BadTrans virus bites Windows users hard

Hello guest,: To benefit from all extra features you need to log in or sign up.

26 Nov 01 15:33 by CDFreaks in category Uncategorized To news archive

Print this page

A new week and new virus trouble is out so time to update the virus scanners and becarefull with your email.

Computer users turned on their PCs this morning to find their In-boxes flooded with copies of the latest mass mailing virus.

BadTrans.B is spreading rapidly.

BadTrans.B is a variant of a virus which first appeared in April. It usually arrives as an email with either the subject line Re: (name of file attachment) or Re: (the subject line of a previous message thread). The email contains a double attachment and a name made up of a series of elements which “alternate like a fruit machine“, according to Mark Sumner, CTO of MessageLabs.

BadTrans.B uses a known exploit, related to the processing of certain unusual MIME types, in certain versions of Outlook Express 5 so as to launch an attachment automatically. The trick, which was also used by the authors of the Nimda worm, means simply previewing an infected email is enough to get infected. Users who double click on an infected attachment also risk infection.

BadTrans.B uses MAPI to spread and gets target addresses from unread messages in a user’s email client. The worm also drops a file named kdll.dll, which is the password stealing Trojan PWS-AV , on an infected user’s PC.

read the full story Here

Source: TheRegister

9 Comments

guest: Posts: 15288; Posted on: 26 Nov 01 16:21

Damn I have the kdll.dll file... Should I be alarmed? Let's see what NAV2002 finds...

guest: Posts: 15288; Posted on: 26 Nov 01 16:40

Hmm it did find the virus but said 'Can't repair it'

Well that's big help...

theEye: Posts: 461; Posted on: 26 Nov 01 17:26

Sorry GAM3FR3AK, but NAV200x simply SUX :r Better get the scanner from www.avp.ch

MarcoR: Posts: 44; Posted on: 26 Nov 01 18:32

I know it sucks

...All the viruses NAV has found for me it doesn't repair

guest: Posts: 15288; Posted on: 26 Nov 01 19:21

To GAM3FR3AK Be sure it's really kdll.dll (trojan) and not skdll.dll (Micro$oft)... if it's the trojan, try to quanrantine the file.

guest: Posts: 15288; Posted on: 27 Nov 01 04:43

When are they going to hunt down those virus makers and hang them? And while they're at it, why not hang Bill 'security hole' Gates. I get about 20 virusses each day in my mailbox.

guest: Posts: 15288; Posted on: 27 Nov 01 05:27

GAM3FR3AK: If NAV says it can't fix it, it's usually because the file is resident in memory and the file is locked by the OS for writing/deletion. Just reboot into dos and delete the file manually and rerun your NAV to be sure you got it all...

guest: Posts: 15288; Posted on: 27 Nov 01 11:19

Thanks all for the help... I'll try some things and see if it works. I got 10 more copies today of the virus via e-mail. Really irritating because the subject line is mostly 'Re:' and I get a lot of mail each day so I usually just open it. Now when I open such an e-mail NAV pops up "You have a virus ... can't repair, blablabla" but Outlook Express (6) does warn me if I want to open the mail because it might contain a virus (and indeed it does). I've always selected No so I wonder if I'm really infected. I do have a proper firewall installed (ZoneAlarm Pro) and no app has tried to connect thus far nor did my mail program send out messages containing the virus (at least none I know of).

vexorg: Posts: 1; Posted on: 27 Nov 01 23:30

1. don't use outlook. it is worse than the virus. if no one used outlook there would be very few virus. MS should be fined every time a virus came out, then maybe they fix their program. 2. anti-virus programs don't help in situations like this. new virus just slip by as the anti-virus programs don't look for new virus. 3. gamefr3ak: firewall won't help. unless it is like the nimda virus which looks for web servers, and again only MS IIS, anyone seeing a patern here??

Most popular headlines

Repeat UK file sharers to be banned (2)

Wednesday 28 October 22:56 by Randomus
Piracy

Internet users in the United Kingdom accused of illegally sharing copyrighted music and movie files will face stiff penalties, starting with warning letters that will lead to bandwidth restrictions, according to media reports from the UK.

Nintendo to launch larger screen DSi

Wednesday 28 October 01:35 by Randomus
Game Consoles

Nintendo is expected to launch a new DSi hand-held gaming device in Japan that has a larger screen, as the company tries to increase sales in the hand-held gaming market it once dominated.

T-Mobile offers no contract phone plan

Tuesday 27 October 22:46 by Randomus
Mobile Phones

In an effort to better compete with Verizon Wireless and AT&T, T-Mobile has introduced new no-contract wireless plans that include unlimited voice services.

2 new Roku boxes launched for Netflix & more

Tuesday 27 October 21:50 by JaredNewman
Online Video

Roku's streaming set-top set-top boxes now come in three flavors, adding new features as well.

See all headlines