Heads up! email virus on the loose...

"The attachment, which contains the malicious program, can be executed simply by reading or previewing it and doesn't need to be double clicked or opened separately, experts said."
What experts? Better question: How? When it comes to virii, never listen to the media. They don't know NIMDA from Chicken Pox. They're out to scare us, and it's easy to do.
Here is everything there is about
W32.Badtrans.B@mm.
http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
The closest thing that this site says about this virus magically opening is "Home users should not open any email that has an attachment in which the second extension is .pif or .scr. Any email that has such an attachment should be deleted." They say "Do not open the message." because, as we all know, the public is a bit on the slow side, and will always catch on to warnings a step late. Therefore, "Do not open the attachment." hasn't worked so well.
One particularly insulting trick lately is for them to have a file extension in the name, so you'll get something that looks a little like "19yroldanal.mpg.vbs", or, to hit a bit closer to home "newbowie.jpg.scr". They do this because .jpg and .mpg files are known to be safe.
I could go on about this subject for a really long time, so I'll stop now. I hope this helps.
 
Oz,
Actually, it appears that this one may well exploit a well known security "hole".

According to Microsoft, if an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail.

Even the link you provided to Symantec on the W32.Badtrans.B@mm worm makes mention of this issue by stating:

"Email messages use the malformed MIME exploit to allow the attachment to execute in Microsoft Outlook without prompting."

-----------------

Folks,

The fix for this particular vulnerability was available from Microsoft way back at the release of IE version 5.01 service pack 2.

If you are using Internet Explorer, the easiest way to stay up to date on fixes is to frequently visit the Microsoft Windows Update website. The link is: http://windowsupdate.microsoft.com/. You can also get there by selecting "Tools/Windows Update" from the menu bar at the top of Internet Explorer.

Get these patches when they are available, use anti-virus software, and keep the virus data files up to date.


----- [ He comes back and say's ] ------

Don't misunderstand me. The fix mentioned above would not prevent you from getting the virus or worm. It merely is supposed to prevent automatic execution of code without prompting in IE / Outlook.
 
I stand corrected. I keep forgetting that not everyone is as big of a geek as I am and has the latest versions of everything. I avoid the affects of virii that exploit MS Outlook by not using it. I stick with web-based email, which, without java, can't open attachments or access any address books.
 
My question is if you get this virus in your system, is there some easy way to remove it. Can a dumb s--T like me remove it or do you have to have outside help?

It sounds like there might be several that have this virus and don't know they do, me included, I'm going to run a virus scan this evening and would like to know what to do if I find I've got it.

Thanks

Bill
 
http://dailynews.yahoo.com/h/zd/20011128/tc/worms_despite_patching_infection_continues_why__1.html

This link contains some more info on the virus (worm) in question, and others like it. This seems to be a complicated issue, but (as suggested earlier) applying all the Microsoft security patches for Internet Explorer seems to be the best course of action. And be wary of attachments (also suggested earlier). I used to advocate upgrading to the latest version of all software (esp. Microsoft) whenever updates were available. But it seems like Microsoft patches one hole and opens two more in its place.

Microsoft - FIX YOUR SOFTWARE!

Just my opinion.
Dan
 
I got hit.
Scanned drive and found none at first. Got the updates (released the day before) scanned again and found 2 infected files. After 4 hours of f'n around my machine scans clean. I am no programmer but I managed to fix it.
Surf safe.....
Gord.
 
You must log in or register to reply here.
Back
Top