Attachments
Posted by
Alison & Jim Gregg
on 2001-12-01 03:27:50 UTC
Hi All.
This Badtrans thing does not need an attachment to be transmitted, so
looking for attachments does not work - because there is no
attachment. The thing is embedded - a similar process, but does not show
as an attachment thus if your browser does as many do and run embedded
things automatically when you look at the message, then you've probably got it.
Since there is no attachment, then the protections from Yahoo don't strip
it, so I suspect that it can get through the list. I have had it come in
aparrently from 4 other Yahoo lists,and one from a totally different list
serve. In each case these do appear to have come via the lists concerned,
though they could have been faking that but not likely.
It can and does take addresses from the address book of the victim, message
headers from the files, put them together,and send itself on. AND they
sound convincing!
One odd weakness in the thing is that very often the "From" address often
has an underscore in front of it so - joe@... is probably OK
but _joe@... probably is Badtrans. This prevents the message
being sent back as a warning using the reply key - shows as a bad address.
Anti virus programs will trap it coming in, and will show it in files, but
if you are infected an A/V program will not usually remove all of it as
someone on this list has found.. Norton reference below does tell you how
to get rid of it in detail - it's time consuming and a complete pain though.
The Symantec web site (Norton Anti-Virus) has full details at
http://securityresponse.symantec.com/avcenter/venc/dataw32.badtrans.b@...
Jim Gregg
[Non-text portions of this message have been removed]
This Badtrans thing does not need an attachment to be transmitted, so
looking for attachments does not work - because there is no
attachment. The thing is embedded - a similar process, but does not show
as an attachment thus if your browser does as many do and run embedded
things automatically when you look at the message, then you've probably got it.
Since there is no attachment, then the protections from Yahoo don't strip
it, so I suspect that it can get through the list. I have had it come in
aparrently from 4 other Yahoo lists,and one from a totally different list
serve. In each case these do appear to have come via the lists concerned,
though they could have been faking that but not likely.
It can and does take addresses from the address book of the victim, message
headers from the files, put them together,and send itself on. AND they
sound convincing!
One odd weakness in the thing is that very often the "From" address often
has an underscore in front of it so - joe@... is probably OK
but _joe@... probably is Badtrans. This prevents the message
being sent back as a warning using the reply key - shows as a bad address.
Anti virus programs will trap it coming in, and will show it in files, but
if you are infected an A/V program will not usually remove all of it as
someone on this list has found.. Norton reference below does tell you how
to get rid of it in detail - it's time consuming and a complete pain though.
The Symantec web site (Norton Anti-Virus) has full details at
http://securityresponse.symantec.com/avcenter/venc/dataw32.badtrans.b@...
Jim Gregg
[Non-text portions of this message have been removed]
Discussion Thread
Peter Smith
1999-07-29 12:57:20 UTC
Attachments
wanliker@a...
2001-01-09 13:03:44 UTC
Re: [CAD_CAM_EDM_DRO] Re: RE: Attachments
wanliker@a...
2001-05-12 12:39:12 UTC
Re: [CAD_CAM_EDM_DRO] Attachments
Alison & Jim Gregg
2001-12-01 03:27:50 UTC
Attachments
Bob Campbell
2001-12-01 07:17:48 UTC
Re: [CAD_CAM_EDM_DRO] Attachments