Seems like there is a lot of misunderstanding and disinformation on this list about how badtrans really works. So I thought I would write and clarify as it is useful to understand what is happening if you do become infected as my computer was some time ago.
Firstly the virus can execute automatically on some versions of Outlook Express (probably the ones that ship with windows!) regardless of whether you have open attachments in preview pane turned on or off. The virus spoofs the mime type so that it appears to outlook to be a .txt file or something similar, then outlook decides it is just a harmless text file and opens it for you in the preview pane. However the filename is not really .txt (as it appears in OE) but .pif or something and as soon as windows sees it it executes it. This is nothing to do with any windows settings such as hide known file extensions, its just a feature of outlook express and there is no way to turn it off, short of upgrading or patching your copy of OE. Secondly the virus does NOT mail to people in your Outlook Express address book, its very clever and e-mals people in your mail folders from whom you have unread messages. If it mailed people from your address book it would be much more limited in who it could mail and also it would tend to stay within the same groups of people,. Mailing people you have unread mails from means it can target people who have posted to mailing lists, without even having to send a virus to the mailing list itself! Thus it can spread itself very wildely. I have only ever once been sent a virus before badtrans. I have recieved the badtrans virus getting on for about 10 times now. Basically the virus can arrive and execute with no human intervention whatsoever. I caught the virus by clicking on my inbox. The last message in my inbox had the virus. As it was the last message in my inbox, it opened automatically. The virus does not seem to mail from the default mail account as is often said. On my computer it mailed from an account that I don't use and set up for someone else. It was the first account in the list of acccount. I was able to disable the virus from mailing by setting the smtp setting to a smtp server that I couldn't access from the isp I was on. This stopped the virus from mailing people. Now it's very easy to be all smug about people who leave themselves unprotected sitting on your nice secure computer but for some people it's not so easy to run a virus checker or suchlike. I'm quite limited on diskspace usually, but having recently re-installed windows on that machine, I had some space, so I attempted to install Norton AntiVirus, unfortunatley, I only have a 9600 baud connection. Norton AntiVirus wanted to download 3mb in virus definition files. A friend of mine downloaded the virus definition files on his cable modem and gave them to me. Norton AntiVirus succesfully detected the virus, and cleaned the computer somewhat but wasn't able to actually kill the virus completlely because it obviously can't delete your system files that make the computer work. Ironically someone e-mails me and told me about a program on the symantic (makers of NAV!) site that was only 120k in size and completely cleaned my computer of this virus! NAV is still useful tho, because whenever this attachment arrives and is executed again, it deletes the file before it causes any real damage. For the record, if someone leaves their door open and sombody walks in and takes something, then I do think they have a right to feel aggreved. Just as it is wrong for someone to be stabbed to death who lives on the street without any doors (or windows ;) *groan!*) I was really worried when my computer caught the virus. I knew that I could clean up my computer and it wouldn't be that big of a problem,. But I was really worried about friends that I know who have no protection from the virus, and wouldn't know what to do or have the resources to do anything. People running very low spec hardware on which they would be unable to fit a virus checker. I was very thankful to discover that my friends mail server was itself protected with anti virus software so the mail just bounced back to me. So alls well that ends well. Ironically I've was just planning to move all my mail and intenet access to linux on my old laptop. I'm even more keen to do this now. I think the most simple answer for people who cant run antivirus software for whatever reason, or who can't afford it, is to run a different mail client that OE or outlook or anyhting from MS. Then as long as they are careful about what attachments they open, they should be safe. Hope everyone manages to clean their computers okay. wish I had the link to that symatec file to hand. It's really good. :) love Freya __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- For info, see http://www.stack.nl/~wynke/MSX/listinfo.html
