Just to support Dick's alert, I have had a few responses to the message I
put up over the weekend which contained the following
"An attempt has been made to send a file called unknown into BT's e-mail
system, to ......... , which was infected with the 32/Badtrans.eml (ED)
virus. This virus has been Cleaned "
Unfortunately, in cleaning the virus the system completely wiped the
message, which is irritating for both sender and recipient. Still, better
to be virus free.
David Hay
-----Original Message-----
From: Dick Sargent
To: [log in to unmask]
Sent: 12/3/01 2:52 PM
Subject: Virus alert
Will members please be on the alert. A new virus Badtrans.B is currently
circulating. I am grateful to Richard Bond for forwarding this advice
from Chris Meaney.
several list members have infected systems, which upon receiving a mail
from the JISCMAIL service have allowed the virus to extract e-mail
addresses and sent out virused e-mails without their owners knowledge.
The point is that there is a very high chance that other list members
may have received infected e-mails from these people too. I therefore
felt it important to raise it on these mail-lists. Luckily, my
anti-virus package scans e-mails and identified them/stopped them before
my machine could become infected. This virus is dangerous as it is very
infectious/widespread and it installs a programme that captures and
transmits keystrokes, which could include passwords and credit card
numbers. It is also dangerous as you do not have to even open it for it
to infect your machine - apparently just having it appear in your
Outlook or Outlook Express in-box is enough to infect your machine.
No need to panic, but as I have said, given that I know that three list
members have been infected, you should take great care and ensure that
you virus scan your machine with reputable, up to date antivirus
software.
Details of the virus follow at the end of this e-mail.
Regards
Chris Meaney (AIMC)
Managing Director
=======================================================================
> > Harvard Consultancy Services Ltd, Bexin House, 2/3 St. Andrews Place
> > Southover Road, Lewes, East Sussex, BN7 1UP
> > Tel: 01273 897517, Fax: 01273 471929, E-Mail: [log in to unmask]
<mailto:[log in to unmask]>
> >
> > Registered in England & Wales no. 3766540
> > Registered Office: 50 Harvard Close, Malling, Lewes, East Sussex,
BN7
2EJ.
> >
=======================================================================
=
This worm arrives as an email with one of several attachment names and a
combination of two appended extensions. The list of possible file names
is:
> > HUMOR
> > DOCS
> > S3MSONG
> > ME_NUDE
> > CARD
> > SEARCHURL
> > YOU_ARE_FAT!
> > NEWS_DOC
> > IMAGES
> > PICS
> >
The first extension that is appended to the file name is one of the
following:
> > .DOC
> > .MP3
> > .ZIP
> >
The second extension that is appended to the file name is one of the
following:
> > .pif
> > .scr
The resulting file name would look something like this:
> > CARD.DOC.PIF
> > NEWS_DOC.MP3.SCR
> > etc.
> >
Users should not open any emails with an attachment that matches the
names listed above. Any email that has such an attachment should be
deleted
> >
HOW TO REMOVE/AVOID IT:
Use up to date anti-virus software.
For details on this and manual removal techniques, see also:
> >
> > McAfee antivirus site:
http://vil.mcafee.com/dispVirus.asp?virus_k=99069
<http://vil.mcafee.com/dispVirus.asp?virus_k=99069> &
> >
> > Sophos antivirus site:
> > http://www.sophos.com/virusinfo/analyses/w32badtransb.html
<http://www.sophos.com/virusinfo/analyses/w32badtransb.html>
> >
> > Symantec Anti-virus page:
> > [log in to unmask]" target="_blank">http:[log in to unmask]
<[log in to unmask]" target="_blank">http:[log in to unmask]>
> >
> > Microsoft page on how to avoid this virus:
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/>
> > bulletin/MS01-020.asp
------------------------------------------------------------
Dick Sargent
|