Re: [CTRL] VIRUS ALERT: BadTrans computer virus strikes
-Caveat Lector- Mr. Kalivis write me off list for I could not write to under your present address for some reason. Found something connected to a person on this list and it was so full of virus that ech time I tried to go a little further - each time my web TV would turn off..with the web you are protected for when there is a virus I found out, the web is turned off. I could not send this item to list though for someone to check out as each item is contaminated. Sent this information on for my web to check out to see what this is and if it is just another accident. It came from boohoo.demon.co.uk Maybe boohoo is not aware of this? But anyone checking out boohoo.demon.co.uk be prepared to be in one big mess for this item on Google is loaded. Presumable little Boohoo does not know of this? Whoever he might be. Saba Please write me off list Mr. Kaliva A HREF=http://www.ctrl.org/;www.ctrl.org/A DECLARATION DISCLAIMER == CTRL is a discussion informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substancenot soap-boxingplease! These are sordid matters and 'conspiracy theory'with its many half-truths, mis- directions and outright fraudsis used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html A HREF=http://peach.ease.lsoft.com/archives/ctrl.html;Archives of [EMAIL PROTECTED]/A http:[EMAIL PROTECTED]/ A HREF=http:[EMAIL PROTECTED]/;ctrl/A To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
Re: [CTRL] VIRUS ALERT: BadTrans computer virus strikes
-Caveat Lector- Chances are, Saba, boohoo was probably not an originator, unless the headers are forged, and, even then, possibly not. Most email worms are replicated from the worm going through the address book, once activated, and automatically emailing everyone in the book. Chances are boohoo got the worm and didn't know it, or didn't know how to control it. People, go to zonealarm.com and get their free firewall, which will, at the very least, prevent control of your computer through drones. And get some virus protection - it's like safe sex, but not as enjoyable, I would admit. - jt - Original Message - From: Saba [EMAIL PROTECTED] Mr. Kalivis write me off list for I could not write to under your present address for some reason. Found something connected to a person on this list and it was so full of virus that ech time I tried to go a little further - each time my web TV would turn off..with the web you are protected for when there is a virus I found out, the web is turned off. I could not send this item to list though for someone to check out as each item is contaminated. Sent this information on for my web to check out to see what this is and if it is just another accident. It came from boohoo.demon.co.uk Maybe boohoo is not aware of this? But anyone checking out boohoo.demon.co.uk be prepared to be in one big mess for this item on Google is loaded. Presumable little Boohoo does not know of this? Whoever he might be. A HREF=http://www.ctrl.org/;www.ctrl.org/A DECLARATION DISCLAIMER == CTRL is a discussion informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substancenot soap-boxingplease! These are sordid matters and 'conspiracy theory'with its many half-truths, mis- directions and outright fraudsis used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html A HREF=http://peach.ease.lsoft.com/archives/ctrl.html;Archives of [EMAIL PROTECTED]/A http:[EMAIL PROTECTED]/ A HREF=http:[EMAIL PROTECTED]/;ctrl/A To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
Re: [CTRL] VIRUS ALERT: BadTrans computer virus strikes
-Caveat Lector- you are a total liar colleen i certainly don't have a virus- and if i did send something to the list then i would be glad if i was told- so i could do something about it. you twat. show some proof or shut your mouth c. - Original Message - From: Joshua Tinnin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 29, 2001 6:28 PM Subject: Re: [CTRL] VIRUS ALERT: BadTrans computer virus strikes -Caveat Lector- Chances are, Saba, boohoo was probably not an originator, unless the headers are forged, and, even then, possibly not. Most email worms are replicated from the worm going through the address book, once activated, and automatically emailing everyone in the book. Chances are boohoo got the worm and didn't know it, or didn't know how to control it. People, go to zonealarm.com and get their free firewall, which will, at the very least, prevent control of your computer through drones. And get some virus protection - it's like safe sex, but not as enjoyable, I would admit. - jt - Original Message - From: Saba [EMAIL PROTECTED] Mr. Kalivis write me off list for I could not write to under your present address for some reason. Found something connected to a person on this list and it was so full of virus that ech time I tried to go a little further - each time my web TV would turn off..with the web you are protected for when there is a virus I found out, the web is turned off. I could not send this item to list though for someone to check out as each item is contaminated. Sent this information on for my web to check out to see what this is and if it is just another accident. It came from boohoo.demon.co.uk Maybe boohoo is not aware of this? But anyone checking out boohoo.demon.co.uk be prepared to be in one big mess for this item on Google is loaded. Presumable little Boohoo does not know of this? Whoever he might be. A HREF=http://www.ctrl.org/;www.ctrl.org/A DECLARATION DISCLAIMER == CTRL is a discussion informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substancenot soap-boxingplease! These are sordid matters and 'conspiracy theory'with its many half-truths, mis- directions and outright fraudsis used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html A HREF=http://peach.ease.lsoft.com/archives/ctrl.html;Archives of [EMAIL PROTECTED]/A http:[EMAIL PROTECTED]/ A HREF=http:[EMAIL PROTECTED]/;ctrl/A To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om A HREF=http://www.ctrl.org/;www.ctrl.org/A DECLARATION DISCLAIMER == CTRL is a discussion informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substancenot soap-boxingplease! These are sordid matters and 'conspiracy theory'with its many half-truths, mis- directions and outright fraudsis used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html A HREF=http://peach.ease.lsoft.com/archives/ctrl.html;Archives of [EMAIL PROTECTED]/A http:[EMAIL PROTECTED]/ A HREF=http:[EMAIL PROTECTED]/;ctrl/A To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
[CTRL] VIRUS ALERT: BadTrans computer virus strikes
Note: forwarded message attached. = ~~~ Wherever you see media wrapped around media wrapped around media, you know there's a meme in there somewhere. - Douglas Rushkoff from Media Virus http://www.connix.com/%7Ewbrady/psyche4.htm http://www.pieman.org/ http://www.webcom.com/%7epinknoiz/covert/seberg.html __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ---BeginMessage--- Tuesday, 27 November, 2001, 12:14 GMT BadTrans computer virus strikes http://news.bbc.co.uk/hi/english/sci/tech/newsid_1678000/1678578.stm Be careful whatyou type, Badtrans could be watching A sneaky Windows computer virus is circulating that tries to install software that monitors what users are typing and passes it to the malicious program's creator. Like many of the other computer viruses that have struck in recent months, BadTrans-B attempts to spread by exploiting weaknesses in Microsoft e-mail programs. One anti-virus company has caught over 20,000 copies of the virus in the last 24 hours. The UK, Germany and US are the countries most seriously infected by the virus. Old holes The BadTrans-B virus is spreading swiftly because, unlike many other e-mail viruses, the pernicious payload that helps it raid Microsoft Outlook address books does not have to be clicked on to set it off. Simply previewing the item could cause infection. The loophole the virus exploits was first discovered in early 2001. It's baffling to find that even though Microsoft secured that hole eight months ago, many users have still not applied the patch, said Graham Cluley of anti-virus firm Sophos. When the virus mails itself to the contacts in the address books it raids, the virus uses a subject line from an existing message to make it appear to be a legitimate reply. The virus also regularly swaps the name of the attachment travelling with it, in an attempt to conceal its pernicious payload. BadTrans-B is a variant of the original BadTrans virus that was first discovered in April. BT Openworld error As well as raiding Outlook and Outlook Express address books, the virus also tries to implant a hidden program that tries to send an identifying net address to the author of the virus. The hidden program also monitors what users are typing and the information it tracks could be used by a malicious hacker to steal credit card information or passwords for websites. Britain seems to have been hit hard by the BadTrans-B Windows virus. Anti-virus firm Message Labs, which logs the numbers of pernicious programs it traps, has caught over 21,000 copies of BadTrans-B in the last 24 hours. Over 50% of these originated in Britain. The spread of the virus was inadvertently helped by BT Openworld, which accidentally e-mailed a copy of the virus to its customers. === F-Secure Virus Descriptions NAME: BadTrans.B ALIAS: BadtransII, I-Worm.BadtransII, W95/Badtrans.B@mm http://www.f-secure.com/v-descs/badtrs_b.shtml Information about the original W95/Badtrans is available at: http://www.F-Secure.com/v-descs/badtrans.shtml Disinfection instructions for Badtrans.b worm can be found here: http://www.europe.f-secure.com/v-descs/bt_b_dis.shtml Badtrans.B e-mail worm has been found from several locations in Europe on 24th of November 2001. This worm sends variably named attachments which might execute automatically when the emails are viewed. Badtrans.B is spreading under Win32 systems. The virus sends email messages with infected attached files, as well as installs spying trojan component to steal information from infected systems. The worm itself is Win32 executable file (PE EXE file). It was found in-the-wild in compressed form, and has about 29Kb of size. Being decompressed the worm file length gets about 60Kb of size. The worm consists of two main components - Worm and Trojan. The Worm component sends infected messages, the Trojan component sends out the information (user's info, RAS data, cached passwords, keyboard log) from infected computers to specified email address. It also keeps leylogger program body in its code and installs it into the system while infecting a new machine. Infecting the system When an infected file is run (when a user clicks on attached file and activates it, or if the worm gets control through IFRAME security breach) the worm code gets control. First of all the worm drops (installs) its components to the system and registers them in system registry. The installed trojan file name, the target directory and registry key are optional. They are stored in encrypted form in trojan file at the file end. A hacker may configure them before sending it to a victim machine, or before put it on a web site. The worm also drops additional keyboard hooker (Win32 DLL file) to the system and the uses that to spy on text entered by keyboard. The DLL file
Re: [CTRL] VIRUS ALERT: BadTrans computer virus strikes
-Caveat Lector- Why would I open an attachment containing a virus alert? I got clobbered by a virus I got from this list. Why are so many of the messages from CTRL packaged in attachments? Note: forwarded message attached. = ~~~ Wherever you see media wrapped around media wrapped around media, you know there's a meme in there somewhere. - Douglas Rushkoff from Media Virus http://www.connix.com/%7Ewbrady/psyche4.htm http://www.pieman.org/ http://www.webcom.com/%7epinknoiz/covert/seberg.html __ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 A HREF=http://www.ctrl.org/;www.ctrl.org/A DECLARATION DISCLAIMER == CTRL is a discussion informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substancenot soap-boxingplease! These are sordid matters and 'conspiracy theory'with its many half-truths, mis- directions and outright fraudsis used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html A HREF=http://peach.ease.lsoft.com/archives/ctrl.html;Archives of [EMAIL PROTECTED]/A http:[EMAIL PROTECTED]/ A HREF=http:[EMAIL PROTECTED]/;ctrl/A To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
