years, and most viruses have no trouble "cracking" them.

-Update your antivirus definitions. Constantly. But don't "trust" them to handle things. Visit the sites of competing antivirus vendors regularly to make sure that the definitions for your product aren't "late".

--If you see what appears to be an infected message in your email client... don't panic--especially if it doesn't appear to have an attachment. One of the most disastrous results of these latest viruses is that once your email address has been "spoofed" from someone who is infected, often there are hundreds of emails being sent out FROM SOMEONE ELSE'S MACHINE as if they were coming from you. So, as a result YOU may get several hundred responses back from email servers which have detected the virus and are assuming it came from YOU. So a lot of the suspicious email you may (or may not) be seeing now might only be these notifications--further results of someone else being infected. What do you do with them? Delete them, just like any actual infected email you might be receiving. These are usually automated responses, and unless you can do the impossible and find out what infected person is STILL sending out emails as if they were you (and probably as a few hundred other people alternately), there isn't much you can do.

In the end, these viruses are nothing but a new more exotic form of terrorism--perhaps motivated differently but equally intent on creating an atmosphere of fear and crippling distrust. We'd like you all to know that on our end, the eGullet team is serious about protecting our own resources, as well as doing whatever we can to battle that fear and distrust with the power of accurate information.