At 03:22 PM 11/26/01 -0600, yd3@nvc.net wrote:
>Twice today my ISP blocked messages which contained a virus called
>W 9 5 / B a d t r a n s . B @ m m
>
>I haven't seen that virus name before.
It's real. Don't open it. Also update your anti-virus software
immediately, as there are updates within the last 24 hours. McAfee Anti
Virus has this ti say about it:
W32/Badtrans@MM Medium On Watch
Discovery Date: 04/11/2001
Origin: Unknown
Length: 13,312
Type: Virus
SubType: Internet Worm
cs UPDATE November 25, 2001 20:30 PST
AVERT has raised the Risk Assessment on the Badtrans.b variant to Medium On
Watch for corporate users and High for home users. We have received many
reports that the virus is being seen and stopped at corporate gateways and
mailservers. However, we continue to get reports from the home user segment
that they have become infected. This is due to the fact that home users
tend to update their DAT files less frequently and often do not have
VirusScan configured to scan compressed files which is required for detection.
....
This new variant of Badtrans drops a password stealing trojan which is
detected as a variant of PWS-AV since the 4172 DATs.
UPDATE November 24, 2001 15:30 PST
A new variant of Badtrans has been discovered. This is considered to be
variant .b by some companies. .... The variant will be detected as
W32/Badtrans@MM when scanning compressed files.
This variant is a Medium risk as is the first variant. ....
Badtrans.a details:
This mass mailing worm attempts to send itself using Microsoft Outlook by
replying to unread email messages. It also drops a remote access trojan
(detected as Backdoor-NK.svr ....).
.... (lots of detail deleted) ...
The message body may contain the text:
Take a look to the attachment.
///
/// mgs@autox.team.net mailing list
/// or try http://www.team.net/cgi-bin/majorcool
///
|