This was found at http://www.msnbc.com/news/663187.asp?0dm=C15OT&cp1=1#BODY At the end of this MSNBC report are some great tips on virus prevention. Nov. 26 - Computer security experts say a fast-spreading e-mail worm called Badtrans infected thousands of computers across Europe and in the United States on Monday. The worm uses several clever methods of duping a victim into infection - in some cases, users don't even have to open an e-mail. After infection, the malicious program installs software that watches what the victim types and attempts to steal private information. THE WORM WAS first discovered during the holiday weekend in the U.S., but was given a low-risk rating then. With a wide outbreak of infections occurring early Monday, most anti-virus firms have now raised their risk assessment. "It's by no means a 'Nimda' or a 'Code Red,' but it is catching an awful lot of people," said Roger Thompson, virus expert at TruSecure Corp. E-mail filtering firm MessageLabs Inc. said it had trapped over 15,000 copies of the worm on Monday, with infections reported from 66 different countries - most in the United States, the United Kingdom, and Germany. A spokesperson for McAfee.com said infections were "in the thousands." The worm employs clever social engineering tactics to trick users into infecting themselves. Once it infects a machine, it replies to any unread e-mail in the victim's Microsoft Outlook in-box. The subject line will mirror the original subject line, and the message body is a "reply-to" of the original sender's message, giving the infected e-mail a look of authenticity. It then asks the recipient to "take a look at the attachment." The attachment can have one of several names, according to F-secure. Pics.ZIP.scr images.pif README.TXT.pif New_Napster_Site.DOC.scr news_doc.scr hamster.ZIP.scr YOU_are_FAT!.TXT.pif searchURL.scr SETUP.pif Card.pif Me_nude.AVI.pif Sorry_about_yesterday.DOC.pif s3msong.MP3.pif docs.scr Humor.TXT.pif fun.pif McAfee.com suggested in its press release that the attachment file names might trick home users sending holiday e-mail to family and friends because the names include words like "Pics," "News," "Cards" and "Images." Viruses & Vulnerabilities . Microsoft admits flaw in Passport . Bug of the Day The worm also exploits a flaw in some versions of Microsoft's Outlook Express that automatically runs programs contained in e-mail as soon as they are viewed in the Outlook Express preview pane. That accounts for some of the worm's success in spreading, Thompson said. Outlook users can fix that flaw by downloading a patch available at Microsoft's Web site After infection, the worm attempts to send the victim's IP address to an anonymous e-mail account that likely belongs to the worm's author. The worm also installs a "keylogger" program, according to McAfee.com, which can capture and store personal data, such as credit card numbers and passwords. The Badtrans virus was first discovered in January, Thompson said, but this new variant - Badtrans.B - was released in compressed form, meaning it evades detection by older antivirus software. Corporations and home users need to update their antivirus programs to protect against the worm. In the last four attachments that I've received from people I don't know have contained viruses. Thankfully I've got Norton which took care of the problem. Please scan your attached emails and don't open those attachments from people you don't know. Better yet, don't open them at all. A great website that provides a free virus scan is http://www.pcpitstop.com Also, an investment in Norton is worth it's weight in gold. When Norton gives you the option to delete or quarentine and you decide to quarentine rather than the safer option of deleting.... select the quarentine option. You will then have a screen that will allow you to scan it. I do not recommend saving the file to disk or opening it until you've got it fixed. any email that I recieve that Norton says it has a virus. I delete it and politley send the sender an email telling them that they came through with a virus, and ask them to resend it once they are virus free. The best bet is to copy and paste in the body of the email, therefore there are no attachments. I practice this and rarely send an attachment to anyone. If you are sending pictures, save the picture in a .gif file and insert it into the body of the text. If the receiver chooses to make the picture a permanent part of his/her picture library or however they store pictures, they may take the picture out of the body of the email. For reports, copy and paste your information in the text of email. When you do that you can be sure that you are not sending a virus and the receiver knows that they are not receiving one. If you haven't invested in Norton or an antivirus program, please do so as in genealogy we tend to send A LOT of emails and receive attatchments daily. Norton is worth it's weight in gold. Cathie ----- Original Message ----- From: "Harvey Norris" <[email protected]> To: <[email protected]> Sent: Tuesday, November 27, 2001 11:44 AM Subject: [NCWATAUG] Rotens > Someone who has sent this e-mail is being notified that it contains a virus.I rec'd it twice.Norton was unable to repair it and it had to be deleted.It has an attachment titled unknown something.Do not open it. > > > ==== NCWATAUG Mailing List ==== > Watauga County NCGenWeb > http://www.geocities.com/familysnooper/Wata_county.html > >