Disklavier

Set forth on a Website (http:_______________), which shall display a map to the Event site, the Event site layout with respect to the services to be provided by Pic-A-Chic Farms, the list of games, the list of menu items and pictures.� Client shall have the right to review and revise the contents of this Website prior to the display of the same on the World Wide Web.� Pic-A-Chic Farms agrees that the final Website shall be completed and available for display thirty (30) days prior to the Event.
To Post a message to the group, send it to:�� disklavier@...

To Post a private message to Todd Muncy, the group's founder and moderator, send it to:
disklavier-owner@...

To reach our group's web site go to:
http://Yahoogroups.com/group/disklavier

Todd's family web site was completely rewritten in June 2001 and contains some fun disklavier content and links to midi sites among other things, The url is:
http://MuncyFamily.com

THINKING OF LEAVING THE GROUP?
If you are thinking of unsubcribing because you are getting too much mail, go the the web site and change your email delivery option instead.� That will fix the problem, while maintaining your access to the group.� If you insist on leaving us completely send a blank email to:
disklavier-unsubscribe@...

Know someone who wants to join?� Have them send a blank email to:
disklavier-subscribe@... or give them this link:
http://Yahoogroups.com/group/disklavier/join
�

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

----- Original Message -----

From: John Burton

To: disklavier@yahoogroups.com

Sent: Wednesday, July 18, 2001 3:21 AM

Subject: VIRUS VIRUS Re: [disklavier] Farms agrees to

CAUTION - CAUTION -

The following message had an attachment that contained a VIRUS.

McAfee virus scanner called it the W32/Magistr@MM virus.


At 08:10 PM 17/07/2001 -0500, you wrote:

Set forth on a Website (http:_______________), which shall display a map to the Event site, the Event site layout with respect to the services to be provided by Pic-A-Chic Farms, the list of games, the list of menu items and pictures. Client shall have the right to review and revise the contents of this Website prior to the display of the same on the World Wide Web. Pic-A-Chic Farms agrees that the final Website shall be completed and available for display thirty (30) days prior to the Event.
To Post a message to the group, send it to: disklavier@...

To Post a private message to Todd Muncy, the group's founder and moderator, send it to:
disklavier-owner@...

To reach our group's web site go to:
http://Yahoogroups.com/group/disklavier

Todd's family web site was completely rewritten in June 2001 and contains some fun disklavier content and links to midi sites among other things, The url is:
http://MuncyFamily.com

THINKING OF LEAVING THE GROUP?
If you are thinking of unsubcribing because you are getting too much mail, go the the web site and change your email delivery option instead. That will fix the problem, while maintaining your access to the group. If you insist on leaving us completely send a blank email to:
disklavier-unsubscribe@...

Know someone who wants to join? Have them send a blank email to:
disklavier-subscribe@... or give them this link:
http://Yahoogroups.com/group/disklavier/join


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Virus Characteristics
W32/Magistr@MM is a combination of a files infector virus and e-mail worm.
-The viral code infects 32 bit PE type files (.exe) files in the WINDOWS directory and subdirectories.
-The worm part is using mass mailing techniques to send itself to email addresses stored in several places. The worm installs itself to run at each system startup.
Five minutes after the virus is run, it attempts a mailing routine. Email addresses are gathered from the Windows Address Book, Outlook Express mailboxes, and Netscape mailboxes (address found in the email messages within existing mailboxes are gathered), and these file locations and addresses are saved to a hidden .DAT file somewhere on the hard disk (varies). The messages sent by the worm contain varying subject headings, body text, and attachments. The body of the message is derived from the contents of other files on the victim's computer. It may send more than one attachment and may include non .EXE or non-viral files along with an infectious .EXE file.
The virus proceeds by infecting 32 bit PE (Portable Executable) type .EXE files found in the WINDOWS SYSTEM directory and subdirectories. The viral code is encrypted, polymorphic, and uses anti-debugging techniques to make it difficult detected. Email addresses have been seen encrypted in infected files. These addresses are believed to represent other users that have also been infected from the same point of origin.
In the decrypted body of the virus code, the following comments exist:
ARF! ARF! I GOT YOU! v1rus: Judges Disemboweler.
by: The Judges Disemboweler.
written in Malmo (Sweden)
W32/Magistr@MM has a payload routine that on some systems may result in cmos/bios info being erased as well as destroying sectors on the hard disk.
Symptoms
- Increase in size in .EXE files (adds 24Kb or more)
- Infected files use a modified access date of the time of the infection
- Presence of a newly created .DAT file containing email addresses (representing those users which were sent the virus)
-Entry in WIN.INI RUN=(App)
-Entry in Registry, run key value:
HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\AppName (varies)=C:\WINDOWS\SYSTEM\(App).EXE (varies)
Method Of Infection
This worm which arrives as an .EXE file with varying filenames. Executing this attachment infects your machine which is used to propagate the virus.
When first run, the virus may copy one .EXE file in the WINDOWS or WINDOWS SYSTEM directory using the same name with an altered last character.
For example, CFGWIZ32.EXE becomes CFGWIZ31.EXE, PSTORES.EXE becomes PSTORER.EXE, etc.
(this naming convention seems to be consistent where the last character of the filename is decreased by a factor of 1)
This copy is then infected and a WIN.INI entry, or a registry run key value may be created, to execute this infected file upon system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
CFGWIZ31=C:\WINDOWS\SYSTEM\CFGWZ31.EXE
This copied executable infects other PE .EXE files in the SYSTEM directory and subdirectories, when run. It also infects over open network shares.
This virus will create a .DAT file on the local file system which contains strings of the files used to grab email address from (.dbx, .mbx, .wab), and also strings of email addresses which will be used as a target list. The .DAT file will be named after the machine name, but in an offset method. For instance, here is a corresponding list of letter equivalents used:






To Post a message to the group, send it to: disklavier@YahooGroups.com

To Post a private message to Todd Muncy, the group's founder and moderator, send it to:
disklavier-owner@...

To reach our group's web site go to:
http://Yahoogroups.com/group/disklavier

Todd's family web site was completely rewritten in June 2001 and contains some fun disklavier content and links to midi sites among other things, The url is:
http://MuncyFamily.com

THINKING OF LEAVING THE GROUP?
If you are thinking of unsubcribing because you are getting too much mail, go the the web site and change your email delivery option instead. That will fix the problem, while maintaining your access to the group. If you insist on leaving us completely send a blank email to:
disklavier-unsubscribe@...

Know someone who wants to join? Have them send a blank email to:
disklavier-subscribe@... or give them this link:
http://Yahoogroups.com/group/disklavier/join


Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.