ATTENTION: BadTrans Virus!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • tha_timinator
    Confirmed User
    • Jan 2001
    • 590

    #1

    ATTENTION: BadTrans Virus!!!

    hi all,

    this morning i got infected by the BadTrans virus ( http://vil.nai.com/vil/virusSummary.asp?virus_k=99069 )...
    Accordign to this page it exists since april 11 2001 but this is the first time i received the virus plus i've read a couple of other sites whose earliest reports are from yesterday. so i think it became kinda active lately... that's why i thought let's warn you guys.

    you receive it through a subjectless e-mail and it runs automatically when viewing the mail (thanks to outlook express' security leak (which can only be fixed using a patch if you have outlook with service pack 2 (while i have sp1)))

    what is does is it tries to send itself to as much people as possible BUT the weird thing about it is that it DOES NOT send to the people in your addressbook (like all common worms do , as far as i know) but it looks like it fetches e-mailaddress from the websites in your cache!!! now have you ever heard of _that_ !?!?

    another nasty thing is that it also installs a keylogger and then tries to send the keylogs to the virus' author. This means that if you have the virus installed and you fill in you credit card number at some site or whatever the number might leak to the virus' author!!

    in brief; pretty damn important to get rid of the virus!

    p.s. i tried to clean my system using the DAT update of McAfee first but that didn't seem to work... so i cleaned my system manually after that and ever since i think i'm clean... so if you're infected i advise you to clean manually...

    well, hope this helps to prevent.

    Greets,
    Tha Timinator.
    CELEBRITYSTART.COM
  • Spud
    Confirmed User
    • Jul 2001
    • 340

    #2
    I've been getting about 5 of those a day. If you view the source in the email it's linking a strange iFrame
    iframe src=cid:EA4DMGBP9p height=0 width=0
    I have the outlook patch though so I haven't been infected but it's kind of freaky getting so many....

    ------------------
    The power of a potato

    Comment

    • brazz
      Confirmed User
      • May 2001
      • 135

      #3
      Timinator, Spud, somebody else,
      Do you know if I am safe from this and other Outlook Express related viruses if I completely delete (using Uninstall from Control Panel) OutLook Express from my machine?

      TIA,

      Comment

      • tha_timinator
        Confirmed User
        • Jan 2001
        • 590

        #4
        ?? is this serious?

        a worm is not a virus that is "in" outlook express but can be activated without your permission due to a security leak in outlook express!
        so if you simply don't receive e-mail through outlook express nothing can happen... no need to uninstall LOL
        CELEBRITYSTART.COM

        Comment

        • brazz
          Confirmed User
          • May 2001
          • 135

          #5
          Timinator,
          My machine is running W2K Server; I never used Outlook Express, but it was self installed, and I got infected with Nimda and CodeRed.
          I am completely ignorant about security issues; I spoke to some friends of mine (not specialists either, but a bit more well informed than me), they said that OutlookExpress (and only it) has some vulnerabilities which are easily exploited by hidding some malicious VB code in other Microsoft programs macros (Microsoft´s intention would be to make easier for Excel, Word, Access, *OutlookExpress* to exchange files among them). So, as I understood, just having OutlooExpress installed in your machine was a security hole, and I was advised to uninstall it.
          The Iloveyou, as an example, was sent as Iloveyou.jpg.vbs. This extension means it is a disguised VBasic coded macro; thanks to Microsoft's good intentions, this code is capable of activating Outlook Express, query the addresses list, maybe pick some other files in the user´s machine (like CodeRed did), send the mails to the the addresses, etc. That´s why Outlook Express is THE MOST vulnerable mail tool.

          But, again, this is what I was told, I have no background whatsoever to argue with anyone about this matter (this is not sarcasm).
          If possible, could anybody please clarify how far out I am?
          Thanks,

          [This message has been edited by brazz (edited 11-26-2001).]

          [This message has been edited by brazz (edited 11-26-2001).]

          Comment

          • evildick

            #6
            Just visit windowsupdate.microsoft.com to get all the critical updates.

            That will prevent you from getting infected automatically.

            Comment

            • tha_timinator
              Confirmed User
              • Jan 2001
              • 590

              #7
              brazz - again; no need for uninstalls... simply don't run it and you won't get harmed.

              evildick - yes i tried that ofcourse but i assure you; the patch didn't seem to apply to my system (the patch said; 'patch is not needed on your system') but in fact is IS needed because o.e. still automatically launches crap...
              CELEBRITYSTART.COM

              Comment

              • Amputate Your Head
                There can be only one
                • Aug 2001
                • 39075

                #8
                format c:
                SIG TOO BIG

                Comment

                • Aussie Rebel
                  Blow Me U Geeks
                  • Aug 2001
                  • 5108

                  #9
                  This is what I got from useing quick heal

                  NAME: W32.Badtrans.B

                  W32.Badtrans.B has suddenly struck in the wild.

                  The worm arrives in a email. The sender name
                  and the attachment file name both are variable.

                  The attached filename is also selcted from one
                  of the following names:

                  "PICS", "IMAGES","README","New_Napster_Site","NEWS_DOC ",
                  "HAMSTER", "YOU_are_FAT!" or "YOU_ARE_FAT!","stuff",
                  "SETUP","Card" or "CARD","Me_nude" or "ME_NUDE",
                  "Sorry_about_yesterday","info", "docs" or "DOCS",
                  "Humor" or "HUMOR","fun" or "FUN","SEARCHURL"
                  "S3MSONG"

                  The attachment file has a double extention.

                  All users are requested if they receive such mail
                  with any such attachment
                  PLEASE DO NOT EXECUTE SUCH ATTACHMENT
                  delete this file/Email.

                  A Special update has been provided on 26st November 2001
                  having solution for this virus.

                  PLEASE UPDATE YOUR COPY USING THE SPECIAL UPDATE
                  PROVIDED ON 26th NOVEMBER.

                  If you have any queries please write to [email protected]

                  Thanking you,
                  Quick Heal Team

                  Comment

                  • Slick
                    Confirmed User
                    • Feb 2001
                    • 7338

                    #10
                    I'm getting NAILED with that fucking virus today. Already got about 50 of them. With Norton, it's good and bad because it picks up every one of those and asks me what I want to do with them, talk about a tedious waste of time.

                    Why the fuck do people make those damn things, they don't do any good at all, just a big pain in the fucking ass. I'd like to get my hands on the pricks that are behind them.

                    Comment

                    • Slick
                      Confirmed User
                      • Feb 2001
                      • 7338

                      #11
                      Wow, I saved myself a lot of headaches here making a filter on my email. I just set it up when someone sends me an email with Re: in the subject AND it has an attachment to just toss it in the trash.

                      I feel MUCH better about it already, he he he. I feel that those are safe prefs because if someone's gonna send me attachments, chances are, they're not gonna reply to me with them. If they are, I'll expect them.

                      Comment

                      Working...