Oooops. Well, sometimes those email attachments accidentally get opened. However, if you haven't yet opened the mail from Eliza Townsend, it includes an attachment that definitely should not be opened on Windows machines. The email is infected with w32.Badtrans.B@mm, which places keystroke-logging software (a serious compromise of security) on infected computers. At this point, it appears that you will become infected _only_ if you actively open the attachment on your Windows computer.
Eliza, no hard feelings at all from me on this one -- it's not hard to become infected by various internet viruses & worms these days. I'm only writing to make sure list readers have the opportunity to take precautions. The fact is, I nearly opened the attachment myself, without thinking, in an early morning fog of consciousness -- even though my antivirus software DID catch the worm. More information follows: Symantec has upgraded its assessment of a brand new worm, W32.Badtrans.B@mm, to level 4 out of a possible 5. This worm has appeared only in the past few days, but has been spreading quickly. W32.Badtrans.B@mm can be easily prevented -- take care not to open suspicious email attachments _and_ update your virus definitions. Of course, your antivirus software must also be configured to check emails and downloads. W32.Badtrans.B@mm does not do any actual damage to your system or your data. It does, however, insert a program into your system that logs all of your keystrokes (and presumably sends them somewhere). Potentially, this makes it just as bad as if it did damage your system or data, because it may provide a hacker with information he/she could use to attack your system while you're online, or help a hacker to steal email or other passwords, credit card numbers, etc. W32.Badtrans.B@mm is propagated when infected computers are forced to send infected emails to other email addresses. According to Symantec, this worm uses specific naming conventions that may help you to recognize an attachment (of course, ANY suspicious attachment should be deleted rather than opened -- it'd be easy for a hacker to modify this worm to have different attachment names). To quote Symantec's update: > >This worm arrives as an email with one of several attachment names and a >combination of two appended extensions. > >The list of possible file names is: >HUMOR >DOCS >S3MSONG >ME_NUDE >CARD >SEARCHURL >YOU_ARE_FAT! >NEWS_DOC >IMAGES >PICS > >The first extension that is appended to the file name is one of the >following: >.DOC >.MP3 >.ZIP > >The second extension that is appended to the file name is one of the >following: >.pif >.scr > >The resulting file name would look something like this: >CARD.DOC.PIF >NEWS_DOC.MP3.SCR >etc. > Symantec's full update on this worm can be found at http:[EMAIL PROTECTED] In light of the potential security risk that this worm poses, now would be a great time for all of us to update our virus definitions, run a system scan, and make sure our antivirus software is properly checking your incoming email. If you don't have antivirus software, I strongly recommend getting some. In this day and age we all need it. -- Eric Johnson Eric Johnson Colorado Environmental Coalition 1536 Wynkoop #5C Denver, CO 80202 ------------------ Reminder to each recipient: To change your list account preferences, go to http://email.sparklist.com/scripts/lyris.pl?enter=support and enter the email address you used to subscribe to the ebase support list:: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] --------------------------------------------------------------------- ebase - Relationship Management for Nonprofits, http://www.ebase.org ---------------------------------------------------------------------
