|
|||||||
BS: BadTrans_B Virus |
Share Thread
|
Subject: BadTrans_B Virus From: Jon Freeman Date: 28 Nov 01 - 07:35 AM I have just recieved a copy of BadTrans.B via email. The sender is set at null so I don't know where it came from but over 1/2 my email comes from Mudcat members so I thought I'd better post something here. Seems like my AV software caught it. Jon |
Subject: RE: BS: BadTrans_B Virus From: Trevor Date: 28 Nov 01 - 07:37 AM Yep, we're having an attack of this as well, although I don't get mail from 'catters. |
Subject: RE: BS: BadTrans_B Virus From: wysiwyg Date: 28 Nov 01 - 09:49 AM None here, but Symantec (Norton) just sent word of an update for it and another one going around. (Update downloaded here and fresh scan done-- all clean.) Here's the Symantec info: November 27, 2001 If you require assistance installing, configuring, or troubleshooting a Symantec product, or you have a question for Customer Service, please visit the Symantec Service & Support Web site at the following address: http://www.symantec.com/techsupp/ Select your product and version and click Go. To see an HTML version of this newsletter, please visit the following Web site: http://www.symantec.com/techsupp/vURL.cgi/navarc 1. W32.Badtrans.B@mm W32.Badtrans.B@mm is a MAPI worm that emails itself out as a file with one of several different names. This worm also creates a .dll in the \Windows\System directory as Kdll.dll. It uses functions from this .dll to log keystrokes. Virus definitions dated November 24, 2001 will detect this worm. For additional information, point your Web browser to: http://www.symantec.com/techsupp/vURL.cgi/nav108 2. W32.Aliz.Worm W32.Aliz.Worm is a very simple SMTP mass-mailer worm. The worm currently only replicates on Windows 9x computers. It does not seem to spread on Windows NT platforms. The worm spreads by obtaining email addresses from the Windows address book and sending itself to those addresses. Virus definitions dated May 22, 2001 will detect this worm. When the worm arrives by email, the worm uses a MIME exploit that allows the virus to be run just by reading or previewing the email. Information on and a patch for this exploit can be found at: http://www.symantec.com/techsupp/vURL.cgi/nav110 For additional information, point your Web browser to: http://www.symantec.com/techsupp/vURL.cgi/nav109 ~S~
|
Subject: RE: BS: BadTrans_B Virus From: Fibula Mattock Date: 28 Nov 01 - 10:44 AM I've just spent the past hour getting rid of the Badtrans one. I'm really fussy about opening attachments, and this damn one opened itself. Bah. |
Subject: RE: BS: BadTrans_B Virus From: Guessed Date: 28 Nov 01 - 10:56 AM So the MC was down for 4 days, my e-mail inaccessable for about the same, and Yahoo and Joymail refused to register me, Forced to use hotmail. Loads of other sites down for refurbishment - as if you would switch-off your only business outlet for 4 days to prettify the aethetics. & I had the conspiracy theory already worked out. Bill G does this deal with the President who is forcing every major provider to install interception software and who gets the first bite at the cherry? Neat eh? tell me I'm wrong. |
Subject: RE: BS: BadTrans_B Virus From: nutty Date: 28 Nov 01 - 12:18 PM Thanks for letting us know Jon Is this worm just affecting Internet Explorer systems or is Netscape affected as well??? |
Subject: RE: BS: BadTrans_B Virus From: Mooh Date: 28 Nov 01 - 01:22 PM Two days ago I sat down in front of my computer and before I could take a breath I found over 70 messages from my provider warning me of the virus infected email which had attacked my address book and every website, and addresses within I think, in my favourites list. Norton completely missed it the first time, in spite of being updated only 15 days before, but caught the subsequent virus returned to me from somewhere it was sent. Completely messed up my day, though I did hear from some folks I hadn't heard from in a long while. The kicker is that I didn't have to do anything more than go online, the virus did the rest. You computer savvy folks know about these things I guess, but it feels like a real intrusion. Peace, and sorry if anyone got it from me! Mooh. |
Subject: RE: BS: BadTrans_B Virus From: Jon Freeman Date: 28 Nov 01 - 04:00 PM Nutty, I may be wrong but I would imagine it could affect any Win32 system if someone was daft enough to open the attachment. I think the auto-open problem only affects Outlook and OE. Jon |
Subject: RE: BS: BadTrans_B Virus From: Herga Kitty Date: 28 Nov 01 - 05:04 PM I got an e-mail purporting to be from another catter, but when I tried to open it I was told I'd performed an illegal operation and the application was closing down. I updated my Norton and the scan proved clear. So I think my firewall saved me - also, I've got an old version of Outlook Express, and BadTransB apparently only affects the 5.01 and 5.5 versions. This particular virus has spread very quickly - helped by BTOpenline, who accidentally e-mailed it to all their customers. It's nasty, not just because you can activate it by previewing it, but also because it tracks keystrokes so can send PIN numbers etc back to the virus originator. |
Subject: RE: BS: BadTrans_B Virus From: Burke Date: 28 Nov 01 - 05:27 PM I've received 3 messages with this virus so far. All from members of the same mailing list. I use Eudora, which seems to have protected me, but in an odd way. I knew something odd was going on with I got empty replies to really old messages I'd sent to a mailing list, but saw no attachments. I did open them. After updating my virus scanner, 2 copies were found & deleted. Instead of being in the attachment directory they were in /Eudora/Embedded. I deleted them & a find on the file name using Eudora's find turns up those 2 empty messages. I still cannot see any reference in those blank messages to the 'attached' file. Whatever is 'embedded' about them, they don't seem to have executed themselves either. I checked very carefully with information from the Sophos site & I don't seem to have become infected. I am still mystified about what it means to be in the 'embedded' directory. None of the systems people around here seem to know. There were several other .jpg's & .gif's in the directory from the past 6 months or so. I deleted them just to be safe. This morning I caught another copy coming in on e-mail & deleted it immediately. It was also put in the /embedded directory. |
Subject: RE: BS: BadTrans_B Virus From: Jon Freeman Date: 01 Dec 01 - 08:56 AM Just to say, I have put a virus info page up at the Annexe. It can be found at http://www.jonbanjo.com/forum/virusinfo.asp Jon |