URGENT NEW VIRUS WARNING...
14 April 2001, 03:14 PM
#1
Scooby Newbie
Thread Starter
Join Date: Aug 2001
Posts: 11
Likes: 0
Received 0 Likes
on
0 Posts
I recieved this mail on my work account today and thought I would share it! Worth a read through if nowt else!!
Be careful out there!!!
CheeRS...
EMAIL VIRUS WARNING - W32.Badtrans.13312@mm
A small number of BP users have received a new email attachment virus TODAY. Please treat any file attachment received, that has the same name as any file in the list below suspiciously and delete the email immediately. The file will come from someone you recently sent a message to and will have the same Subject as the message you sent them (the virus will reply to your message and will attach the infected file).
What does it look like ?
The message you could receive 'Will look like a reply to a message you have sent' and will have included file attachments of :
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif
'What does it do ?
When the worm is executed, it drops the backdoor Trojan Hkk32.exe in the Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message:
The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm will attach itself to the email, inserting one of the above listed files :
BP's Current Protection situation
All our external Internet email gateways are detecting these infected files and will therefore delete any files that may be sent out of BP. Steps are being taken to update your Desktop anti-virus software.
What do you need to do ?
If you receive this message - please ensure you DELETE without accessing the file attachment. ( Viewing in Preview Pane is OK as along as you don't double click on the file )
Any further information
Only contact your local Help Desk if you suspect your PC is Infected. Please don't inform the Helpdesk if you receive and delete the file.
BP's Virus Management
We always ensure that all our e-Mail gateways ( where e-Mail travels in & out of BP ) & COE clients are updated as soon as protection is available for any new virus. However due to the use of the Internet & the speed at which viruses can now replicate we can often have new viruses within BP before the software vendors issue these protection files - which is why continued good practice by you on your PC remains essential.
E-Mail viruses have 2 impacts if they are run on your PC - they will try to send themselves to people in your address book and also execute a payload locally e.g. deleting files - our current software will always prevent any local damage to your PC as long as it is up to date but we are continuing to work with our software vendors to prevent the part of such viruses that is allowing further distribution via e-mail.
Further information
For information on any high priority virus alerts you can always visit :
Be careful out there!!!
CheeRS...
EMAIL VIRUS WARNING - W32.Badtrans.13312@mm
A small number of BP users have received a new email attachment virus TODAY. Please treat any file attachment received, that has the same name as any file in the list below suspiciously and delete the email immediately. The file will come from someone you recently sent a message to and will have the same Subject as the message you sent them (the virus will reply to your message and will attach the infected file).
What does it look like ?
The message you could receive 'Will look like a reply to a message you have sent' and will have included file attachments of :
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif
'What does it do ?
When the worm is executed, it drops the backdoor Trojan Hkk32.exe in the Windows folder, and then executes it. It then copies itself into the Windows folder as inetd.exe, adds a run= line to the Win.ini, and displays the following message:
The next time that the computer is rebooted, the worm will wait for 5 minutes, then it will use MAPI to find all unread email messages and reply to all of them. The worm will attach itself to the email, inserting one of the above listed files :
BP's Current Protection situation
All our external Internet email gateways are detecting these infected files and will therefore delete any files that may be sent out of BP. Steps are being taken to update your Desktop anti-virus software.
What do you need to do ?
If you receive this message - please ensure you DELETE without accessing the file attachment. ( Viewing in Preview Pane is OK as along as you don't double click on the file )
Any further information
Only contact your local Help Desk if you suspect your PC is Infected. Please don't inform the Helpdesk if you receive and delete the file.
BP's Virus Management
We always ensure that all our e-Mail gateways ( where e-Mail travels in & out of BP ) & COE clients are updated as soon as protection is available for any new virus. However due to the use of the Internet & the speed at which viruses can now replicate we can often have new viruses within BP before the software vendors issue these protection files - which is why continued good practice by you on your PC remains essential.
E-Mail viruses have 2 impacts if they are run on your PC - they will try to send themselves to people in your address book and also execute a payload locally e.g. deleting files - our current software will always prevent any local damage to your PC as long as it is up to date but we are continuing to work with our software vendors to prevent the part of such viruses that is allowing further distribution via e-mail.
Further information
For information on any high priority virus alerts you can always visit :
14 April 2001, 05:42 PM
#4
Scooby Regular
Join Date: Dec 2001
Posts: 436
Likes: 0
Received 0 Likes
on
0 Posts
Don't blame MS, blame the drive for functionality and intergration demanded by the user population...
If the world was dominated by Linux we all have more virulent damaging code floating around due to the inside knowledge of it by every man and his dog...
If the world was dominated by Linux we all have more virulent damaging code floating around due to the inside knowledge of it by every man and his dog...
14 April 2001, 08:12 PM
#6
Scooby Senior
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Ga22ar,
It is not user demand but MS *push* - well over 90% of (paid for) functionality isn't used by Mr (or Mrs) average (in any of their products). BTW, thats just a guess, before you challenge me for proof
How many people know what an .scr or .pif file does anyway (never mind a .vbs or a scrap file)?
e-mail has been around for many years - well before MS decided to make an offering. There were not the same problems in the past (although admittedly, the Internet was not quite so big either!).
And at least with Linux, you _can_ look at the source code to check for holes (and fix them).
But if you do want to be safe - bring on VMS!!!
mb
It is not user demand but MS *push* - well over 90% of (paid for) functionality isn't used by Mr (or Mrs) average (in any of their products). BTW, thats just a guess, before you challenge me for proof
How many people know what an .scr or .pif file does anyway (never mind a .vbs or a scrap file)?
e-mail has been around for many years - well before MS decided to make an offering. There were not the same problems in the past (although admittedly, the Internet was not quite so big either!).
And at least with Linux, you _can_ look at the source code to check for holes (and fix them).
But if you do want to be safe - bring on VMS!!!
mb
Thread
Thread Starter
Forum
Replies
Last Post
Blow Dog
Non Scooby Related
4
16 September 2001 12:22 PM