[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: [at-l] Possible Virus?

Subject: FW: [at-l] Possible Virus?
From: jbkramer@afn.org (Bryan Kramer)
Date: Mon, 10 Dec 2001 18:38:17 -0500
In-Reply-To: <3C153862.4DF43FB3@mindspring.com>

Badtrans alters the return address of the infected mail. From

http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@m
m.html

"The worm writes email addresses to the %System%\Protocol.dll file to
prevent multiple emails to the same person. Additionally, the underscore
( _ ) character is prepended to the sender's email address, which
prevents replying to infected mails to warn the sender (for example,
user@website.com becomes _user@website.com)."

So the clue was that replies bounced. Also Badtrans is very widely
distributed right now. I have not seen Goner yet.

Bryan

> -----Original Message-----

> 
> Bryan,
> What is the clue it is Badtrans?
> Jan
>

Prev by Date: [at-l] Happy Chocolate day!
Next by Date: [at-l] Possible Virus?
Prev by thread: [at-l] Possible Virus?
Next by thread: FW: [at-l] Possible Virus?
Index(es):
- Date
- Thread