Results 1 to 17 of 17
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,279
    New email virus out -- check Symantec at http://securityresponse.symantec.com...rans.b@mm.html

    I started getting odd looking emails (and lots of 'em) yesterday, so I went hunting for new virus info and sure enough...

    I check my mail on the server before download (and delete anything that looks slightly suspicious), so can't verify what the emails look like, but the link above does have more info.

    All the ones I received (about 50 today alone) had only "Re:" in the subject, came from apparently legitimate email addresses, and were all 41K in size.

    According to Symantec, this bugger installs a keystroke trojan, but is easy to remove.

  2. #2
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    cedric,

    Good Look out!

    I had gotten three (and clicked them <IMG src=http://www.abestweb.com/smilies/bonk.gif> ) ... on the ABW server ... do you or anyone know if it affects a unix box?

    Haiko

    [ 11-26-2001: Message edited by: Haiko ]

  3. #3
    ABW Ambassador parentsworld's Avatar
    Join Date
    January 18th, 2005
    Location
    Calgary, Alberta, Canada
    Posts
    642
    I started getting them yesterday and mine are all RE: real subject lines of past conversations I've had with these people.

    Luckily I have my virus software auto update every night so it's been catching it as the email comes in -- I get the warning and simply delete it unread off the server.

    Sigh...here we go again, eh?

  4. #4
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    I've had a few of them they go straight in the bin.

    Haiko
    Since tyou opened the virus's, every time I view a different page here at abestweb I get a pop up with naked women on. Could you open some more I've seen all these now. [img]/infopop/emoticons/icon_biggrin.gif[/img] [img]/infopop/emoticons/icon_wink.gif[/img]

  5. #5
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    Gordon, I was wondering why Haiko put all the naked women pop up on Abestweb. Now we know. I hope he doesn't fix it to fast. <IMG src=http://www.abestweb.com/ubb/icons/icon38.gif>

  6. #6
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Yeah it's quite nasty.. F-Secure have some information at http://www.datafellows.fi/v-descs/badtrs_b.shtml (They call it Badtrans)

    Ah well, time to update my signatures again!

  7. #7
    ABW Ambassador parentsworld's Avatar
    Join Date
    January 18th, 2005
    Location
    Calgary, Alberta, Canada
    Posts
    642
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Gordon:
    Could you open some more I've seen all these now. [img]/infopop/emoticons/icon_biggrin.gif[/img] [img]/infopop/emoticons/icon_wink.gif[/img]<HR></BLOCKQUOTE>

    LOL Gordon...man, I can always count on this place for a smile in the STRANGEST threads [img]/infopop/emoticons/icon_biggrin.gif[/img]

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,279
    Haiko, from what I've read it's a Windows thing, but I cannot verify that anywhere... you need someone more knowledgeable than little ol' me for that answer.

  9. #9
    Assistant Regional Manager Rik's Avatar
    Join Date
    January 18th, 2005
    Location
    New Zealand
    Posts
    865
    I just got sent it but for some reason my mail program (Kaufman Mail Warrior) wouldn't download it, which is a good thing. Good thing you posted this Cedric, I deleted it from the server.

    Thanks Cedric for the heads up on the file size and subject heading.

    <IMG src=http://www.abestweb.com/ubb/icons/icon14.gif>

  10. #10
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Scarry when I see CNN and the BBC throwing this one up on their frontpage. Seems over 500,000 alerts over 24 hrs in just the British monitoring services. They said you don't even have to open the attachment ..just view the e-mail to catch it. I had 40+ RE: only e-mails yesterday which I deleted without viewing and updated Norton. Spent a hour this morning notifying clients. Put these cyber terrorists in Ben Ladens cave and nuke them all.

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,402
    Mike,
    You are correct...don't even have to open the attachment, just view it...Don't recall all of the specifics on it, but it was only Re: in the subject line, and the file extension was pif....Luckily my our software caught it too....

    Tom Pyles

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    Another subject line is 'me_NAKED'

    Now let me get this right.

    As long as you don't open the email you can just delete it?

    Or is it too late when you see the subject line in Outlook?

  13. #13
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    ÄúsTrálíĺ
    Posts
    1,372
    Outlook Express: um, how do you delete an email without opening it?

    To delete it, it needs to be selected (right click will also select it). Selecting an email will open it.

    A .pif is sent as an attachment (which must be opened seperately), and is not in the body of an email usually.
    Obviously there is a way to include it in the body of an email.
    I only thought that text/html (including javascript) was allowed to be in the body section.

  14. #14
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    Pete, I don't use Outlook Express.

    It's Outlook. Comes with Office 2000.

  15. #15
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    With Outlook Express, as soon as I go to my email and click on it the attachment tries to open. Then I get the "do you want to open attachment or save to computer". Then I just delete it. What I worry about is accidently double clicking. I'm glad I don't have my old mouse which was real trigger happy.<IMG src=http://www.abestweb.com/ubb/icons/icon38.gif> If there is an email above the infected one that you don't need to read and one below the infected email you can click on the email above hold shift key and click on the email below the infected one and that will highlight the 3 of them. Then just hit delete. As far as I'm aware, Outlook shouldn't open the attachment without asking. But don't take my word for it. Hope this makes sense.

    I have been getting pounded with them. The worse thing is is that I am loosing all these sign ups for my newsletter. <IMG src=http://www.abestweb.com/ubb/icons/icon36.gif>

    Another way if you can afford to delete all your emails. Just click on a good email, go to edit, slick select all and hit delete. I'm sure you all know that though.
    <IMG src=http://www.abestweb.com/ubb/icons/icon7.gif>

    [ 11-27-2001: Message edited by: Packy ]

  16. #16
    Full Member
    Join Date
    January 18th, 2005
    Location
    Des Moines, IA
    Posts
    298
    If your email program has a preview and you use it, that alone is enough to infect your system.

    If you're using Microsoft Outlook/Outlook, change the security settings in so that embedded scripting is disabled.

    The BadTrans worm is being transmitted with attached files that have extensions: .DOC, .PIC, .SCR and probable others

    I got mine from helavasearch.com, one of the new search engines. Can't say I'd recommend them.

    Ray

  17. #17
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    There's now a CERT Incident Note out on this - so BadTrans is now regarded as a very serious threat on the sort of Code Red/Sircam/Nimda level.

  18. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 0
    Last Post: May 30th, 2013, 11:50 PM
  2. VIRUS FROM WINDOWS UPDATE???
    By 807 in forum Midnight Cafe'
    Replies: 4
    Last Post: May 2nd, 2002, 11:30 AM
  3. UPDATE YOUR VIRUS SOFTWARE
    By Cedric in forum Midnight Cafe'
    Replies: 8
    Last Post: April 25th, 2002, 01:00 AM
  4. HIGH ALERT! Update your Virus Protection
    By Cedric in forum Midnight Cafe'
    Replies: 2
    Last Post: December 4th, 2001, 06:01 PM
  5. Password Protection
    By MrLeN in forum Programming / Datafeeds / Tools
    Replies: 6
    Last Post: October 17th, 2001, 07:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •