This was found at
http://www.msnbc.com/news/663187.asp?0dm=C15OT&cp1=1#BODY
At the end of this MSNBC report are some great tips on virus prevention.
Nov. 26 - Computer security experts say a fast-spreading e-mail worm called
Badtrans infected thousands of computers across Europe and in the United
States on Monday. The worm uses several clever methods of duping a victim
into infection - in some cases, users don't even have to open an e-mail.
After infection, the malicious program installs software that watches what
the victim types and attempts to steal private information.
THE WORM WAS first discovered during the holiday weekend in the U.S., but
was given a low-risk rating then. With a wide outbreak of infections
occurring early Monday, most anti-virus firms have now raised their risk
assessment.
"It's by no means a 'Nimda' or a 'Code Red,' but it is catching
an awful lot
of people," said Roger Thompson, virus expert at TruSecure Corp.
E-mail filtering firm MessageLabs Inc. said it had trapped over 15,000
copies of the worm on Monday, with infections reported from 66 different
countries - most in the United States, the United Kingdom, and Germany. A
spokesperson for
McAfee.com said infections were "in the thousands."
The worm employs clever social engineering tactics to trick users into
infecting themselves. Once it infects a machine, it replies to any unread
e-mail in the victim's Microsoft Outlook in-box. The subject line will
mirror the original subject line, and the message body is a "reply-to" of
the original sender's message, giving the infected e-mail a look of
authenticity. It then asks the recipient to "take a look at the attachment."
The attachment can have one of several names, according to
F-secure.
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif
McAfee.com suggested in its press release that the attachment file names
might trick home users sending holiday e-mail to family and friends because
the names include words like "Pics," "News," "Cards" and
"Images."
Viruses & Vulnerabilities
. Microsoft admits flaw in Passport
. Bug of the Day
The worm also exploits a flaw in some versions of Microsoft's Outlook
Express that automatically runs programs contained in e-mail as soon as they
are viewed in the Outlook Express preview pane. That accounts for some of
the worm's success in spreading, Thompson said.
Outlook users can fix that flaw by downloading a patch available at
Microsoft's Web site
After infection, the worm attempts to send the victim's IP address to an
anonymous e-mail account that likely belongs to the worm's author. The worm
also installs a "keylogger" program, according to
McAfee.com, which can
capture and store personal data, such as credit card numbers and passwords.
The Badtrans virus was first discovered in January, Thompson said, but this
new variant - Badtrans.B - was released in compressed form, meaning it
evades detection by older antivirus software. Corporations and home users
need to update their antivirus programs to protect against the worm.
In the last four attachments that I've received from people I don't know
have contained viruses. Thankfully I've got Norton which took care of the
problem. Please scan your attached emails and don't open those attachments
from people you don't know. Better yet, don't open them at all. A great
website that provides a free virus scan is
http://www.pcpitstop.com Also,
an investment in Norton is worth it's weight in gold.
When Norton gives you the option to delete or quarentine and you decide to
quarentine rather than the safer option of deleting.... select the
quarentine option. You will then have a screen that will allow you to scan
it. I do not recommend saving the file to disk or opening it until you've
got it fixed. any email that I recieve that Norton says it has a virus. I
delete it and politley send the sender an email telling them that they came
through with a virus, and ask them to resend it once they are virus free.
The best bet is to copy and paste in the body of the email, therefore there
are no attachments. I practice this and rarely send an attachment to
anyone. If you are sending pictures, save the picture in a .gif file and
insert it into the body of the text. If the receiver chooses to make the
picture a permanent part of his/her picture library or however they store
pictures, they may take the picture out of the body of the email.
For reports, copy and paste your information in the text of email. When you
do that you can be sure that you are not sending a virus and the receiver
knows that they are not receiving one.
If you haven't invested in Norton or an antivirus program, please do so as
in genealogy we tend to send A LOT of emails and receive attatchments daily.
Norton is worth it's weight in gold.
Cathie
----- Original Message -----
From: "Harvey Norris" <hnorris(a)usit.net>
To: <NCWATAUG-L(a)rootsweb.com>
Sent: Tuesday, November 27, 2001 11:44 AM
Subject: [NCWATAUG] Rotens
Someone who has sent this e-mail is being notified that it contains a
virus.I rec'd it twice.Norton was unable to repair it and it had to be
deleted.It has an attachment titled unknown something.Do not open it.
==== NCWATAUG Mailing List ====
Watauga County NCGenWeb
http://www.geocities.com/familysnooper/Wata_county.html