We recently had an encounter with the "Badtrans" Worm:
Detailed info is also available on the Symantec AntiVirus Research Center (SARC)
W32.Badtrans.13312@mm is a MAPI worm that replies to all unread mails in your email message folders, and drops a backdoor Trojan.
Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
Payload: Large scale e-mailing: It replies to all unread messages in the message folders within the default MAPI email program. Compromises security settings: It drops a backdoor Trojan.Technical description:
When the worm is executed, it drops the backdoor Trojan Hkk32.exe in the \Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message:
[/avcenter/graphics/w32.badtrans.13312@mm.gif]
The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm will attach itself to the email, using one of the following file names:
Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr (the one we got - JC) Humor.TXT.pif fun.pif
Fortunately, we had just updated our NORTON AV and it caught it as soon as the e-mail loaded, quarantining it before it could be opened. And I concur with above admonitions of caution whenever dealing with "attachments"!
As to "Outlook Express", I DELETED it, and use Eudora exclusively. Some Tech support people tipped us off that Eudora uses a non- MS based "code" and is nearly "immune" to the vast majority of e-mail based infections.
There were rumors of a major "hack attack" from China this Month intended to disrupt the U.S. internet... but as of today it seems not to have materialized.
"Cyber-terrorizim" may become an issue to be seriously reckoned with at some point.