"W32/Badtrans" Worm
Thread Starter
|
Senior Member
Joined: Dec 2000
Posts: 172
Likes: 0
From: USA
"W32/Badtrans" Worm
ALERT! This is one is a nasty one.
Quoted from mcafee.com
"W32/Badtrans@MM is a mass-mailing worm that drops a remote-access Trojan. The virus arrives via email in Microsoft Outlook and attempts to send itself by replying to unread email messages. The email may contain the text "Take a look to the attachment" in the message body and will contain an attachment that is 13,312 bytes in length. The attachment name is created from three sections.
The first part is chosen from the possibilities:
fun
Humor
docs
info
Sorry_about_yesterday
Me_nude
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site README
images
Pics
The second part is chosen from the possibilities:
.DOC.
.MP3.
.ZIP.
and the last part from the possibilities:
pif
scr"
Here's the part that really sucks:
"Once running, the Trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the Trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords."
More infor here:
http://www.mcafee.com/anti-virus/vir...t.asp?cid=2607
Quoted from mcafee.com
"W32/Badtrans@MM is a mass-mailing worm that drops a remote-access Trojan. The virus arrives via email in Microsoft Outlook and attempts to send itself by replying to unread email messages. The email may contain the text "Take a look to the attachment" in the message body and will contain an attachment that is 13,312 bytes in length. The attachment name is created from three sections.
The first part is chosen from the possibilities:
fun
Humor
docs
info
Sorry_about_yesterday
Me_nude
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site README
images
Pics
The second part is chosen from the possibilities:
.DOC.
.MP3.
.ZIP.
and the last part from the possibilities:
pif
scr"
Here's the part that really sucks:
"Once running, the Trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the Trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords."
More infor here:
http://www.mcafee.com/anti-virus/vir...t.asp?cid=2607
Senior Member
Joined: Apr 2000
Posts: 200
Likes: 0
From: Canada
Yeah I just cleaned it out of a friend's system. It created a Kernel32.exe file in the System directory. Not many people know that Kernel32 is a dll and not a exe 
You can download a exe file from symantic that will remove the worm automatically.
Remember to always keep your system up to date, never trust email attachements and keep your mouse ***** clean*
*Optical mouses need not apply
You can download a exe file from symantic that will remove the worm automatically.
Remember to always keep your system up to date, never trust email attachements and keep your mouse ***** clean*
*Optical mouses need not apply
Senior Member
Joined: Jul 2000
Posts: 5,116
Likes: 3
From: Houston, by way of every major city in America.
I have been getting strange e-mails lately, usually from someone I had spoken to a few days before. I would get them, and the subject would be the same as the original. It would have Re: Re: before it in the subject line. The other curious thing is that it uses the senders correct address, but ever so slightly modified so maybe you can't tell. Both times it had an attachment indicator in the subject, but no attachment. The body of the e-mails were blank, except for a small corner looking icon. I have not noticed anything wrong other than the funny mailings. Is this what you are talking about??,,,,98