ad: CQMM-1

Latest Computer Virus Attack

Discussion in 'Amateur Radio News' started by Guest, Nov 27, 2001.

Thread Status:
Not open for further replies.
ad: L-HROutlet
ad: l-rl
ad: L-MFJ
ad: Left-2
ad: Radclub22-2
ad: abrind-2
ad: Left-3
  1. Guest

    Guest Guest

    A new variant of Badtrans has been discovered, referred to as Badtrans.b.
    AVERT has raised the Risk Assessment on this variant of W32/Badtrans@MM to
    High Risk for Consumers. We have received many reports from the home users
    that they have become infected. It is believed that failure to update
    [your anti-virus software] recently has caused this increase in occurrence.


    We have a few tips on how to spot and avoid it.



    W32/Badtrans@MM is a mass-mailing worm that drops a remote-access Trojan.
    The virus arrives via email in Microsoft Outlook and attempts to send itself
    by replying to unread email messages. The email may contain the text "Take a
    look to the attachment" in the message body and will contain an attachment
    that is 13,312 bytes in length. The attachment name is created from three
    sections.



    The first part is chosen from the possibilities:



    fun

    Humor

    docs

    info

    Sorry_about_yesterday

    Me_nude

    Card

    SETUP

    stuff

    YOU_are_FAT!

    HAMSTER

    news_doc

    New_Napster_Site README

    images

    Pics





    The second part is chosen from the possibilities:




    .DOC.

    .MP3.

    .ZIP.




    and the last part from the possibilities:




    pif

    scr




    If the attachment is opened, the worm displays a message box entitled,
    "Install error" which reads, "File data corrupt: probably due to a bad data
    transmission or bad disk access." A copy is saved into the WINDOWS directory
    as INETD.EXE and an entry is entered into the WIN.INI file to run INETD.EXE
    at startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid
    keylogger DLL) are written to the WINDOWS SYSTEM directory, and a registry
    entry is created to load the Trojan upon system startup.
    HKLMSOFTWAREMicrosoftWindowsCurrentVersion
    RunOncekernel32=kern32.exe



    Once running, the Trojan attempts to mail the victim's IP Address to the
    author. Once this information is obtained, the author can connect to the
    infected system via the Internet and steal personal information such as
    usernames, and passwords. In addition, the Trojan also contains a keylogger
    program which is capable of capturing other vital information such as credit
    card and bank account numbers and passwords.




    A couple of Tips from QRZ:



    Tip #1 - Be Safe and don't open attachments, even if you know
    who they are from. Look at the sender's address. If it
    begins with an underscore (_) then it's suspect. If the
    entire subject is "re:", it's suspect. This virus tries its best
    to make you think that its coming from somebody you know.




    Tip #2 - Previous diatribe about Microsoft Outlook deleted
    <blockquote>
    Since this article was published it has become apparent
    that the virus affects many mail programs, including
    Outlook, Eudora, and Netscape Messenger. oh well...
    </blockquote>




    -fred, AA7BQ
     
    Guest, Nov 27, 2001
    #1
Thread Status:
Not open for further replies.

Share This Page

ad: CQMM-1