|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
11-26-2001, 12:46 AM
|
#1 |
|
Confirmed User
Join Date: Jan 2001
Location: Amsterdam, the Netherlands
Posts: 590
|
ATTENTION: BadTrans Virus!!!
hi all,
this morning i got infected by the BadTrans virus ( http://vil.nai.com/vil/virusSummary.asp?virus_k=99069 )... Accordign to this page it exists since april 11 2001 but this is the first time i received the virus plus i've read a couple of other sites whose earliest reports are from yesterday. so i think it became kinda active lately... that's why i thought let's warn you guys. you receive it through a subjectless e-mail and it runs automatically when viewing the mail (thanks to outlook express' security leak (which can only be fixed using a patch if you have outlook with service pack 2 (while i have sp1))) what is does is it tries to send itself to as much people as possible BUT the weird thing about it is that it DOES NOT send to the people in your addressbook (like all common worms do , as far as i know) but it looks like it fetches e-mailaddress from the websites in your cache!!! now have you ever heard of _that_ !?!? another nasty thing is that it also installs a keylogger and then tries to send the keylogs to the virus' author. This means that if you have the virus installed and you fill in you credit card number at some site or whatever the number might leak to the virus' author!! in brief; pretty damn important to get rid of the virus! p.s. i tried to clean my system using the DAT update of McAfee first but that didn't seem to work... so i cleaned my system manually after that and ever since i think i'm clean... so if you're infected i advise you to clean manually... well, hope this helps to prevent. Greets, Tha Timinator. |
|
|
|
11-26-2001, 01:32 AM
|
#2 |
|
Confirmed User
Join Date: Jul 2001
Location: Seattle
Posts: 340
|
I've been getting about 5 of those a day. If you view the source in the email it's linking a strange iFrame
iframe src=cid:EA4DMGBP9p height=0 width=0 I have the outlook patch though so I haven't been infected but it's kind of freaky getting so many.... ------------------ The power of a potato |
|
|
|
|
11-26-2001, 01:53 AM
|
#3 |
|
Confirmed User
Join Date: May 2001
Posts: 135
|
Timinator, Spud, somebody else,
Do you know if I am safe from this and other Outlook Express related viruses if I completely delete (using Uninstall from Control Panel) OutLook Express from my machine? TIA, |
|
|
|
|
11-26-2001, 02:23 AM
|
#4 |
|
Confirmed User
Join Date: Jan 2001
Location: Amsterdam, the Netherlands
Posts: 590
|
?? is this serious?
a worm is not a virus that is "in" outlook express but can be activated without your permission due to a security leak in outlook express! so if you simply don't receive e-mail through outlook express nothing can happen... no need to uninstall  LOL |
|
|
|
|
11-26-2001, 06:06 AM
|
#5 |
|
Confirmed User
Join Date: May 2001
Posts: 135
|
Timinator,
My machine is running W2K Server; I never used Outlook Express, but it was self installed, and I got infected with Nimda and CodeRed. I am completely ignorant about security issues; I spoke to some friends of mine (not specialists either, but a bit more well informed than me), they said that OutlookExpress (and only it) has some vulnerabilities which are easily exploited by hidding some malicious VB code in other Microsoft programs macros (Microsoft´s intention would be to make easier for Excel, Word, Access, *OutlookExpress* to exchange files among them). So, as I understood, just having OutlooExpress installed in your machine was a security hole, and I was advised to uninstall it. The Iloveyou, as an example, was sent as Iloveyou.jpg.vbs. This extension means it is a disguised VBasic coded macro; thanks to Microsoft's good intentions, this code is capable of activating Outlook Express, query the addresses list, maybe pick some other files in the user´s machine (like CodeRed did), send the mails to the the addresses, etc. That´s why Outlook Express is THE MOST vulnerable mail tool. But, again, this is what I was told, I have no background whatsoever to argue with anyone about this matter (this is not sarcasm). If possible, could anybody please clarify how far out I am? Thanks, [This message has been edited by brazz (edited 11-26-2001).] [This message has been edited by brazz (edited 11-26-2001).] |
|
|
|
|
11-26-2001, 06:33 AM
|
#6 |
|
Guest
Posts: n/a
|
Just visit windowsupdate.microsoft.com to get all the critical updates.
That will prevent you from getting infected automatically. |
|
|
|
11-26-2001, 01:13 PM
|
#7 |
|
Confirmed User
Join Date: Jan 2001
Location: Amsterdam, the Netherlands
Posts: 590
|
brazz - again; no need for uninstalls... simply don't run it and you won't get harmed.
evildick - yes i tried that ofcourse but i assure you; the patch didn't seem to apply to my system (the patch said; 'patch is not needed on your system') but in fact is IS needed because o.e. still automatically launches crap...  |
|
|
|
|
11-26-2001, 01:14 PM
|
#8 |
|
There can be only one
Industry Role:
Join Date: Aug 2001
Location: Somewhere else
Posts: 39,075
|
format c:
|
|
|
|
|
11-26-2001, 02:11 PM
|
#9 |
|
Blow Me U Geeks
Join Date: Aug 2001
Location: Maximum Security
Posts: 5,108
|
This is what I got from useing quick heal
NAME: W32.Badtrans.B W32.Badtrans.B has suddenly struck in the wild. The worm arrives in a email. The sender name and the attachment file name both are variable. The attached filename is also selcted from one of the following names: "PICS", "IMAGES","README","New_Napster_Site","NEWS_DOC ", "HAMSTER", "YOU_are_FAT!" or "YOU_ARE_FAT!","stuff", "SETUP","Card" or "CARD","Me_nude" or "ME_NUDE", "Sorry_about_yesterday","info", "docs" or "DOCS", "Humor" or "HUMOR","fun" or "FUN","SEARCHURL" "S3MSONG" The attachment file has a double extention. All users are requested if they receive such mail with any such attachment PLEASE DO NOT EXECUTE SUCH ATTACHMENT delete this file/Email. A Special update has been provided on 26st November 2001 having solution for this virus. PLEASE UPDATE YOUR COPY USING THE SPECIAL UPDATE PROVIDED ON 26th NOVEMBER. If you have any queries please write to [email protected] Thanking you, Quick Heal Team |
|
|
|
|
11-26-2001, 02:19 PM
|
#10 |
|
Confirmed User
Industry Role:
Join Date: Feb 2001
Location: Houghton, MI
Posts: 7,338
|
I'm getting NAILED with that fucking virus today. Already got about 50 of them. With Norton, it's good and bad because it picks up every one of those and asks me what I want to do with them, talk about a tedious waste of time.
Why the fuck do people make those damn things, they don't do any good at all, just a big pain in the fucking ass. I'd like to get my hands on the pricks that are behind them. |
|
|
|
|
11-26-2001, 08:12 PM
|
#11 |
|
Confirmed User
Industry Role:
Join Date: Feb 2001
Location: Houghton, MI
Posts: 7,338
|
Wow, I saved myself a lot of headaches here making a filter on my email. I just set it up when someone sends me an email with Re: in the subject AND it has an attachment to just toss it in the trash.
I feel MUCH better about it already, he he he. I feel that those are safe prefs because if someone's gonna send me attachments, chances are, they're not gonna reply to me with them. If they are, I'll expect them. |
|
|
|
