[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: [at-l] Possible Virus?
- Subject: FW: [at-l] Possible Virus?
- From: jbkramer@afn.org (Bryan Kramer)
- Date: Mon, 10 Dec 2001 18:38:17 -0500
- In-Reply-To: <3C153862.4DF43FB3@mindspring.com>
Badtrans alters the return address of the infected mail. From
http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@m
m.html
"The worm writes email addresses to the %System%\Protocol.dll file to
prevent multiple emails to the same person. Additionally, the underscore
( _ ) character is prepended to the sender's email address, which
prevents replying to infected mails to warn the sender (for example,
user@website.com becomes _user@website.com)."
So the clue was that replies bounced. Also Badtrans is very widely
distributed right now. I have not seen Goner yet.
Bryan
> -----Original Message-----
>
> Bryan,
> What is the clue it is Badtrans?
> Jan
>