Just FYI for all the list subscribers... as always, NEVER open an attachment you receive via email that you are not expecting and even then, scan before opening! The problem with the virus mentioned below is that SOME computers (which aren't patched properly) can execute it without the user's knowledge. Please, everyone, update your virus software TODAY and scan for this virus... As always, you CANNOT recieve this virus from the Rootsweb list itself, but you might receive it directly from an infected person's computer if they have an email you have sent in the past. While this subject is off-topic (and therefore NOT to be discussed on the list...) it is a serious enough threat to warrant passing on to everyone. As always, if you wish to discuss this or other "warnings" you have received, please address them to me personally at christib@satx.rr.com and don't send them to the list. Thanks! Christi Any family tree produces some lemons, some nuts and a few bad apples Visit our homepage: http://christi.is.dreaming.org Visit our genealogy pages: http://genealogy.webhop.org Beware Badtrans.B By Robert Vamosi, ZDNet Reviews November 26, 2001 10:24 AM PT URL: http://www.zdnet.com/products/stories/reviews/0,4161,2825280,00.html A revised version of the Badtrans worm from April 2001 is loose on the Internet. Badtrans.B behaves in a similar manner to the original, loading a password-stealing Trojan horse that can log keystrokes and reveal password and credit card information to malicious users. However, this version uses a vulnerability in Internet Explorer that automatically opens the e-mail attachments when previewed. Reports from all over the world state that this worm is spreading. Because the worm sends e-mail and automatically executes on some computers, Badtrans.B ranks a 6 on the ZDNet Virus Meter. How it works Badtrans.B arrives as e-mail. It replies to old e-mail, so the subject line is one that someone has already sent you, so you might be inclined to open it. The e-mail message itself is empty. Badtrans.B includes an attached file whose name is created from the following list: FUN HUMOR DOCS S3MSONG Sorry_about_yesterday ME_NUDE CARD SETUP SEARCHURL YOU_ARE_FAT! HAMSTER NEWS_DOC New_Napster_Site README IMAGES PICS The attachment is a DOC, MP3, or ZIP file, with a second extension of either SCR or PIF. For example, an attached file might be named Readme.doc.scr. Users need not open the attached file to infect their machines. Badtrans uses a known vulnerability in Internet Explorer that automatically opens attachments. In this case, the attached file contains Troj.PWS-AV, a password-stealing Trojan horse. Troj.PWS-AV records all keystrokes and the application name where a keystroke was typed, storing it in encrypted form. The Trojan then connects to a SMTP server to send the log file to a Hotmail e-mail address. Prevention Badtrans.B uses a known vulnerability in Outlook Express that is included in Internet Explorer 5.01 and 5.5. Microsoft has released a patch. Users who have not loaded the patch are encouraged to do so or to upgrade to Internet Explorer 6. Removal Most antivirus software companies have updated their signature files to include this worm. For more information on removing this worm from your system, see Central Command, F-Secure, Kaspersky,McAfee, Sophos, Symantec, or Trend Micro. Symantec's website: http://www.sarc.com McAfee's website: http://www.mcafee.com