MyMp3Board.com Forum Index
 
http://forum.mymp3board.com MyMp3Board.com   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in 

BAD ONE!!!

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    MyMp3Board.com Forum Index -> BLAH-ARCHIVES
View previous topic :: View next topic  
Author Message
johnranger13



Joined: 27 Nov 2001
Posts: 2

PostPosted: Tue Nov 27, 2001 9:00 pm    Post subject: BAD ONE!!! Reply with quote

A new variant of Badtrans has been discovered, referred to as Badtrans.b. AVERT has raised the Risk Assessment on this variant of W32/Badtrans@MM to High Risk for Consumers. Many reports have been received from home users that they have become infected. It is believed that failure to update recently has caused this increase in occurrence.

NOTE: I received an email from Italy today with the virus hidden in it; BUT because I had my anti-virus software set to scan any email and email attachments, I was warned and prevented from opening the infected message.

--------------------------------------------------------------------------------

How it works

W32/Badtrans@MM is a mass-mailing worm that drops a remote-access Trojan. The virus arrives via email in Microsoft Outlook and attempts to send itself by replying to unread email messages. The email may contain the text "Take a look to the attachment" in the message body and will contain an attachment that is 13,312 bytes in length. The attachment name is created from three sections:

The first part is chosen from the possibilities:

fun Humor

docs

info

Sorry_about_yesterday

Me_nude

Card

SETUP stuff

YOU_are_FAT!

HAMSTER

news_doc

New_Napster_Site README

images

Pics

The second part is chosen from the possibilities:

.DOC.

.MP3.

.ZIP.

and the last part from the possibilities:

pif

scr

This new variant also uses the iframe exploit and incorrect MIME header to run automatically on unpatched systems. See Microsoft Security Bulletin (MS01-020) for more information and a patch.

What It Can Do

If the attachment is opened, the worm displays a message box entitled, "Install error" which reads, "File data corrupt: probably due to a bad data transmission or bad disk access." A copy is saved into the WINDOWS directory as INETD.EXE and an entry is entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL) are written to the WINDOWS SYSTEM directory, and a registry entry is created to load the Trojan upon system startup. HKLMSOFTWAREMicrosoftWindowsCurrentVersion RunOncekernel32=kern32.exe

Once running, the Trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the Trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords.

--------------------------------------------------------------------------------

Get protected. If you don't already have virus protection software on your machine, you should. If you're a home or individual user, it's as easy as downloading any of these top-rated programs then following the installation instructions. If you're on a network, check with your network administrator first.

Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the antivirus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.

Update your antivirus software. Now that you have virus protection software installed, make sure it's up-to-date. Some antivirus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat.




Back to top
View user's profile Send private message
MP3Hewer



Joined: 09 Nov 2001
Posts: 239

PostPosted: Tue Dec 04, 2001 7:57 pm    Post subject: Re: BAD ONE!!! Reply with quote

Thanks J.D.R.!:D

Back to top
View user's profile Send private message
BLoSSoMeD PeTaLL



Joined: 13 Dec 2001
Posts: 8

PostPosted: Thu Dec 13, 2001 10:04 am    Post subject: Re: BAD ONE!!! Reply with quote

yeah thanks !








sExY_eMiNeM_cHiCk12@eminem.com




EMAIL ME!
Naokly Loves Sonya & Sonya Loves Naokly


Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    MyMp3Board.com Forum Index -> BLAH-ARCHIVES All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Template designed by Darkmonkey Designs

Anti Bot Question MOD - phpBB MOD against Spam Bots
Blocked registrations / posts: 152185 / 0