W32.Badtrans.13312@mm is a MAPI worm that replies to all unread mails in your email message folders, and drops a backdoor Trojan.

Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
Payload: Large scale e-mailing: It replies to all unread messages in the message folders within the default MAPI email program. Compromises security settings: It drops a backdoor Trojan.

Technical description:

When the worm is executed, it drops the backdoor Trojan Hkk32.exe in the \Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message:

[/avcenter/graphics/w32.badtrans.13312@mm.gif]

The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm will attach itself to the email, using one of the following file names:

Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr (the one we got - JC) Humor.TXT.pif fun.pif

Fortunately, we had just updated our NORTON AV and it caught it as soon as the e-mail loaded, quarantining it before it could be opened. And I concur with above admonitions of caution whenever dealing with "attachments"!

As to "Outlook Express", I DELETED it, and use Eudora exclusively. Some Tech support people tipped us off that Eudora uses a non- MS based "code" and is nearly "immune" to the vast majority of e-mail based infections.

There were rumors of a major "hack attack" from China this Month intended to disrupt the U.S. internet... but as of today it seems not to have materialized.
"Cyber-terrorizim" may become an issue to be seriously reckoned with at some point.

You can't prevent the monsters, only what they can do to you. In the 6 years I've been on the internet, I've never had a problem with a virus on my personal computer. I'm not bragging - just saying viruses can be avoided. I rarely open attachements, I have a text-only e-mail program, I have an up to date anti-virus program.

Don't open attachments unless they are from a known source, you know they are sending it to you, and you scan it for infection first!!!

If the simple above rule was universally followed, it would drastically reduce - if not remove - the spread of computer virii.

Keeping your virus scan program updated is HIGHLY important as well. The one virus I've been hit with snuck in through an infected document that I'd scanned. Seemed I was lucky enough to have caught one that had only been 'in the wild' for a short time. Considering it was a Backdoor virus, it laid open the contents of my computer for anyone with the proper skills and program to see... Fortunately, it appears that the only effect was that someone used our computer to store and transfer MP3 files on for a while.

M

Yahoo Mail will only automatically open files such as .jpg and .gif (picture files). It won't automatically run a visual basic script (.vbs) which this is.

You'd have to save it and run it for it to affect you. Also this virus only attacks Microsoft Outlook (Express) so you needn't worry.

Ed

For people with yahoo mail... how do you turn off the thing in yahoo mail where it automatically opens attachments as soon as you try to read the message?

~ Jande

Spaw

http://www.cnn.com/2001/TECH/internet/05/09/homepage.virus/index.html

LTS