NETA news. Symptoms W32/Badtrans@MM, also known as Badtrans or Badtrans.b, is a mass-mailing Internet worm that attempts to send itself using Microsoft Outlook by replying to unread e-mail messages. When executed, Badtrans also drops a remote access Trojan, or RAT, into the users Windows directory, which attempts to mail the victim's IP address to the author. Subject: (Variable) Body Text: (May contain). Take a look to the attachment Attachment: (Variable). The worm will arrive as an attachment that is 13,312 bytes in length and takes on the form of one of the following examples: S3MSONG.DOC.scr Pics.DOC.scr HUMOR.MP3.scr Sorry_about_yesterday.MP3.pif README.MP3.scr ME_NUDE.MP3.scr fun.MP3.pif NEWS_DOC.DOC.scr docs.DOC.pif images.DOC.pif HAMSTER.DOC.pif SEARCHURL.MP3.pif Be careful out there. I did not like the fact that this is something they say can be spread without reading the e-mail. www.creditsense.com
I had this little doozy! Even if you don't have Outlook set up with an email server, you can get it and it will work - it has it's own connection to an email server set up by the person who originated it, and it is designed to steal password information from workstations as well as individual computers. All of the anti virus programs can detect it now, and even if you have it, zone alarm can keep it from working. You can check your computer for security and download the free zone alarm at https://grc.com/x/ne.dll?bh0bkyd2 thanks to whoever it was that gave out this info in chat one night! Your computer is constantly being scanned by other computers for vulnerablilities and for your personal info, believe me! I had no idea until I installed zone alarm.
I posted that for the benefit of folks like me - I use a dialup connection and thought that I was less vulnerable than folks who stay connected all the time. Not so!
The way my ISP guys put it - the folks that design these bugs prefer high speed connections, but the scanners cannot tell which is which. So, if someone with a dialup connection is online while one of the scanning programs is scanning their block of IP addresses, they can get infected with, say code red, if they are running NT, even though they are on dialup. The trojans, like the one you posted, get contacted by the programs designed to collect and store the passwords, and each trojan program on a computer like mine, will scan while I am online, for other computers to send the trojan program to. Then there are ad/marketing companies, that I suspect use some kind of spider to find email addresses or other personal information via file sharing programs in the windows TCP program. I'm not any kind of expert by a long shot, but I've been trying to educate myself, just out of curiosity, once I saw all the scanning activity.
I knew about the scanning, but I really did not think about the dial ups, it does make sense, while you are online, you are open to intrusion. Thanks again. www.creditsense.com
