HOFMANN-L Archives

Archiver > HOFMANN > 2001-11 > 1007079911


From: "Michael G. McManness" <>
Subject: [Hofmann] [admin] Virus Update
Date: Thu, 29 Nov 2001 18:25:11 -0600


Hi Everyone,

I hope this email finds you happy and preparing for the Holidays. This
email is to inform you (if you don't already know) that virii are running
rampant again! This virus has a very high penetration rate and is highly
successful in the payload. My only note on this latest virus to go around
is that, in my perception at least, it has in its few days of existence
infected many more list subscribers than I ever recall being infected with
the first round of BADTRANS. I am still getting a lot of virus infected
mail. It is almost a full time job trying to keep up with the virus.

Please protect your computer files for your sake as well as others. For
benefit of you newbies, the BadTrans is a nasty little worm that gets into
your computer and mails out messages without your knowledge. This new
version of the worm also drops a backdoor trojan that logs keystrokes.
Those messages contain an attachment with the virus. The latest version of
Badtrans, as well as some of the older viruses or worms, may show up in your
mailbox as a message from a fellow genealogist, and may have a subject line
that looks like a genealogy message. People continue to open attachments
even though they aren't expecting anything....and they get a virus. That
virus picks up email addresses from your inbox and address book and sends it
to every email address that it finds. Please be suspicious any time you
receive an email with an attachment or that has a blank message. Pretend
you got home from work and found a pretty wrapped box on your porch
unexpectedly...that was ticking.

If YOU have the infected computer I will unsubscribe you from the maillist
until you've cleaned your machine and let me know about it. This is for
protection of the other subscribers computers.


Free Online Virus Scanner:
http://housecall.antivirus.com/pc_housecall/

Use Microsoft Internet Explorer 5.01 or 5.5?
Be Sure You Have This Patch:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Viruses, Trojans and Worms:
http://helpdesk.rootsweb.com/virus.html


1. W32.Badtrans.B@mm

W32.Badtrans.B@mm is a MAPI worm that emails itself out as a file
with one of several different names. This worm also creates a .dll in
the \Windows\System directory as Kdll.dll. It uses functions from
this .dll to log keystrokes. Virus definitions dated November 24,
2001 will detect this worm. For additional information, point your
Web browser to:

http://www.symantec.com/techsupp/vURL.cgi/nav108
_____________________________

2. W32.Aliz.Worm

W32.Aliz.Worm is a very simple SMTP mass-mailer worm. The worm
currently only replicates on Windows 9x computers. It does not seem
to spread on Windows NT platforms. The worm spreads by obtaining
email addresses from the Windows address book and sending itself to
those addresses. Virus definitions dated May 22, 2001 will detect
this worm.

When the worm arrives by email, the worm uses a MIME exploit that
allows the virus to be run just by reading or previewing the email.
Information on and a patch for this exploit can be found at

If you receive a blank message from someone or if you receive an attachment
from someone you may or may not know, USE A VIRUS DETECTOR before you open
it. If in doubt, quarantine the attachment and inquire of the sender. All
attachments should be suspect if you are not expecting to receive them. At
the present time, images (JPG, GIF) are safe to open.

If you have any questions or comments you're welcome to email me
.

I hope this information helps. If you have problems or further questions
please let me know. :-) Thanks, Mike

*************************

Michael G. McManness, a Jayhawk through and through, eating, sleeping,
breathing, and bleeding Crimson and Blue near the University of Kansas.
Family genealogist and research historian. "Character may be manifested in
the great moments, but it is made in
the small ones." --- Phillip Brooks

*************************


This thread: