This page will serve as a continuing collection of serious or widespread viruses, Trojan horses and other computer security concerns.  The only items detailed here are those which we deem may have a significant impact on a large number of customers or our service.  We will not post notices for every virus, and you may be infected by a malicious item which is not mentioned here.

    Many virus warnings you receive may actually be hoaxes.  For help in finding if a warning is legitimate, visit Hoaxbusters.  Also, see some other sites on Virus Hoaxes.

    Runestone and REA-ALP Internet Services provide the Postini e-mail filtering service.  The primary function of this service is to prevent "junk" e-mail from reaching your computer.  Postini also scans for e-mail containing viruses.  Runestone and REA-ALP are scanning for certain virus activity sent to customers not using Postini.  We are not catching all viruses, and can make no guarantee that we will.  

    Runestone Internet Services is filtering these viruses from our mailboxes to reduce the likelihood that our customers will become infected.  Customers not using Postini may still receive viruses we do not scan for, or variations of the viruses we do scan for.  If you are using Hotmail or another web based e-mail account your e-mail messages are not filtered by our server.  You should not rely on these services as your only virus protection; we highly recommend that you obtain one of the Anti-Virus programs listed below.  

If you have any questions or think you may be infected with one of the above viruses please feel free to contact our office. 
 

How do I protect myself?

1. Anti-Virus Program
   To protect against viruses and other security concerns, Runestone Internet Services recommends that you have a current version of an anti-virus program installed on your computer.  There are many such programs to choose from, including those listed below.
    

   Symantec Norton Anti-Virus	updates available here
   McAfee Anti-Virus	updates available here
   VET Anti-Virus	updates available here
   Sophos Anti-Virus	updates available here
   F-Secure	updates available here
   Command Anti-Virus	updates available here
   AVG Anti-Virus	updates available here

   
   
   • It is very important that you regularly update the virus "definition" files to ensure the best protection; once or twice a month should be adequate.  If the anti-virus program does not have a current definition for a particular virus, it cannot protect against it.  You can check the manual that came with the anti-virus program, or contact the computer or software manufacturer for instructions on how to perform this update.  
      
2. Windows Update
   Many viruses exploit security flaws or vulnerabilities in programs.  Microsoft programs (versions of Windows, Word, Excel, etc) are a popular target.  You can prevent your system being infected by this type of virus by regularly downloading patches and upgrades to your programs.  Updates for Windows and other Microsoft programs can be obtained at WindowsUpdate.  We recommend you check for Microsoft updates at least every two weeks.
    
3. Attachment handling
   Having an anti-virus program installed on your computer does not mean that it is immune to infection.  You should always practice safe computing.  This includes always exercising caution when handling ALL email attachments.  We recommend that you do not open any attachments of which you have no prior knowledge.  If you have any questions about an attachment, email or call the sender to verify the contents. 
   
   Using care when handling attachments is important even if the message and attachment seems to come from someone you know well.  If you are in the address book of someone whose computer becomes infected by certain types of worms or viruses, including most new viruses discovered in the past couple of years, you may receive the virus e-mailed from them.  In addition, many viruses are now forging the "From:" information on the infected e-mail sent to the addresses it find on the infected computer.  In other words, you may receive a virus sent from one person's computer but showing that it was sent by someone else.  Some people have received a virus e-mailed from another computer but showing that it cam from their own address. 
   
   If you receive an attachment from someone you don't know, we recommend deleting it immediately. 
   
   You should also save ALL attachments as a file on your computer, regardless of who they are from, and individually scan the file with an anti-virus program before you open or view it.
   
   
4. Postini
   As mentioned at the beginning of this page, Runestone and REA-ALP Internet services offers a service which is able to intercept viruses before they reach your computer.  You should not rely on this as your only virus protection as some viruses spread through means other than email.  For example, the Blaster worm discovered August 11 did not spread through email so Postini was not able to capture it.  However, people who had run WindowsUpdate within the previous three weeks had a patch that prevented the worm from infecting their computer.

Virus Hoaxes

    There are many warnings spreading by email about computer "viruses", and other non-computer dangers to watch out for.  Many of these are hoaxes that should not be taken seriously.  For more information on how to spot virus hoaxes and urban legends, refer to the sources listed below.  If you receive an email warning you of a dangerous new virus, or real-world danger, please check the sites below before forwarding the message to anyone.

Hoaxbusters - from the US Department of Energy

About.com - How to Spot an Email Hoax

About.com - Net Hoaxes & Rumors

Symantec Anti-Virus Research Center - Virus Hoaxes

Do not regard the following list as a complete accounting of the security concerns you need to guard against.  The items listed here are those which have either affected our system or a large number of customers computers. 

1/22/04 - Trojan.Downloader.Inor

The currently spreading version of this virus attempts to fool you with a fake "billing notice" from your Internet provider.
These e-mail are not legitimate!  Do not open the file if you receive this e-mail. 

The virus infected e-mail would resemble the following (including the typos.)  REA-ALP customers may receive similar e-mail with 'rea-alp.com' in the place of 'runestone.net'.

Date: Wed, 21 Jan 2004 19:02:06 -0500
From: Alecia <Josiexayqnuqah@arntzbuilders.com>
To: user@runestone.net
Cc: otheruser@runestone.net
Subject: Billing Notice From runestone.net 's Accounting Dpt

*** runestone.net 's accounting dpt notice *** Internet Billing Notice Please press "open" and read the attached Billing Notice.

Note if you do not read this withing 24 hours we at runestone.net regret we will have to terminate internet service.

Visit Symantec or McAfee for more information on this virus.

8/12/03 - Blaster Worm

    See our prevention and removal tips for the Blaster Worm.

1/31/03 - Xupiter Internet Explorer Toolbar

    While not technically a virus, we have had troubles with this piece of software.  If the software does not work or install correctly, you may be unable to access web sites.  For more information on this item, see this news report from the BBC.

    To remove Xupiter, you will need to use a program such as Lavasoft's Ad-Aware or Spybot Search and Destroy.  It is a good idea to scan your computer with these products every few weeks.  They will identify and remove products which present advertising while you are using the Internet and may expose your computer to security vulnerabilities.

11/23/01 - BadTrans - W32.Badtrans@mm (Variants A & B)

    This is a "worm" virus which contains a "Trojan Horse" component.

    Variant A - will be a reply to a message you sent to an infected user.  The reply will contain an attachment and the text "Take a look to the attachment."
    This version includes a "trojan horse" program which allows "backdoor" access to your computer and files.

    Variant B - will reach you through finding your address on a message in the infected user's 'Inbox'.  The message will usually contain no text and a single attachment.  
    This version includes a "trojan horse" program which will attempt to gather your Internet passwords and email them to the virus author.
    A removal tool for this version can be downloaded from Symantec

See Symantec (Versions A or B) or McAfee for more information.

07/17/01 - W32.Sircam.Worm@mm (Sircam)

    This is a high risk virus that is spread to email recipients found in the Windows Address Book and addresses found in cached files. The infected email can come from addresses that you recognize. Attached is a file with two different extensions. The file name itself varies.
Symantec has a removal tool which can be downloaded here.
See Symantec or McAfee for more information about this virus.

11/30/00- Snow White - W32.Hybris.gen Virus

    This worm arrives as a joke, it attaches itself to every e-mail you send, infecting whoever you send e-mail to.  See Symantec or McAfee for details.

06/19/00 - LifeStages Worm (VBS_Stages.A)

    The worm arrives disguised as a joke, does some minimal but serious damage and sends itself to everyone in an Outlook address book.  See Symantec or McAfee for details.  (A full write-up by RIS will not be done unless this becomes more serious.)

05/18/00 - NewLove (VBS.NewLove.A)

    An entirely new virus that behaves much like a more deadly 'LoveLetter'.  Click here for details.

05/04/00 - LoveLetter (VBS.LoveLetter.A)

    A brand new, damaging, and swiftly spreading email worm.  Click here for details.

11/23/99 - Prilissa (W97M.Prilissa.A)

    This new variation of the Melissa virus of several months ago is set to release on Christmas day.  The virus will arrive attached to an email as a Microsoft Word document infected with a 'macro' type virus.  The virus spreads by immediately emailing itself to the first 50 addresses in an infected machines Microsoft Outlook address book.  It will infect in Word documents opened or created after this time.  The first time the computer is started after December 25, the virus will overwrite system files and attempts to format the hard drive.  An update to any major Anti-Virus software package should protect against infection.  For more information, refer to the following:

Symantec Anti-Virus Center

McAfee Anti-Virus

11/10/99 - BubbleBoy (VBS.BUBBLEBOY)

    Despite the media hullabaloo, the chance of receiving BubbleBoy is actually quite small.  In fact, no one has actually reported the virus "in the wild."  It's significance is it's method of infection.  This 'worm' will affect Windows 98, Windows 200, and Windows 95 under certain conditions.  Once the machine has infected, the 'worm' will send itself to everyone in a Microsoft Outlook address book.  As far as we know, the worm does not cause any damage to an infected computer, it's only purpose is to propagate by spreading to other computers.  To protect yourself from BubbleBoy, get a virus definition update for your Anti-Virus software, and apply the Microsoft patch indicated below.  You may also visit these sites for more information.

Microsoft BubbleBoy information

Microsoft BubbleBoy patch

Symantec Anti-Virus Center

McAfee Anti-Virus

8/19/99 - W32.KRIZ

    A new virus, W32.KRIZ.3740 or Win32.KRIZ, has been discovered.  This virus is programmed to run on Christmas day and could very seriously damage your computer.  The anti-virus programs mentioned above offer protection from this virus.  For more information on this virus, visit one of the following sites:

Symantec Anti-Virus Center

ZDNN Tech News Now

8/19/99 - Happy99

    The Happy99 worm has infected many of our customers.  This is not actually a destructive program, but is very annoying.  It is fairly easy to remove.  For more information, visit our Happy99 Information page.  Symantec has also developed a program to eradicate this worm from an infected machine.  You may download that program from the Symantec site at: ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/fixhappy.exe

This document was last updated on  Thursday, January 22, 2004, at 07:12 PM