From: Steve Marak samarak at arachne.uark.edu> on 2001.11.27 at 23:33:08(7853)
On Tue, 27 Nov 2001, Julius Boos wrote:
> In the last two days I have been receiving seemingly blank letters BUT with
> an attached mpeg file off this list AND the other bulbous aroid list. My
..
> concern is that it may be a 'worm' or virus. Any ideas from anyone on
Aroiders,
This topic is eating up lots of bandwidth on many lists right now, so I
thought I'd post Julius' message and respond immediately to it.
Yes, this is a virus. Don't open any of the attachments - they aren't what
they claim to be. I got several copies of it yesterday, from various
sources. I don't allow my systems to be infected, and I no longer deal
with vira professionally, so I followed my usual practice of saving a
specimen in my virus zoo, deleting the offending e-mail, and ignoring the
whole thing. But it seems prudent to let a warning out and see if we can
maximize information in a minimal number of posts - many of you will
already be tired of hearing about this.
The current virus du jour, W95/Badtrans.B@MM, alias W32/Badtrans@MM,
probably alias several other things, is spreading widely. It spreads as an
attachment in e-mail that appears to be an audio or image file, but of
course isn't. It's Windows based, and exploits a known (patch available)
flaw in older versions of Outlook and Outlook Express, or of course you
can be infected if you purposely open the attachment.
If you are infected, it will prowl through your address book sending
itself to others using a variety of names and subject lines ... some of
them real subject lines taken from messages in your e-mail folders. It
also drops a keystroke logger into your system.
It is a new variant of another virus, so you will need to check with your
antivirus vendor and make sure you have the correct pattern file(s). It
can be deleted manually but is a bit of a pain especially if you aren't
comfortable with Microsoft arcana like regedit.
For full details, go to your favorite antivirus website and look for
"Badtrans". Here are a couple of direct links:
http://www.f-prot.com/f-prot/virusinfo/badtrb.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k™069&
Despite the fact that I don't run any antivirus software myself, I
recommend to everyone that they should. Pick any of the top echelon
products with which you are comfortable, and which don't conflict with
other software on your system.
However, making sure you have the latest security patches on your e-mail
program and a healthy paranoia toward unexpected or unusual e-mail
attachments will do more to keep you from being a virus du jour victim
than all the virus scanners there are. They can only detect what they know
how to recognize - even if you are very good at playing the
update-the-pattern-file game, a really new virus or major modification of
an old one will probably go right past your antivirus software. Do run
some antivirus software, just don't neglect the software updates and
paranoia.
There are several versions of Microsoft Outlook and Outlook Express, so I
won't try to give pointers to the updates for all of them.
I see several posts have arrived while I was keying this. If they are
related to this virus, and contain only basically information I've already
included here, I won't post them (unless everybody just wants to see
them).
Wishing everyone a virus free day,
Steve
| 
IAS on Facebook
IAS on Instagram
