There are two new high risk viruses out infecting email users. Please be very careful about opening ANY email attachments and update your virus data files. Below are a few excerpts from sites which discuss the virus and what to do about it. Back to Home Page
This is a HIGH RISK virus that spread via Microsoft Outlook and can be spread via ICQ. This is a mass mailing worm that attempts to send itself to all entries in the Outlook Address book. The virus will arrive with the following email message:
Subject: Hi Body: How are you ? When I saw this screen saver, I
immediately thought about you I am in a harry, I promise you will love it!
This is a very destructive virus! For more information on this visit www.mcafee.com.
From About.com (Click on the link for the full story)
A new variant of the BadTrans virus emerged on November 24, 2001. Dubbed W32.Badtrans.b by antivirus vendors, this new variant selects various options from three different lists to compose its attachment. The filename is selected from one of the following names: FUN, HUMOR, DOCS, S3MSONG, Sorry_about_yesterday, ME_NUDE, CARD, SETUP, SEARCHURL, YOU_ARE_FAT!, HAMSTER, NEWS_DOC, New_Napster_Site, README, IMAGES, PICS. BadTrans.b uses a double extension ruse to take advantage of a vulnerability in the default settings of Windows. Unless the default settings are modified, users will not see the actual file extension, but rather the fake extension presented by the virus. This erroneous extension will be either .DOC, .MP3, or .ZIP. ...BadTrans.b will automatically execute the attachment in Microsoft® Outlook and Outlook Express, if using Internet Explorer version 5.01 or 5.5 (click Help | About in Internet Explorer to discover your version). In the case of Outlook Express, it infects simply by the email appearing in the Preview Pane.
From Symantec.com (Click on the link for the full story)
Due to the increased rate of submissions, Symantec Security Response has upgraded the threat level of this worm from level 3 to level 4 as of November 26, 2001. W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.
From antivirus.com (Click on the link for the full story)
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It propagates via MAPI32, has a Key Logger component, and arrives with randomly selected double-extension filenames. It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute the file attachment. This is also known as Automatic Execution of Embedded MIME type. For a free online scan click here.
Back to Home Page