|
|
Thermit
Joined: 08 Jul 2000
Posts: 3136
Location: Texas |
BADTRANS Virus
 Wed Nov 28, 2001 11:57 pm
|
 |
|
You may have already heard about this, but I'm getting a lot of emails to the site that are infected with this virus...
http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
quote:
Due to the increased rate of submissions, Symantec Security Response has upgraded the threat level of this worm from level 3 to level 4 as of November 26, 2001.
W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes.
...
In all cases, MAPI will also be used to find unread mail to which the worm will reply. The subject will be "Re:". In that case, the attachment name will be one of the following:
PICS
IMAGES
README
New_Napster_Site
NEWS_DOC
HAMSTER
YOU_ARE_FAT!
SEARCHURL
SETUP
CARD
ME_NUDE
Sorry_about_yesterday
S3MSONG
DOCS
HUMOR
FUN
In all cases, the worm will append two extensions. The first will be one of the following:
.doc
.mp3
.zip
The second extension that is appended to the file name is one of the following:
.pif
.scr
Watch Out and get a virus checker!
|
| |
|
|
Lulu
Joined: 22 Dec 2000
Posts: 2501
Location: right here |
|
Thu Nov 29, 2001 1:37 am
|
|
|
Thanks for the warning Thermit! |
| |
|
|
mark sky
Joined: 14 Oct 2000
Posts: 3616
Location: SW coast of Oregon |
|
Thu Nov 29, 2001 4:08 am
|
|
|
Sounds like little red riding~HOODz has a "majik lantern"
and is going down everYones chimney
posting as santa'S (ashcroft]NWO clause...
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1678000/1678578.stm
[Edited 2 times, lastly by mark sky on 11-28-2001] |
| |
|
|
theseeker
Joined: 25 Jul 2000
Posts: 3403
Location: Damnit...I'm a doctor jim |
|
Fri Dec 07, 2001 12:08 am
|
|
|
this person if they exist :
From: "Bridget Haworth" <_water.can@sympatico.ca>
just sent that virus to me...the virus was quarantined and could not be repaired, I sent the info to symantec...
word-up |
| |
|
|
Lulu
Joined: 22 Dec 2000
Posts: 2501
Location: right here |
|
Fri Dec 07, 2001 5:00 am
|
|
|
I had the (ME_NUDE.mps from "Bridget Haworth" Re) sent to both of my e-mail addys today.
Course I delete both of them tout suite!
[Edited 3 times, lastly by Lulu on 12-23-2001] |
| |
|
|
Thermit
Joined: 08 Jul 2000
Posts: 3136
Location: Texas |
|
Wed Dec 19, 2001 10:40 pm
|
|
|
From Whitley...
quote:
Badtrans Internet Worm Information
The Badtrans Worm was designed to return information from Outlook and Outlook Express users (Who else?) to hackers who could then enter victims' computers and steal passwords, etc. One of the service providers that the hackers were using to gather e-mails noticed the sudden heavy usage and closed the e-mail account that was receiving hundreds of thousands of e-mails from infected computers.
The FBI soon contacted them, asking to 'go fishing' in what the victims of this hack had believed was private correspondence. Were you hacked? How can you find out?
Well, it turns out that you can. The database of hacked e-mails is available at http://badtrans.monkeybrains.net
You can input your e-mail address and find out if you're in the database. If you are, it means that you are a victim of the Badtrans worm and should virus clean your computer. (Not all Badtrans victims appear in this database, but it's the only one that is publicly accessible.)
|
| |
|
|
theseeker
Joined: 25 Jul 2000
Posts: 3403
Location: Damnit...I'm a doctor jim |
|
Wed Jan 09, 2002 1:08 am
|
|
|
just got my second badtrans last night complete with trojan it will say "greg re:" file size is 40k.....I recommend that NOONE open mail from me at any other addy than my yahoo account located on the front page of my site...
oh happy day....
http://www.geocities.com/theseeker_0714b/index.html
T/S |
| |
|
|
Lulu
Joined: 22 Dec 2000
Posts: 2501
Location: right here |
|
Wed Jan 09, 2002 1:46 am
|
|
|
I got the Greg Re: this morning and deletedd it right away. Thanks seek. Sorry you were hit. Harsh. |
| |
|
|
 
|
|
All times are GMT. The time now is Sat May 26, 2012 3:46 pm
|
|
|
|
|
Login
