Badtrans Worm.
Posted by
Alison & Jim Gregg
on 2001-11-30 19:26:29 UTC
Hi All.
The latest "W32 Badtrans.B. does have several nasty ways in - For instance
sometimes it says it is an MP3 file, and unless you have re-set Outlook or
Outlook Express from its default settings the fool thing will try to play
the thing for you - exactly the same as opening an infected attachment, and
as the thing is embedded rather than attached you DON'T get warning or
notice of an attachment. Because there isn't one it's embedded!! I am
not sure how to reset the diabolical Outlook series - I don't use the
wretched thing.
Badtrans was discovered on 24/11 ( the latest nastier version), so any A/V
software not updated since then will not detect it.
What the A/V software does is to trap it on the way in - and then
quarantines it to be dealt with. If you just delete it from the e-mail
programme it goes to the Trash mailbox, then when you do a system virus
scan it will probably find it again in the "Trash Can" or Trash mailbox.
I've had about three a day since the weekend, and symantec has upgraded it
to a category 4 panic.
The Symantec web site (Norton Anti-Virus) has full details at
http://securityresponse.symantec.com/avcenter/venc/dataw32.badtrans.b@...
Jim Gregg.
[Non-text portions of this message have been removed]
The latest "W32 Badtrans.B. does have several nasty ways in - For instance
sometimes it says it is an MP3 file, and unless you have re-set Outlook or
Outlook Express from its default settings the fool thing will try to play
the thing for you - exactly the same as opening an infected attachment, and
as the thing is embedded rather than attached you DON'T get warning or
notice of an attachment. Because there isn't one it's embedded!! I am
not sure how to reset the diabolical Outlook series - I don't use the
wretched thing.
Badtrans was discovered on 24/11 ( the latest nastier version), so any A/V
software not updated since then will not detect it.
What the A/V software does is to trap it on the way in - and then
quarantines it to be dealt with. If you just delete it from the e-mail
programme it goes to the Trash mailbox, then when you do a system virus
scan it will probably find it again in the "Trash Can" or Trash mailbox.
I've had about three a day since the weekend, and symantec has upgraded it
to a category 4 panic.
The Symantec web site (Norton Anti-Virus) has full details at
http://securityresponse.symantec.com/avcenter/venc/dataw32.badtrans.b@...
Jim Gregg.
[Non-text portions of this message have been removed]