Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafesj

Post to this Thread - Sort Descending - Printer Friendly - Home


BS: BadTrans_B Virus

Jon Freeman 28 Nov 01 - 07:35 AM
Trevor 28 Nov 01 - 07:37 AM
wysiwyg 28 Nov 01 - 09:49 AM
Fibula Mattock 28 Nov 01 - 10:44 AM
Guessed 28 Nov 01 - 10:56 AM
nutty 28 Nov 01 - 12:18 PM
Mooh 28 Nov 01 - 01:22 PM
Jon Freeman 28 Nov 01 - 04:00 PM
Herga Kitty 28 Nov 01 - 05:04 PM
Burke 28 Nov 01 - 05:27 PM
Jon Freeman 01 Dec 01 - 08:56 AM

Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:





Subject: BadTrans_B Virus
From: Jon Freeman
Date: 28 Nov 01 - 07:35 AM

I have just recieved a copy of BadTrans.B via email. The sender is set at null so I don't know where it came from but over 1/2 my email comes from Mudcat members so I thought I'd better post something here.

Seems like my AV software caught it.

Jon


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Trevor
Date: 28 Nov 01 - 07:37 AM

Yep, we're having an attack of this as well, although I don't get mail from 'catters.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: wysiwyg
Date: 28 Nov 01 - 09:49 AM

None here, but Symantec (Norton) just sent word of an update for it and another one going around. (Update downloaded here and fresh scan done-- all clean.)

Here's the Symantec info:

November 27, 2001

If you require assistance installing, configuring, or troubleshooting a Symantec product, or you have a question for Customer Service, please visit the Symantec Service & Support Web site at the following address:

http://www.symantec.com/techsupp/

Select your product and version and click Go.

To see an HTML version of this newsletter, please visit the following Web site:

http://www.symantec.com/techsupp/vURL.cgi/navarc

1. W32.Badtrans.B@mm

W32.Badtrans.B@mm is a MAPI worm that emails itself out as a file with one of several different names. This worm also creates a .dll in the \Windows\System directory as Kdll.dll. It uses functions from this .dll to log keystrokes. Virus definitions dated November 24, 2001 will detect this worm. For additional information, point your Web browser to:

http://www.symantec.com/techsupp/vURL.cgi/nav108

2. W32.Aliz.Worm

W32.Aliz.Worm is a very simple SMTP mass-mailer worm. The worm currently only replicates on Windows 9x computers. It does not seem to spread on Windows NT platforms. The worm spreads by obtaining email addresses from the Windows address book and sending itself to those addresses. Virus definitions dated May 22, 2001 will detect this worm.

When the worm arrives by email, the worm uses a MIME exploit that allows the virus to be run just by reading or previewing the email. Information on and a patch for this exploit can be found at:

http://www.symantec.com/techsupp/vURL.cgi/nav110

For additional information, point your Web browser to:

http://www.symantec.com/techsupp/vURL.cgi/nav109

~S~


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Fibula Mattock
Date: 28 Nov 01 - 10:44 AM

I've just spent the past hour getting rid of the Badtrans one. I'm really fussy about opening attachments, and this damn one opened itself. Bah.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Guessed
Date: 28 Nov 01 - 10:56 AM

So the MC was down for 4 days, my e-mail inaccessable for about the same, and Yahoo and Joymail refused to register me, Forced to use hotmail. Loads of other sites down for refurbishment - as if you would switch-off your only business outlet for 4 days to prettify the aethetics.
& I had the conspiracy theory already worked out. Bill G does this deal with the President who is forcing every major provider to install interception software and who gets the first bite at the cherry?
Neat eh? tell me I'm wrong.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: nutty
Date: 28 Nov 01 - 12:18 PM

Thanks for letting us know Jon
Is this worm just affecting Internet Explorer systems or is Netscape affected as well???


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Mooh
Date: 28 Nov 01 - 01:22 PM

Two days ago I sat down in front of my computer and before I could take a breath I found over 70 messages from my provider warning me of the virus infected email which had attacked my address book and every website, and addresses within I think, in my favourites list. Norton completely missed it the first time, in spite of being updated only 15 days before, but caught the subsequent virus returned to me from somewhere it was sent. Completely messed up my day, though I did hear from some folks I hadn't heard from in a long while. The kicker is that I didn't have to do anything more than go online, the virus did the rest. You computer savvy folks know about these things I guess, but it feels like a real intrusion.

Peace, and sorry if anyone got it from me!

Mooh.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Jon Freeman
Date: 28 Nov 01 - 04:00 PM

Nutty, I may be wrong but I would imagine it could affect any Win32 system if someone was daft enough to open the attachment. I think the auto-open problem only affects Outlook and OE.

Jon


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Herga Kitty
Date: 28 Nov 01 - 05:04 PM

I got an e-mail purporting to be from another catter, but when I tried to open it I was told I'd performed an illegal operation and the application was closing down. I updated my Norton and the scan proved clear. So I think my firewall saved me - also, I've got an old version of Outlook Express, and BadTransB apparently only affects the 5.01 and 5.5 versions. This particular virus has spread very quickly - helped by BTOpenline, who accidentally e-mailed it to all their customers. It's nasty, not just because you can activate it by previewing it, but also because it tracks keystrokes so can send PIN numbers etc back to the virus originator.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Burke
Date: 28 Nov 01 - 05:27 PM

I've received 3 messages with this virus so far. All from members of the same mailing list.

I use Eudora, which seems to have protected me, but in an odd way. I knew something odd was going on with I got empty replies to really old messages I'd sent to a mailing list, but saw no attachments. I did open them. After updating my virus scanner, 2 copies were found & deleted. Instead of being in the attachment directory they were in /Eudora/Embedded.

I deleted them & a find on the file name using Eudora's find turns up those 2 empty messages. I still cannot see any reference in those blank messages to the 'attached' file. Whatever is 'embedded' about them, they don't seem to have executed themselves either. I checked very carefully with information from the Sophos site & I don't seem to have become infected.

I am still mystified about what it means to be in the 'embedded' directory. None of the systems people around here seem to know. There were several other .jpg's & .gif's in the directory from the past 6 months or so. I deleted them just to be safe.

This morning I caught another copy coming in on e-mail & deleted it immediately. It was also put in the /embedded directory.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: BS: BadTrans_B Virus
From: Jon Freeman
Date: 01 Dec 01 - 08:56 AM

Just to say, I have put a virus info page up at the Annexe. It can be found at http://www.jonbanjo.com/forum/virusinfo.asp

Jon


Post - Top - Home - Printer Friendly - Translate


 


This Thread Is Closed.


Mudcat time: 30 May 1:45 AM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.