2. New Variant Infecting Thousands - WORM_BADTRANS.B (Medium Risk)
------------------------------------------------------------------------
This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It
propagates via MAPI32, has a Key Logger component, and arrives with randomly
selected double-extension filenames.
It does not require the email receiver to open the attachment for it to
execute. It uses a known vulnerability in Internet Explorer-based email
clients (Microsoft Outlook and Microsoft Outlook Express) to automatically
execute the file attachment. This is also known as Automatic Execution of
Embedded MIME type.
This worm is currently spreading in-the-wild, and is classified as medium
risk. As of November 30, there have been more than 20,000 infections of
WORM_BADTRANS.B worldwide, according to Trend Micro's World Virus Tracking
Center at:
http://wtc.trendmicro.com/wtc/
WORM_BADTRANS.B is detected by Trend Micro pattern file #170 or #970.
For additional information about WORM_BADTRANS.B, please visit Trend Micro
at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS
.B.
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: November 19, 2001 to November 25, 2001)
------------------------------------------------------------------------
1. PE_MAGISTR.B
2. PE_MAGISTR.A
3. JS_EXCEPTION.GEN
4. WORM_BADTRANS.B
5. VBS_HAPTIME.A
6. TROJ_SIRCAM.A
7. JS_KAKWORM.A
8. WORM_SIRCAM.A
9. PE_MAGISTR.DAM
10. PE_CIH
SPECIAL OFFER:
Webmasters, add free virus information updates to your Web site with our
Virus Info Feed. Simply copy and paste a small piece of code to give your
visitors a real-time top 10 list and the latest virus advisories.
Setup takes approximately 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr
4. Top 5 Viruses Trend Micro's US Customers are Most Concerned About
(where systems were not infected)
------------------------------------------------------------------------
1. JOKE_FLIPPED
2. JS_EXCEPTION.GEN
3. PE_MAGISTR.B
4. PE_SPACES.1445
5. WORM_BADTRANS.A
-----Original Message-----
From: Nancy Bower [mailto:nbower2@yahoo.com]
Sent: Friday, November 30, 2001 7:55 PM
To: CARTER-L(a)rootsweb.com
Subject: Re: [CARTER-L] Message from Susan
I also received the same sort of thing from another
Roots_L list, but it was from somebody with whom I've
corresponded often. When I tried to reply, the e-mail
address was bad. Strange. Must be something in Roots
Web.
Maybe it was a coincidence, but I got one of those
"Hahaha.....Snow White..." virus e-mails today too.
(Don't worry. I didn't open it, double-deleted it, and
ran a virus scan.)
--- Kathy Jones Kristof <kjk(a)101freeway.net> wrote:
I also received a message from Susan with an
attachment that was blank. I emailed her directly
requesting it be resent, but I've received no reply.
__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com