CHEEK-L Archives

Archiver > CHEEK > 2001-11 > 1006989474


From: genelistmom <>
Subject: [CHEEK] (CHEEK)IMPORTANT From ADMIN.GENELISTMOM, PLEASE READ
Date: Wed, 28 Nov 2001 15:17:54 -0800 (PST)


Cheek Lister's, I want everyone to understand that if
your Anti Virus isn't up to date and you get the virus
I will email you and tell you that you need to clean
your computer and will unsub you until you let me know
that you are clean. This is the only way that we can
try to stop it.
Thank you Joan for the following.

>
> > > Dear List Members,
> > >
> > > I think it would benefit all of you to take the
> > > time to read this explanation, as it will
> explain
> > further, and in more
> > > detail, how this nasty virus works.
> >
> > I've been in touch with a LOT of people who have
> > become infected with this
> > virus and some of the information included below
> > isn't consistent with what
> > they experienced. I think the AV software
> companies
> > are still learning about
> > this virus.
> > >
> > > It is called "W32/BadTrans.b@MM". It is quite
> > different from the original
> > > "W32/BadTrans@MM" virus.
> >
> > This is true!
> > >
> > > First, here's how it works. When a user
> becomes
> > infected, the next time
> > > he/she reboots the computer, the virus goes
> > through the user's email
> > program
> > > and looks for unread emails in all the
> mailboxes.
> > It picks some of these,
> > > makes a reply to them, and sends itself.
> >
> > This is NOT true--the infected users told me that
> > the virus attachments were
> > sent out BEFORE they ever rebooted their
> computers.
> > Some of them rid their
> > computers of the virus without EVER rebooting
> after
> > becoming infected because
> > they were notified that others had received the
> > virus attachment from them.
> > >
> > > Here's the kicker. It uses the infected
> persons
> > email address as the
> > > sender, BUT it adds "_" (underscore) before the
> > real address. The subject
> > > line will probably have nothing but "RE:"
> > (nothing else). The body of the
> > > email will be completely blank. There are no
> > attachments, so there is
> > > nothing to click. The virus is embedded in the
> > body, with cute code to
> > hide
> > > it; the recipient never sees anything but a
> > totally blank message.
> >
> > The message appears blank only for those
> recipients
> > who use Outlook. Others
> > will see the 'Iframe' coding.
> >
> > <snip>
> > >
> > > In addition, the virus tries to dig through the
> > infected person's computer
> > > and send email addresses, credit card numbers,
> > bank account numbers,
> > > passwords, etc., back to the writer of the
> virus.
> >
> > Yes, it digs, but it also has a "keystroke trojan"
> > that picks up keystrokes
> > as you type in your passwords and credit card
> > numbers, etc. and then can send
> > them to the virus author.
> >
> > <snip>
> >
> > > The patch to fix this exploit has been
> available
> > from Microsoft since May
> > > 16, 2001 !!!!!!!!!!
> >
> > I've corresponded with infected people who DID
> have
> > the patch installed! So
> > that isn't fool-proof either.
> > >
> > <snip>
> > >
> > > I have seen emails on some of the Lists to
> which
> > I subscribe, where
> > > obstinate users absolutely refuse to install an
> > Anti-Virus (AV) program.
> > > They claim they are intelligent and experienced
> > enough to never become
> > > infected. NOT SO !!!!! This latest atrocity
> is
> > being spread by some of
> > > these "superior" users. What users without AV
> > programs don't understand
> > > is that they are doing all the rest of us
> > hundreds of million users a great
> > > disservice. I'm tired of downloading dozens of
> > messages every day
> > > containing this virus (and others).
> >
> > True, but they are correct in one respect--you
> can't
> > JUST rely on AV
> > software--you still have to be cautious. Some of
> my
> > correspondents were the
> > 'lucky' souls who first received this virus (and
> > were infected without
> > opening an attachment) and who then reported the
> > problem to the AV Software
> > companies who then added it to their definitions
> to
> > protect the rest of us.
> >
> > Joan


__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

This thread: