If you receive a message with an attachment and the message body is blank DO
NOT OPEN IT!!!
Description:
W32/Badtrans-B is a worm which uses MAPI to spread. The worm arrives in an
email message with no message text. The attachment filename is randomly
generated from three parts. The first part is taken from the list:
FUN
HUMOR
DOCS
S3MSONG
Sorry_about_yesterday
ME_NUDE
CARD
SETUP
SEARCHURL
YOU_ARE_FAT!
HAMSTER NEWS_DOC
New_Napster_Site
README
IMAGES
PICS
The second from the list:
.DOC.
.MP3.
.ZIP.
and the last from:
pif
scr
If the attached file is run, it copies itself into the Windows system
directory with the filename KERNEL32.EXE and changes the registry key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce so that the worm runs
the next time Windows is started. The worm also drops a file named kdll.dll,
which is the password stealing Trojan Troj/PWS-AV.
If you suspect you have received a virus from a subscriber to this list
please email
listname-admin(a)rootsweb.com
with details.
Take care
Donna King
Cannell List Manager