I was looking for Judy Tenuta info on the 'Net...
November 17, 2001 3:15 AM   Subscribe

Okay perhaps I'm just late to the party, but this is a first for me. Just going to the front page of a website, I suddenly get a message from my antivirus software saying that a virus was found attempting to infiltrate my computer, just going to a website? It didn't infect my computer thankfully, because I recently updated my DAT file on my Macaffee, but dayam! Is there something I should know about? Is there some way I can report this mofo?

I'm assuming judytenuta.com is not owned by Judy Tenuta, although come to think of it she's the sort of person who might find this amusing in some sick way. What if someone came across this who's not protected? I guess I'm just hoping someone out there would know what to do to get this website shut down. Any ideas?
posted by ZachsMind at 3:20 AM on November 17, 2001

What kind of virus did your antivirus software say it detected? Didn't it supply a name? It wasn't a joke? (She's a comedian, right?)

Anyway, this site says the owner of judytenuta.com is:

judytenuta.com
Request: judytenuta.com
Tenuta, Judy
13454 Contour Drive
Sherman Oaks, CA 91423
US

Domain Name: JUDYTENUTA.COM

Administrative Contact:
Judy Tenuta galaxica@pacbell.net
-
13454 Contour Drive
Sherman Oaks, CA 91423
US
Phone- 818 981-3556
Fax- 818 981-3552
Technical Contact:
Internet Advisors yourhost@Internet-Advisors.com
Internet Advisors Consultancy
P.O. Box 61544
Potomac, MD 20854
US
Phone- (301)738 - 8784
Fax-

Record updated on 2000-01-27 00:00:00.
Record created on 2000-01-27.
Record expires on 2002-01-27.
Database last updated on 2001-11-17 06:04:46 EST.

Domain servers in listed order:

NS1.RACKSHACK.NET 207.218.223.132
NS2.RACKSHACK.NET 207.218.223.162

So you could contact the owner, if the information above is real and you are that interested in the problem.
posted by pracowity at 3:47 AM on November 17, 2001

According to whois, judytenuta.com is owned by Judy Tenuta.
But I don't think it's malice. Blame Nimda instead.

Moral: if you use Windows (the majority of viruses and worms are targeted against Windows) and run a web server, don't surf with the Administrator account. And install those service packs.
posted by ikalliom at 3:53 AM on November 17, 2001

Zach, get all the patches for IE. Looks like you're not patched for this. It made the rounds a couple months ago.
posted by skallas at 3:56 AM on November 17, 2001

I didn't memorize the name of the virus. I saw the little crawlie graphic which pops up when McAfee catches a virus and I looked for the "delete" button. I would go back, but I don't like tempting fate twice in a row. ...Well MacAffee caught it once before. It should be safe to do... *shiver*

Okay this is what McAfee's VShield said:

"Downloaded file: C:\WINDOWS\...\JUDYTENUTA[1].HTM
Virus Name: W32/NIMDA.htm

Also a separate window pops up saying that "www.judytenuta.com/video/judyfp2.rm" can't download because "unable to establish connection with server."

I'll go ahead and write to the addresses you just provided and report it that way. I didn't think to go to internic.net to look up the domain name. DUH! I'm stoopid. Thanks for your help, Pracowity....

Woah wait. I just saw other responsed just before posting this. Should I report it to them, or do you think they already know about it?

I'll go ahead and look for more IE patches from microsoft.com. I thought I got everything, but there might be more stuff since the last time I went there. It's been awhile.
posted by ZachsMind at 4:06 AM on November 17, 2001

Just emailed galaxica@pacbell.net and yourhost@Internet-Advisors.com with the error message information. Also just installed the proper patch for my MSIE version from microsoft.com. Thanks gang. =) Guess I am late to the party. It appears the patches were made back in late May. Who knows though maybe there's some MeFi lurker out there who might read this and didn't know either. *shrug*
posted by ZachsMind at 4:25 AM on November 17, 2001

Hmmm. I use NN6.1 and it provoked Norton AV, so it's not just an IE thing.
posted by andrew cooke at 4:27 AM on November 17, 2001

At the bottom of the main page of judytenuta.com, the site uses Javascript to load the file readme.eml in a separate pop-up window. That file is an Outlook Express file that can infect Windows computers with the Nimda worm (if they haven't been patched and still have Outlook Express installed). This CERT advisory describes the worm.
posted by rcade at 4:36 AM on November 17, 2001

I wonder if this has anything to do with the fact that yesterday I activated Outlook Express for the first time. I usually use Yahoo Mail because I like how Yahoo has its own anti-virus securities built-in, but when something went wrong with my Yahoo Password, Outlook Express was the only way I could get to my "actual" email address with my ISP. The address I only use for emergencies like that.

Having never activated Outlook Express before yesterday, was my machine 'immune' to this worm until then? If not, it just seems kinda weirdly coincidental.
posted by ZachsMind at 5:12 AM on November 17, 2001

That happened to me on the dancing paul website -- I got a newsletter saying he was doing a whole lot of new stuff (more dancing, i guess), and to check it out. I click - and Norton pops up telling me Nimda was trying to infect. I emailed both the newsletter admin and dancing paul about it -- niether of which responded, ungrateful bastards!
posted by Hankins at 6:11 AM on November 17, 2001

I wonder if this has anything to do with the fact that yesterday I activated Outlook Express for the first time.

No, it has to do with your security settings in IE. You can defeat a good deal of web annoyances (pop-ups, browser hijacking, virus attacks, etc.) by disabling javascript by default.

For your favorite sites that require javascript, simply add them to your "trusted sites" list, assuming of course that you actually do trust them.
posted by johnnyace at 6:19 AM on November 17, 2001

hrm, it seems to be fixed now, I didn't get any popups, and I didnt find any script tags either.
posted by delmoi at 6:44 AM on November 17, 2001

And all this just because you wanted to hear a bitch with an accordion schreech insults at you...
posted by ColdChef at 6:53 AM on November 17, 2001

Hey. I'm her helpless little studsicle. Judy has me under her thrall. What can I say? *shrug* But if her website ever tries to infect me again, I'll stuff a microphone down her throat.

Saw her perform live once. She's amazing. She's one of the funniest women in America.
posted by ZachsMind at 7:07 AM on November 17, 2001

That statement is an insult to America's women.
posted by crunchland at 7:11 AM on November 17, 2001

She was on the late (sorely missed) comedyworld.com once and I asked her why she and Weird Al never performed "Dualing Accordians". She told me to stop hanging out in InterNet IRC rooms and find a girlfriend I didn't have to download.

She's a goddess.
posted by RavinDave at 7:15 AM on November 17, 2001

Judy!
One of the more frightening things I've ever heard is that she was dating Emo Phillips for a while. What would the children look like?
posted by Su at 9:15 AM on November 17, 2001

Actually, if you look up Emo Phillips these days, he's cut his hair short and looks a little like the modern-day Ray Manzarek. So the kids wouldn't be that freakish.
posted by Big Fat Tycoon at 9:58 AM on November 17, 2001

"My girlfriend always laughs during sex no matter what she's reading." - Emo Philips

Rumor has it that they are, or were, married rather than just dating. As to what the children would look like, you really have to wonder what the children would act like.
posted by bragadocchio at 10:09 AM on November 17, 2001

Got the same virus after downloading and installing HP's Instant Support application. Seems they picked it up from InstallShield. I reported it, and they replied they also noticed it and have disabled the dowload page.
posted by hockeyman at 12:11 PM on November 17, 2001