Dear listers, Virus warnings are generally off-topic here and I don't want to change that. However, occasionally it is necessary to say something. This is one of those times. I'm not opening the topic for discussion, if you have any questions, please email me privately and I'll be happy to try and answer them. If anyone from this list becomes infected, I will notify you & unsubscribe you until you can prove to me you are clean. Please remember that this virus is NOT being sent through our list, but because we communicate with each other through the list and outside of it as well, our email address are in each other's computers. All that said........ There is a new, very fast spreading virus that is especially nasty because for many recipients, there is NO ATTACHMENT. The virus is EMBEDDED within the email body. It is called the W32BADTRANS.B@MM virus and McAfee has given it HIGH RISK status. I have received countless emails with it since yesterday. It is quite different from the original "W32/BadTrans@MM" virus. : : First, here's how it works. When a user becomes infected, the next time : he/she reboots the computer, the virus goes through the user's email : program and looks for unread emails in all the mailboxes. It picks some : of these, makes a reply to them, and sends itself. : : It uses the infected persons email address as the sender, : BUT it adds "_" (underscore) before the real address. The subject line : will probably have nothing but "RE:" (nothing else). (In a few of the : emails I have received, there WERE subject lines, so you really can't count : on seeing only RE:.) The body of the email will be completely blank. There : are no attachments, so there is nothing to click. The virus is embedded in : the body, with cute code to hide it; the recipient never sees anything but a : totally blank message. The virus makes use of the ms01-027 exploit, which means : that the virus can execute on READING or PREVIEWING the email from within : OutLook - it is not necessary to double click on any attachment, since the email : contains no TEXT or ATTACHMENT. The virus is EMBEDDED in the body, but : formatted NOT to appear, thus you get a completely blank message if you : WERE to open it, which would mean you are already infected when you open : the email unless your AV protection data files are up to date as of yesterday (Nov. : 26). : In addition, the virus tries to dig through the infected person's computer and send : email addresses, credit card numbers, bank account numbers, passwords, etc., : back to the writer of the virus. : There is a problem with people who have their email program set to show both : their name and email address in the FROM: header. If such a person : is infected, mail from him/her will show, in the header, something like : the following: : : "John Doe" <_johndoe@wherever.com> : : The FROM: element in the header you see before you open the email : will show only "John Doe". That's a problem. Either set up a filter : to divert infected emails to a separate mailbox, or make sure your system : is COMPLETELY protected before you open or preview any more emails. : Anyone using OUTLOOK (not Outlook Express) will infect his/her : computer if he/she merely OPENS (reads) or PREVIEWS the email. : The email has no attachment to click to activate it; it is activated by : opening it, by the hidden HTML code in the email, IF you haven't done all the : following: : : 1) Installed an Anti-Virus (AV) program; : 2) Kept it updated with the latest data files; DAILY!! : 3) Have your AV program configured properly to detect email viruses; : 4) Downloaded and installed the MS patches for MSIE 5.01 and 5.5. : : The patch to fix this exploit has been available from Microsoft since May : 16, 2001 !!!!!!!!!! : : Where to read the Microsoft Bulletin MS01-027, dated May 16, 2001, : and links for downloading the patch for MSIE 5.01 and 5.5: : < http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bu lletin/MS01-027.asp> : : Where to read about the W32/BadTrans.b@MM Virus: : <http://www.mcafee.com/anti-virus/viruses/badtrans/default.asp?cid=2607> : <http://www.messagelabs.com/viruseye/report.asp?id=86> : : Evidently, MSIE 6.0 is not affected, since all the patches for 5.01 and 5.5 : were incorporated into it. But, to be sure, make sure you go to the : Windows Update page and check to see which patches your system : needs. : : <http://windowsupdate.microsoft.com/> (Thanks to Sgt. George from the virus discussion list for the above explanation of this virus in layman's terms.) Please, Please keep your anti-virus (AV) program up-to-date. There are many new viruses released each day that won't be caught by outdated files. Sharon CAMARIPO ListMom