L&L
Markess
From: Swani <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Thu, 29 Nov 2001 14:57:04 +1300
To: [EMAIL PROTECTED]
Subject: Re: (Fwd) We have a massive increase in virus-infected e-mails
Yeah, me too.
I have had seven of these in the last three days. All from this list!
The key thing to have is a good antivirus, either on the computer, or from
the internet service provider.
Great care is required at the moment, i have been getting the w32magister
and the badtransB lately.
Later.
S.
At 20:24 28/11/2001 +1200, you wrote:
>FYI... this information was posted on <nz.comp> today.
>
>I've had a rash of virus infected email from unsuspecting members of
>these Lists, in the last 2 - 3 days. Microsoft email software users are
>the most vulnerable, one reason why I use Pegasus, a very
>professional NZ produced emailer. See http://pmail.com - it's free!
>
>NB: Version 4.01 is new and I'm not sure that it has settled down
>yet. Versions 3.xx are available at ftp://risc.ua.edu.
>
>Cheers... Rex
>
>
>------- Forwarded message follows -------
>Date sent: Wed, 28 Nov 2001 09:30:24 +1300
>From: "Markus Winter" <[EMAIL PROTECTED]>
>Subject: We have a massive increase in virus-infected e-mails
>
>Hi all,
>
>We are currently seeing a massive increase in virus infected e-mails.
>It is a virus which is designed to collect logins and passwords (ie
>account information) and transmit them back to it's originator.
>Furthermore the virus tends to change the return e-mail address to
>make it more difficult for people to mail back and warn the sender.
>For more information see:
>
>> [CNET] "While Badtrans.B is not destructive, it does install a
>> keylogger, a program that records what a person using the infected
>> PC types and then sends the information to the virus writer's e-mail
>> address. The key-logging program, known as Backdoor-NK.server,
>> focuses specifically on four software functions that are used by
>> programs to allow a person to enter a password, so it mainly records
>> account information entered. [...]
>> " The virus uses a vulnerability in Microsoft's Internet Explorer
>> 5.01 and 5.5 to automatically execute itself on PCs that don't have
>> a patched Web browser. Opening the e-mail in a separate window or
>> Outlook's preview pane will cause the worm to execute on unpatched
>> machines."
>>
>> [Symantec] "This worm arrives as an email with one of several
>> attachment names and a combination of two appended extensions. The
>> list of possible file names is:
>>
>> * HUMOR
>> * DOCS
>> * S3MSONG
>> * ME_NUDE
>> * CARD
>> * SEARCHURL
>> * YOU_ARE_FAT!
>> * NEWS_DOC
>> * IMAGES
>> * PICS
>
>Best Regards
>Markus
>--
>Dr. Markus Winter
>1st Floor, Room 15
>The Liggins Institute
>University of Auckland
>Private Bag 92019
>2-6 Park Avenue
>Grafton
>Auckland
>New Zealand
>Tel: 0064 (0)9 373 7599 (wait for message then extension) 3960
>Fax: 0064 (0)9 373 7497 mobile: 021 150 9621
>------- End of forwarded message -------
>
>
>
>
