This past week I have received no less than 8 e-mails with a virus attached. These came from genealogy and gardening contacts. Since I use a Macintosh computer they do not affect me. However to be on the safe side I delete without opening any e-mail with a file extention that I do not recognize. Below is an e-mail that was sent out on my gardening list. Its explains the viruses and give the extention names to watch for. Maradee Liggin Cryer ...................................................... <<Just wanted to warn you all, there seems to be a rash of virus/worms spreading like wild fire through the gardening groups.  I have received at least a dozen infected emails today, and there are messages rampant on my gesneriads and fern-net groups. From what I have read, this is not a particularly dangerous or damaging virus, it simply keeps going from one person to another.  Here is what it says about it on my virus protection site:   Win32.Badtrans.29020 Alias: W32.Badtrans.B@mm, W32/Badtrans@MM Category: Win32 Type: WormWild: Destructiveness: Pervasiveness: CHARACTERISTICS Win32.Badtrans.29020 is a worm spreading via e-mail. The worm replies to all unread messages and attaches itself using a name constructed from three parts. The first part is one of the following strings: fun Humor docs info Sorry_about_yesterday Me_nude Card SETUP stuff YOU_are_FAT! HAMSTER news_doc New_Napster_Site README images Pics The second part is chosen from the following list: MP3 ZIP DOC The virus adds another extension to the attachment and selects it from two possible types: pif scr When a user opens the attachment, the worm copies itself to the Windows System directory as:  Kernel32.exe and modifies the registry in order to execute it at the next reboot: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\RunOnce\Kernel32 = kernel32.exe Additionally, Win32.Badtrans.29020 worm drops a 5632-byte file KDLL.DLL in the Windows System directory. Similar to other worms that have recently been spreading in the wild (such as Nimda and Aliz), Badtrans.29020 also exploits a known security exploit in Internet Explorer. When a user views an HTML e-mail carrying the worm, Internet Explorer may launch the attached program executing the Badtrans.29020 code. This is due to the "Incorrect MIME Header" vulnerability in Microsoft Internet Explorer 5.01 and 5.5. For a detailed description of this security hole and links to the appropriate patches, please visit: http://www.microsoft.com/technet/default.asp? url=/technet/security/bulletin/MS01-020.asp